diff options
Diffstat (limited to 'roles')
23 files changed, 139 insertions, 5279 deletions
| diff --git a/roles/lib_openshift/library/oc_adm_registry.py b/roles/lib_openshift/library/oc_adm_registry.py index c398c5551..9eb268388 100644 --- a/roles/lib_openshift/library/oc_adm_registry.py +++ b/roles/lib_openshift/library/oc_adm_registry.py @@ -2235,8 +2235,8 @@ class Registry(OpenShiftCLI):          ''' prepared_registry property '''          if not self.__prepared_registry:              results = self.prepare_registry() -            if not results: -                raise RegistryException('Could not perform registry preparation.') +            if not results or ('returncode' in results and results['returncode'] != 0): +                raise RegistryException('Could not perform registry preparation. {}'.format(results))              self.__prepared_registry = results          return self.__prepared_registry @@ -2301,8 +2301,8 @@ class Registry(OpenShiftCLI):          # probably need to parse this          # pylint thinks results is a string          # pylint: disable=no-member -        if results['returncode'] != 0 and 'items' in results['results']: -            return results +        if results['returncode'] != 0 and 'items' not in results['results']: +            raise RegistryException('Could not perform registry preparation. {}'.format(results))          service = None          deploymentconfig = None diff --git a/roles/lib_openshift/library/oc_adm_registry.py.bak b/roles/lib_openshift/library/oc_adm_registry.py.bak deleted file mode 100644 index d2532a784..000000000 --- a/roles/lib_openshift/library/oc_adm_registry.py.bak +++ /dev/null @@ -1,2562 +0,0 @@ -#!/usr/bin/env python -# pylint: disable=missing-docstring -# flake8: noqa: T001 -#     ___ ___ _  _ ___ ___    _ _____ ___ ___ -#    / __| __| \| | __| _ \  /_\_   _| __|   \ -#   | (_ | _|| .` | _||   / / _ \| | | _|| |) | -#    \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ -#   |   \ / _ \  | \| |/ _ \_   _| | __|   \_ _|_   _| -#   | |) | (_) | | .` | (_) || |   | _|| |) | |  | | -#   |___/ \___/  |_|\_|\___/ |_|   |___|___/___| |_| -# -# Copyright 2016 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -#    http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*- -''' -   OpenShiftCLI class that wraps the oc commands in a subprocess -''' -# pylint: disable=too-many-lines - -from __future__ import print_function -import atexit -import copy -import json -import os -import re -import shutil -import subprocess -import tempfile -# pylint: disable=import-error -try: -    import ruamel.yaml as yaml -except ImportError: -    import yaml - -from ansible.module_utils.basic import AnsibleModule - -# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: doc/registry -*- -*- -*- - -DOCUMENTATION = ''' ---- -module: oc_adm_registry -short_description: Module to manage openshift registry -description: -  - Manage openshift registry programmatically. -options: -  state: -    description: -    - The desired action when managing openshift registry -    - present - update or create the registry -    - absent - tear down the registry service and deploymentconfig -    - list - returns the current representiation of a registry -    required: false -    default: False -    aliases: [] -  kubeconfig: -    description: -    - The path for the kubeconfig file to use for authentication -    required: false -    default: /etc/origin/master/admin.kubeconfig -    aliases: [] -  debug: -    description: -    - Turn on debug output. -    required: false -    default: False -    aliases: [] -  name: -    description: -    - The name of the registry -    required: false -    default: None -    aliases: [] -  namespace: -    description: -    - The selector when filtering on node labels -    required: false -    default: None -    aliases: [] -  images: -    description: -    - The image to base this registry on - ${component} will be replaced with --type -    required: 'openshift3/ose-${component}:${version}' -    default: None -    aliases: [] -  latest_images: -    description: -    - If true, attempt to use the latest image for the registry instead of the latest release. -    required: false -    default: False -    aliases: [] -  labels: -    description: -    - A set of labels to uniquely identify the registry and its components. -    required: false -    default: None -    aliases: [] -  enforce_quota: -    description: -    - If set, the registry will refuse to write blobs if they exceed quota limits -    required: False -    default: False -    aliases: [] -  mount_host: -    description: -    - If set, the registry volume will be created as a host-mount at this path. -    required: False -    default: False -    aliases: [] -  ports: -    description: -    - A comma delimited list of ports or port pairs to expose on the registry pod.  