diff options
author | juanvallejo <jvallejo@redhat.com> | 2017-02-22 19:13:20 -0500 |
---|---|---|
committer | juanvallejo <jvallejo@redhat.com> | 2017-03-23 12:01:01 -0400 |
commit | d6e3f266e30cd88b750b574e1b21e469b4cd3167 (patch) | |
tree | cb976b8d8b4e6b1d2ded6bf619102d04aebef5db /roles | |
parent | 27e47d32dc795dd27e901ca8618c90b7c1303547 (diff) | |
download | openshift-d6e3f266e30cd88b750b574e1b21e469b4cd3167.tar.gz openshift-d6e3f266e30cd88b750b574e1b21e469b4cd3167.tar.bz2 openshift-d6e3f266e30cd88b750b574e1b21e469b4cd3167.tar.xz openshift-d6e3f266e30cd88b750b574e1b21e469b4cd3167.zip |
add docker_image_availability check
This patch adds a check to ensure that required docker images are
available in at least one of the registries supplied in an installation
host. Images are available if they are either already present locally,
or able to be inspected using Skopeo on one of the configured
registries.
Diffstat (limited to 'roles')
3 files changed, 193 insertions, 0 deletions
diff --git a/roles/openshift_health_checker/action_plugins/openshift_health_check.py b/roles/openshift_health_checker/action_plugins/openshift_health_check.py index 0411797b1..8b23533c8 100644 --- a/roles/openshift_health_checker/action_plugins/openshift_health_check.py +++ b/roles/openshift_health_checker/action_plugins/openshift_health_check.py @@ -74,6 +74,7 @@ class ActionModule(ActionBase): result["failed"] = True result["msg"] = "One or more checks failed" + result["changed"] = any(r.get("changed", False) for r in check_results.values()) return result def load_known_checks(self): diff --git a/roles/openshift_health_checker/library/docker_info.py b/roles/openshift_health_checker/library/docker_info.py new file mode 100644 index 000000000..7f712bcff --- /dev/null +++ b/roles/openshift_health_checker/library/docker_info.py @@ -0,0 +1,24 @@ +# pylint: disable=missing-docstring +""" +Ansible module for determining information about the docker host. + +While there are several ansible modules that make use of the docker +api to expose container and image facts in a remote host, they +are unable to return specific information about the host machine +itself. This module exposes the same information obtained through +executing the `docker info` command on a docker host, in json format. +""" + +from ansible.module_utils.docker_common import AnsibleDockerClient + + +def main(): + client = AnsibleDockerClient() + + client.module.exit_json( + info=client.info(), + ) + + +if __name__ == '__main__': + main() diff --git a/roles/openshift_health_checker/openshift_checks/docker_image_availability.py b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py new file mode 100644 index 000000000..7a7498cb7 --- /dev/null +++ b/roles/openshift_health_checker/openshift_checks/docker_image_availability.py @@ -0,0 +1,168 @@ +# pylint: disable=missing-docstring +from openshift_checks import OpenShiftCheck, get_var + + +class DockerImageAvailability(OpenShiftCheck): + """Check that required Docker images are available. + + This check attempts to ensure that required docker images are + either present locally, or able to be pulled down from available + registries defined in a host machine. + """ + + name = "docker_image_availability" + tags = ["preflight"] + + skopeo_image = "openshift/openshift-ansible" + + docker_image_base = { + "origin": { + "repo": "openshift", + "image": "origin", + }, + "openshift-enterprise": { + "repo": "openshift3", + "image": "ose", + }, + } + + def run(self, tmp, task_vars): + required_images = self.required_images(task_vars) + missing_images = set(required_images) - set(self.local_images(required_images, task_vars)) + + # exit early if all images were found locally + if not missing_images: + return {"changed": False} + + msg, failed, changed = self.update_skopeo_image(task_vars) + + # exit early if Skopeo update fails + if failed: + return { + "failed": True, + "changed": changed, + "msg": "Failed to update Skopeo image ({img_name}). {msg}".format(img_name=self.skopeo_image, msg=msg), + } + + registries = self.known_docker_registries(task_vars) + available_images = self.available_images(missing_images, registries, task_vars) + unavailable_images = set(missing_images) - set(available_images) + + if unavailable_images: + return { + "failed": True, + "msg": ( + "One or more required images are not available: {}.\n" + "Configured registries: {}" + ).format(", ".join(sorted(unavailable_images)), ", ".join(registries)), + "changed": changed, + } + + return {"changed": changed} + + def required_images(self, task_vars): + deployment_type = get_var(task_vars, "deployment_type") + image_base_name = self.docker_image_base[deployment_type] + + openshift_release = get_var(task_vars, "openshift_release") + openshift_image_tag = get_var(task_vars, "openshift_image_tag") + + is_containerized = get_var(task_vars, "openshift", "common", "is_containerized") + + if is_containerized: + images = set(self.containerized_docker_images(image_base_name, openshift_release)) + else: + images = set(self.rpm_docker_images(image_base_name, openshift_release)) + + # append images with qualified image tags to our list of required images. + # these are images with a (v0.0.0.0) tag, rather than a standard release + # format tag (v0.0). We want to check this set in both containerized and + # non-containerized installations. + images.update( + self.qualified_docker_images(self.image_from_base_name(image_base_name), "v" + openshift_image_tag) + ) + + return images + + def local_images(self, images, task_vars): + """Filter a list of images and return those available locally.""" + return [ + image for image in images + if self.is_image_local(image, task_vars) + ] + + def is_image_local(self, image, task_vars): + result = self.module_executor("docker_image_facts", {"name": image}, task_vars) + if result.get("failed", False): + return False + + return bool(result.get("images", [])) + + def known_docker_registries(self, task_vars): + result = self.module_executor("docker_info", {}, task_vars) + + if result.get("failed", False): + return [] + + docker_info = result.get("info", "") + return [registry.get("Name", "") for registry in docker_info.get("Registries", {})] + + def available_images(self, images, registries, task_vars): + """Inspect existing images using Skopeo and return all images successfully inspected.""" + return [ + image for image in images + if self.is_image_available(image, registries, task_vars) + ] + + def is_image_available(self, image, registries, task_vars): + for registry in registries: + if self.is_available_skopeo_image(image, registry, task_vars): + return True + + return False + + def is_available_skopeo_image(self, image, registry, task_vars): + """Uses Skopeo to determine if required image exists in a given registry.""" + + cmd_str = "skopeo inspect docker://{registry}/{image}".format( + registry=registry, + image=image, + ) + + args = { + "name": "skopeo_inspect", + "image": self.skopeo_image, + "command": cmd_str, + "detach": False, + "cleanup": True, + } + result = self.module_executor("docker_container", args, task_vars) + return result.get("failed", False) + + def containerized_docker_images(self, base_name, version): + return [ + "{image}:{version}".format(image=self.image_from_base_name(base_name), version=version) + ] + + @staticmethod + def rpm_docker_images(base, version): + return [ + "{image_repo}/registry-console:{version}".format(image_repo=base["repo"], version=version) + ] + + @staticmethod + def qualified_docker_images(image_name, version): + return [ + "{}-{}:{}".format(image_name, component, version) + for component in "haproxy-router docker-registry deployer pod".split() + ] + + @staticmethod + def image_from_base_name(base): + return "".join([base["repo"], "/", base["image"]]) + + # ensures that the skopeo docker image exists, and updates it + # with latest if image was already present locally. + def update_skopeo_image(self, task_vars): + result = self.module_executor("docker_image", {"name": self.skopeo_image}, task_vars) + return result.get("msg", ""), result.get("failed", False), result.get("changed", False) |