Re-deploy the venv if it mismatches the repo

We currently have two issues with venvs: - if you update your venv on the repo server, it is not possible for that updated venv to land on the service's container as the get_url task always skips if the file exists (even if the file is different) - if you have an updated venv on the repo server and forcefully delete the cached venv tarball on the service's container, the new tarball will get unarchived over top of the existing venv This commit does the following: - gets the checksum of the /var/cache tarball and downloads checksum file from repo server - updates "Attempt venv download" to only download the venv if the cache doesn't exist or if the local and remote checksums differ - adds a "force: true" to "Attempt venv download" task so that the venv tarball will get re-downloaded when the when condition is true (this is necessary otherwise the download will get skipped since the destination already exists) - adds a new task "Remove existing venv" so we can first remove the venv before we unarchive the potentially new venv from the repo server - updates "Create neutron venv dir" and "Unarchive pre-built venv" tasks to only proceed if "neutron_get_venv | changed", which prevents these tasks from running when they the venv tarball hasn't changed - adds multiple service restarts to os_neutron/tasks/neutron_install.yml so that neutron will restart correctly should the venv/packages update without any associated config changes NOTE: The reason why we compare local and remote checksum is to avoid unnecessarily downloading the venv when the checksums are in fact the same. On small deploys this is more or less a non-issue but if a deploy w/ thousands of compute nodes re-runs playbooks we want to limit the venv downloads when it's unnecessary. Change-Id: Ie0ba2956e5bf90cec6615171b50a2397c7624257
2016-03-21 16:26:58 +00:00 · 2016-03-21 16:26:58 +00:00 · 394bc02e44
commit 394bc02e44
parent 75e85cff4c
2 changed files with 107 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -113,6 +113,8 @@ ironic_recreate_keys: False

 ironic_bin: "{{ ironic_venv_bin }}"

+ironic_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/ironic.tgz
+
 ironic_common_apt_packages:
  - python-dev
  - python-pip
@ -122,6 +124,7 @@ ironic_requires_pip_packages:
  - virtualenv
  - virtualenv-tools
  - python-keystoneclient # Keystoneclient needed for the OSA keystone lib
+  - httplib2 # for Ansible's uri module

 ironic_pip_packages:
  - MySQL-python
--- a/tasks/ironic_install.yml
+++ b/tasks/ironic_install.yml
@ -71,6 +71,107 @@
    - ironic-install
    - ironic-pip-packages

+- name: Get local venv checksum
+  stat:
+    path: "/var/cache/{{ ironic_venv_download_url | basename }}"
+    get_md5: False
+  when:
+    - not ironic_developer_mode | bool
+    - ironic_venv_enabled | bool
+  register: local_venv_stat
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
+- name: Get remote venv checksum
+  uri:
+    url: "{{ ironic_venv_download_url | replace('tgz', 'checksum') }}"
+    return_content: True
+  when:
+    - not ironic_developer_mode | bool
+    - ironic_venv_enabled | bool
+  register: remote_venv_checksum
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
+# TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
+#       a) allow us to remove force: yes
+#       b) allow the module to calculate the checksum of dest file which would
+#          result in file being downloaded only if provided and dest sha256sum
+#          checksums differ
+- name: Attempt venv download
+  get_url:
+    url: "{{ ironic_venv_download_url }}"
+    dest: "/var/cache/{{ ironic_venv_download_url | basename }}"
+    force: yes
+  ignore_errors: true
+  register: get_venv
+  when:
+    - not ironic_developer_mode | bool
+    - ironic_venv_enabled | bool
+    - (local_venv_stat.stat.exists == False or
+        {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
+- name: Set ironic get_venv fact
+  set_fact:
+    ironic_get_venv: "{{ get_venv }}"
+  when: ironic_venv_enabled | bool
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
+- name: Remove existing venv
+  file:
+    path: "{{ ironic_venv_bin | dirname }}"
+    state: absent
+  when:
+    - ironic_venv_enabled | bool
+    - ironic_get_venv | changed
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
+- name: Create ironic venv dir
+  file:
+    path: "{{ ironic_venv_bin | dirname }}"
+    state: directory
+  when:
+    - not ironic_developer_mode | bool
+    - ironic_venv_enabled | bool
+    - ironic_get_venv | changed
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
+- name: Unarchive pre-built venv
+  unarchive:
+    src: "/var/cache/{{ ironic_venv_download_url | basename }}"
+    dest: "{{ ironic_venv_bin | dirname }}"
+    copy: "no"
+  when:
+    - not ironic_developer_mode | bool
+    - ironic_venv_enabled | bool
+    - ironic_get_venv | changed
+  notify: Restart ironic services
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
+- name: Update virtualenv path
+  command: >
+    virtualenv-tools --update-path=auto {{ ironic_venv_bin | dirname }}
+  when:
+    - not ironic_developer_mode | bool
+    - ironic_venv_enabled | bool
+    - ironic_get_venv | success
+  tags:
+    - ironic-install
+    - ironic-pip-packages
+
 - name: Install pip packages (venv)
  pip:
    name: "{{ item }}"
@ -85,7 +186,8 @@
  with_items: ironic_pip_packages
  when:
    - ironic_venv_enabled | bool
-    - ironic_developer_mode | bool
+    - ironic_get_venv | failed or ironic_developer_mode | bool
+  notify: Restart ironic services
  tags:
    - ironic-install
    - ironic-pip-packages
@ -103,6 +205,7 @@
  when:
    - not ironic_venv_enabled | bool
    - not ironic_developer_mode | bool
+  notify: Restart ironic services
  tags:
    - ironic-install
    - ironic-pip-packages