The default is set for 5000. -    required: False -    default: [5000] -    aliases: [] -  replicas: -    description: -    - The replication factor of the registry; commonly 2 when high availability is desired. -    required: False -    default: 1 -    aliases: [] -  selector: -    description: -    - Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes. -    required: False -    default: None -    aliases: [] -  service_account: -    description: -    - Name of the service account to use to run the registry pod. -    required: False -    default: 'registry' -    aliases: [] -  tls_certificate: -    description: -    - An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS -    required: false -    default: None -    aliases: [] -  tls_key: -    description: -    - An optional path to a PEM encoded private key for serving over TLS -    required: false -    default: None -    aliases: [] -  volume_mounts: -    description: -    - The volume mounts for the registry. -    required: false -    default: None -    aliases: [] -  daemonset: -    description: -    - Use a daemonset instead of a deployment config. -    required: false -    default: False -    aliases: [] -  edits: -    description: -    - A list of modifications to make on the deploymentconfig -    required: false -    default: None -    aliases: [] -  env_vars: -    description: -    - A dictionary of modifications to make on the deploymentconfig. e.g. FOO: BAR -    required: false -    default: None -    aliases: [] -  force: -    description: -    - Force a registry update. -    required: false -    default: False -    aliases: [] -author: -- "Kenny Woodson <kwoodson@redhat.com>" -extends_documentation_fragment: [] -''' - -EXAMPLES = ''' -- name: create a secure registry -  oc_adm_registry: -    name: docker-registry -    service_account: registry -    replicas: 2 -    namespace: default -    selector: type=infra -    images: "registry.ops.openshift.com/openshift3/ose-${component}:${version}" -    env_vars: -      REGISTRY_CONFIGURATION_PATH: /etc/registryconfig/config.yml -      REGISTRY_HTTP_TLS_CERTIFICATE: /etc/secrets/registry.crt -      REGISTRY_HTTP_TLS_KEY: /etc/secrets/registry.key -      REGISTRY_HTTP_SECRET: supersecret -    volume_mounts: -    - path: /etc/secrets -      name: dockercerts -      type: secret -      secret_name: registry-secret -    - path: /etc/registryconfig -      name: dockersecrets -      type: secret -      secret_name: docker-registry-config -    edits: -    - key: spec.template.spec.containers[0].livenessProbe.httpGet.scheme -      value: HTTPS -      action: put -    - key: spec.template.spec.containers[0].readinessProbe.httpGet.scheme -      value: HTTPS -      action: put -    - key: spec.strategy.rollingParams -      value: -        intervalSeconds: 1 -        maxSurge: 50% -        maxUnavailable: 50% -        timeoutSeconds: 600 -        updatePeriodSeconds: 1 -      action: put -    - key: spec.template.spec.containers[0].resources.limits.memory -      value: 2G -      action: update -    - key: spec.template.spec.containers[0].resources.requests.memory -      value: 1G -      action: update - -  register: registryout - -''' - -# -*- -*- -*- End included fragment: doc/registry -*- -*- -*- - -# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 - - -class YeditException(Exception): -    ''' Exception class for Yedit ''' -    pass - - -# pylint: disable=too-many-public-methods -class Yedit(object): -    ''' Class to modify yaml files ''' -    re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" -    re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" -    com_sep = set(['.', '#', '|', ':']) - -    # pylint: disable=too-many-arguments -    def __init__(self, -                 filename=None, -                 content=None, -                 content_type='yaml', -                 separator='.', -                 backup=False): -        self.content = content -        self._separator = separator -        self.filename = filename -        self.__yaml_dict = content -        self.content_type = content_type -        self.backup = backup -        self.load(content_type=self.content_type) -        if self.__yaml_dict is None: -            self.__yaml_dict = {} - -    @property -    def separator(self): -        ''' getter method for yaml_dict ''' -        return self._separator - -    @separator.setter -    def separator(self): -        ''' getter method for yaml_dict ''' -        return self._separator - -    @property -    def yaml_dict(self): -        ''' getter method for yaml_dict ''' -        return self.__yaml_dict - -    @yaml_dict.setter -    def yaml_dict(self, value): -        ''' setter method for yaml_dict ''' -        self.__yaml_dict = value - -    @staticmethod -    def parse_key(key, sep='.'): -        '''parse the key allowing the appropriate separator''' -        common_separators = list(Yedit.com_sep - set([sep])) -        return re.findall(Yedit.re_key % ''.join(common_separators), key) - -    @staticmethod -    def valid_key(key, sep='.'): -        '''validate the incoming key''' -        common_separators = list(Yedit.com_sep - set([sep])) -        if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): -            return False - -        return True - -    @staticmethod -    def remove_entry(data, key, sep='.'): -        ''' remove data at location key ''' -        if key == '' and isinstance(data, dict): -            data.clear() -            return True -        elif key == '' and isinstance(data, list): -            del data[:] -            return True - -        if not (key and Yedit.valid_key(key, sep)) and \ -           isinstance(data, (list, dict)): -            return None - -        key_indexes = Yedit.parse_key(key, sep) -        for arr_ind, dict_key in key_indexes[:-1]: -            if dict_key and isinstance(data, dict): -                data = data.get(dict_key, None) -            elif (arr_ind and isinstance(data, list) and -                  int(arr_ind) <= len(data) - 1): -                data = data[int(arr_ind)] -            else: -                return None - -        # process last index for remove -        # expected list entry -        if key_indexes[-1][0]: -            if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1:  # noqa: E501 -                del data[int(key_indexes[-1][0])] -                return True - -        # expected dict entry -        elif key_indexes[-1][1]: -            if isinstance(data, dict): -                del data[key_indexes[-1][1]] -                return True - -    @staticmethod -    def add_entry(data, key, item=None, sep='.'): -        ''' Get an item from a dictionary with key notation a.b.c -            d = {'a': {'b': 'c'}}} -            key = a#b -            return c -        ''' -        if key == '': -            pass -        elif (not (key and Yedit.valid_key(key, sep)) and -              isinstance(data, (list, dict))): -            return None - -        key_indexes = Yedit.parse_key(key, sep) -        for arr_ind, dict_key in key_indexes[:-1]: -            if dict_key: -                if isinstance(data, dict) and dict_key in data and data[dict_key]:  # noqa: E501 -                    data = data[dict_key] -                    continue - -                elif data and not isinstance(data, dict): -                    return None - -                data[dict_key] = {} -                data = data[dict_key] - -            elif (arr_ind and isinstance(data, list) and -                  int(arr_ind) <= len(data) - 1): -                data = data[int(arr_ind)] -            else: -                return None - -        if key == '': -            data = item - -        # process last index for add -        # expected list entry -        elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1:  # noqa: E501 -            data[int(key_indexes[-1][0])] = item - -        # expected dict entry -        elif key_indexes[-1][1] and isinstance(data, dict): -            data[key_indexes[-1][1]] = item - -        return data - -    @staticmethod -    def get_entry(data, key, sep='.'): -        ''' Get an item from a dictionary with key notation a.b.c -            d = {'a': {'b': 'c'}}} -            key = a.b -            return c -        ''' -        if key == '': -            pass -        elif (not (key and Yedit.valid_key(key, sep)) and -              isinstance(data, (list, dict))): -            return None - -        key_indexes = Yedit.parse_key(key, sep) -        for arr_ind, dict_key in key_indexes: -            if dict_key and isinstance(data, dict): -                data = data.get(dict_key, None) -            elif (arr_ind and isinstance(data, list) and -                  int(arr_ind) <= len(data) - 1): -                data = data[int(arr_ind)] -            else: -                return None - -        return data - -    @staticmethod -    def _write(filename, contents): -        ''' Actually write the file contents to disk. This helps with mocking. ''' - -        tmp_filename = filename + '.yedit' - -        with open(tmp_filename, 'w') as yfd: -            yfd.write(contents) - -        os.rename(tmp_filename, filename) - -    def write(self): -        ''' write to file ''' -        if not self.filename: -            raise YeditException('Please specify a filename.') - -        if self.backup and self.file_exists(): -            shutil.copy(self.filename, self.filename + '.orig') - -        # Try to set format attributes if supported -        try: -            self.yaml_dict.fa.set_block_style() -        except AttributeError: -            pass - -        # Try to use RoundTripDumper if supported. -        try: -            Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) -        except AttributeError: -            Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False)) - -        return (True, self.yaml_dict) - -    def read(self): -        ''' read from file ''' -        # check if it exists -        if self.filename is None or not self.file_exists(): -            return None - -        contents = None -        with open(self.filename) as yfd: -            contents = yfd.read() - -        return contents - -    def file_exists(self): -        ''' return whether file exists ''' -        if os.path.exists(self.filename): -            return True - -        return False - -    def load(self, content_type='yaml'): -        ''' return yaml file ''' -        contents = self.read() - -        if not contents and not self.content: -            return None - -        if self.content: -            if isinstance(self.content, dict): -                self.yaml_dict = self.content -                return self.yaml_dict -            elif isinstance(self.content, str): -                contents = self.content - -        # check if it is yaml -        try: -            if content_type == 'yaml' and contents: -                # Try to set format attributes if supported -                try: -                    self.yaml_dict.fa.set_block_style() -                except AttributeError: -                    pass - -                # Try to use RoundTripLoader if supported. -                try: -                    self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader) -                except AttributeError: -                    self.yaml_dict = yaml.safe_load(contents) - -                # Try to set format attributes if supported -                try: -                    self.yaml_dict.fa.set_block_style() -                except AttributeError: -                    pass - -            elif content_type == 'json' and contents: -                self.yaml_dict = json.loads(contents) -        except yaml.YAMLError as err: -            # Error loading yaml or json -            raise YeditException('Problem with loading yaml file. %s' % err) - -        return self.yaml_dict - -    def get(self, key): -        ''' get a specified key''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, key, self.separator) -        except KeyError: -            entry = None - -        return entry - -    def pop(self, path, key_or_item): -        ''' remove a key, value pair from a dict or an item for a list''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry is None: -            return (False, self.yaml_dict) - -        if isinstance(entry, dict): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            if key_or_item in entry: -                entry.pop(key_or_item) -                return (True, self.yaml_dict) -            return (False, self.yaml_dict) - -        elif isinstance(entry, list): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            ind = None -            try: -                ind = entry.index(key_or_item) -            except ValueError: -                return (False, self.yaml_dict) - -            entry.pop(ind) -            return (True, self.yaml_dict) - -        return (False, self.yaml_dict) - -    def delete(self, path): -        ''' remove path from a dict''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry is None: -            return (False, self.yaml_dict) - -        result = Yedit.remove_entry(self.yaml_dict, path, self.separator) -        if not result: -            return (False, self.yaml_dict) - -        return (True, self.yaml_dict) - -    def exists(self, path, value): -        ''' check if value exists at path''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if isinstance(entry, list): -            if value in entry: -                return True -            return False - -        elif isinstance(entry, dict): -            if isinstance(value, dict): -                rval = False -                for key, val in value.items(): -                    if entry[key] != val: -                        rval = False -                        break -                else: -                    rval = True -                return rval - -            return value in entry - -        return entry == value - -    def append(self, path, value): -        '''append value to a list''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry is None: -            self.put(path, []) -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        if not isinstance(entry, list): -            return (False, self.yaml_dict) - -        # AUDIT:maybe-no-member makes sense due to loading data from -        # a serialized format. -        # pylint: disable=maybe-no-member -        entry.append(value) -        return (True, self.yaml_dict) - -    # pylint: disable=too-many-arguments -    def update(self, path, value, index=None, curr_value=None): -        ''' put path, value into a dict ''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if isinstance(entry, dict): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            if not isinstance(value, dict): -                raise YeditException('Cannot replace key, value entry in ' + -                                     'dict with non-dict type. value=[%s] [%s]' % (value, type(value)))  # noqa: E501 - -            entry.update(value) -            return (True, self.yaml_dict) - -        elif isinstance(entry, list): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            ind = None -            if curr_value: -                try: -                    ind = entry.index(curr_value) -                except ValueError: -                    return (False, self.yaml_dict) - -            elif index is not None: -                ind = index - -            if ind is not None and entry[ind] != value: -                entry[ind] = value -                return (True, self.yaml_dict) - -            # see if it exists in the list -            try: -                ind = entry.index(value) -            except ValueError: -                # doesn't exist, append it -                entry.append(value) -                return (True, self.yaml_dict) - -            # already exists, return -            if ind is not None: -                return (False, self.yaml_dict) -        return (False, self.yaml_dict) - -    def put(self, path, value): -        ''' put path, value into a dict ''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry == value: -            return (False, self.yaml_dict) - -        # deepcopy didn't work -        # Try to use ruamel.yaml and fallback to pyyaml -        try: -            tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, -                                                      default_flow_style=False), -                                 yaml.RoundTripLoader) -        except AttributeError: -            tmp_copy = copy.deepcopy(self.yaml_dict) - -        # set the format attributes if available -        try: -            tmp_copy.fa.set_block_style() -        except AttributeError: -            pass - -        result = Yedit.add_entry(tmp_copy, path, value, self.separator) -        if not result: -            return (False, self.yaml_dict) - -        self.yaml_dict = tmp_copy - -        return (True, self.yaml_dict) - -    def create(self, path, value): -        ''' create a yaml file ''' -        if not self.file_exists(): -            # deepcopy didn't work -            # Try to use ruamel.yaml and fallback to pyyaml -            try: -                tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, -                                                          default_flow_style=False), -                                     yaml.RoundTripLoader) -            except AttributeError: -                tmp_copy = copy.deepcopy(self.yaml_dict) - -            # set the format attributes if available -            try: -                tmp_copy.fa.set_block_style() -            except AttributeError: -                pass - -            result = Yedit.add_entry(tmp_copy, path, value, self.separator) -            if result: -                self.yaml_dict = tmp_copy -                return (True, self.yaml_dict) - -        return (False, self.yaml_dict) - -    @staticmethod -    def get_curr_value(invalue, val_type): -        '''return the current value''' -        if invalue is None: -            return None - -        curr_value = invalue -        if val_type == 'yaml': -            curr_value = yaml.load(invalue) -        elif val_type == 'json': -            curr_value = json.loads(invalue) - -        return curr_value - -    @staticmethod -    def parse_value(inc_value, vtype=''): -        '''determine value type passed''' -        true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', -                      'on', 'On', 'ON', ] -        false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', -                       'off', 'Off', 'OFF'] - -        # It came in as a string but you didn't specify value_type as string -        # we will convert to bool if it matches any of the above cases -        if isinstance(inc_value, str) and 'bool' in vtype: -            if inc_value not in true_bools and inc_value not in false_bools: -                raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' -                                     % (inc_value, vtype)) -        elif isinstance(inc_value, bool) and 'str' in vtype: -            inc_value = str(inc_value) - -        # If vtype is not str then go ahead and attempt to yaml load it. -        if isinstance(inc_value, str) and 'str' not in vtype: -            try: -                inc_value = yaml.load(inc_value) -            except Exception: -                raise YeditException('Could not determine type of incoming ' + -                                     'value. value=[%s] vtype=[%s]' -                                     % (type(inc_value), vtype)) - -        return inc_value - -    # pylint: disable=too-many-return-statements,too-many-branches -    @staticmethod -    def run_ansible(module): -        '''perform the idempotent crud operations''' -        yamlfile = Yedit(filename=module.params['src'], -                         backup=module.params['backup'], -                         separator=module.params['separator']) - -        if module.params['src']: -            rval = yamlfile.load() - -            if yamlfile.yaml_dict is None and \ -               module.params['state'] != 'present': -                return {'failed': True, -                        'msg': 'Error opening file [%s].  Verify that the ' + -                               'file exists, that it is has correct' + -                               ' permissions, and is valid yaml.'} - -        if module.params['state'] == 'list': -            if module.params['content']: -                content = Yedit.parse_value(module.params['content'], -                                            module.params['content_type']) -                yamlfile.yaml_dict = content - -            if module.params['key']: -                rval = yamlfile.get(module.params['key']) or {} - -            return {'changed': False, 'result': rval, 'state': "list"} - -        elif module.params['state'] == 'absent': -            if module.params['content']: -                content = Yedit.parse_value(module.params['content'], -                                            module.params['content_type']) -                yamlfile.yaml_dict = content - -            if module.params['update']: -                rval = yamlfile.pop(module.params['key'], -                                    module.params['value']) -            else: -                rval = yamlfile.delete(module.params['key']) - -            if rval[0] and module.params['src']: -                yamlfile.write() - -            return {'changed': rval[0], 'result': rval[1], 'state': "absent"} - -        elif module.params['state'] == 'present': -            # check if content is different than what is in the file -            if module.params['content']: -                content = Yedit.parse_value(module.params['content'], -                                            module.params['content_type']) - -                # We had no edits to make and the contents are the same -                if yamlfile.yaml_dict == content and \ -                   module.params['value'] is None: -                    return {'changed': False, -                            'result': yamlfile.yaml_dict, -                            'state': "present"} - -                yamlfile.yaml_dict = content - -            # we were passed a value; parse it -            if module.params['value']: -                value = Yedit.parse_value(module.params['value'], -                                          module.params['value_type']) -                key = module.params['key'] -                if module.params['update']: -                    # pylint: disable=line-too-long -                    curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']),  # noqa: E501 -                                                      module.params['curr_value_format'])  # noqa: E501 - -                    rval = yamlfile.update(key, value, module.params['index'], curr_value)  # noqa: E501 - -                elif module.params['append']: -                    rval = yamlfile.append(key, value) -                else: -                    rval = yamlfile.put(key, value) - -                if rval[0] and module.params['src']: -                    yamlfile.write() - -                return {'changed': rval[0], -                        'result': rval[1], 'state': "present"} - -            # no edits to make -            if module.params['src']: -                # pylint: disable=redefined-variable-type -                rval = yamlfile.write() -                return {'changed': rval[0], -                        'result': rval[1], -                        'state': "present"} - -        return {'failed': True, 'msg': 'Unkown state passed'} - -# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*- -# pylint: disable=too-many-lines -# noqa: E301,E302,E303,T001 - - -class OpenShiftCLIError(Exception): -    '''Exception class for openshiftcli''' -    pass - - -# pylint: disable=too-few-public-methods -class OpenShiftCLI(object): -    ''' Class to wrap the command line tools ''' -    def __init__(self, -                 namespace, -                 kubeconfig='/etc/origin/master/admin.kubeconfig', -                 verbose=False, -                 all_namespaces=False): -        ''' Constructor for OpenshiftCLI ''' -        self.namespace = namespace -        self.verbose = verbose -        self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) -        self.all_namespaces = all_namespaces - -    # Pylint allows only 5 arguments to be passed. -    # pylint: disable=too-many-arguments -    def _replace_content(self, resource, rname, content, force=False, sep='.'): -        ''' replace the current object with the content ''' -        res = self._get(resource, rname) -        if not res['results']: -            return res - -        fname = Utils.create_tmpfile(rname + '-') - -        yed = Yedit(fname, res['results'][0], separator=sep) -        changes = [] -        for key, value in content.items(): -            changes.append(yed.put(key, value)) - -        if any([change[0] for change in changes]): -            yed.write() - -            atexit.register(Utils.cleanup, [fname]) - -            return self._replace(fname, force) - -        return {'returncode': 0, 'updated': False} - -    def _replace(self, fname, force=False): -        '''replace the current object with oc replace''' -        cmd = ['replace', '-f', fname] -        if force: -            cmd.append('--force') -        return self.openshift_cmd(cmd) - -    def _create_from_content(self, rname, content): -        '''create a temporary file and then call oc create on it''' -        fname = Utils.create_tmpfile(rname + '-') -        yed = Yedit(fname, content=content) -        yed.write() - -        atexit.register(Utils.cleanup, [fname]) - -        return self._create(fname) - -    def _create(self, fname): -        '''call oc create on a filename''' -        return self.openshift_cmd(['create', '-f', fname]) - -    def _delete(self, resource, rname, selector=None): -        '''call oc delete on a resource''' -        cmd = ['delete', resource, rname] -        if selector: -            cmd.append('--selector=%s' % selector) - -        return self.openshift_cmd(cmd) - -    def _process(self, template_name, create=False, params=None, template_data=None):  # noqa: E501 -        '''process a template - -           template_name: the name of the template to process -           create: whether to send to oc create after processing -           params: the parameters for the template -           template_data: the incoming template's data; instead of a file -        ''' -        cmd = ['process'] -        if template_data: -            cmd.extend(['-f', '-']) -        else: -            cmd.append(template_name) -        if params: -            param_str = ["%s=%s" % (key, value) for key, value in params.items()] -            cmd.append('-v') -            cmd.extend(param_str) - -        results = self.openshift_cmd(cmd, output=True, input_data=template_data) - -        if results['returncode'] != 0 or not create: -            return results - -        fname = Utils.create_tmpfile(template_name + '-') -        yed = Yedit(fname, results['results']) -        yed.write() - -        atexit.register(Utils.cleanup, [fname]) - -        return self.openshift_cmd(['create', '-f', fname]) - -    def _get(self, resource, rname=None, selector=None): -        '''return a resource by name ''' -        cmd = ['get', resource] -        if selector: -            cmd.append('--selector=%s' % selector) -        elif rname: -            cmd.append(rname) - -        cmd.extend(['-o', 'json']) - -        rval = self.openshift_cmd(cmd, output=True) - -        # Ensure results are retuned in an array -        if 'items' in rval: -            rval['results'] = rval['items'] -        elif not isinstance(rval['results'], list): -            rval['results'] = [rval['results']] - -        return rval - -    def _schedulable(self, node=None, selector=None, schedulable=True): -        ''' perform oadm manage-node scheduable ''' -        cmd = ['manage-node'] -        if node: -            cmd.extend(node) -        else: -            cmd.append('--selector=%s' % selector) - -        cmd.append('--schedulable=%s' % schedulable) - -        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')  # noqa: E501 - -    def _list_pods(self, node=None, selector=None, pod_selector=None): -        ''' perform oadm list pods - -            node: the node in which to list pods -            selector: the label selector filter if provided -            pod_selector: the pod selector filter if provided -        ''' -        cmd = ['manage-node'] -        if node: -            cmd.extend(node) -        else: -            cmd.append('--selector=%s' % selector) - -        if pod_selector: -            cmd.append('--pod-selector=%s' % pod_selector) - -        cmd.extend(['--list-pods', '-o', 'json']) - -        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') - -    # pylint: disable=too-many-arguments -    def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False): -        ''' perform oadm manage-node evacuate ''' -        cmd = ['manage-node'] -        if node: -            cmd.extend(node) -        else: -            cmd.append('--selector=%s' % selector) - -        if dry_run: -            cmd.append('--dry-run') - -        if pod_selector: -            cmd.append('--pod-selector=%s' % pod_selector) - -        if grace_period: -            cmd.append('--grace-period=%s' % int(grace_period)) - -        if force: -            cmd.append('--force') - -        cmd.append('--evacuate') - -        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') - -    def _version(self): -        ''' return the openshift version''' -        return self.openshift_cmd(['version'], output=True, output_type='raw') - -    def _import_image(self, url=None, name=None, tag=None): -        ''' perform image import ''' -        cmd = ['import-image'] - -        image = '{0}'.format(name) -        if tag: -            image += ':{0}'.format(tag) - -        cmd.append(image) - -        if url: -            cmd.append('--from={0}/{1}'.format(url, image)) - -        cmd.append('-n{0}'.format(self.namespace)) - -        cmd.append('--confirm') -        return self.openshift_cmd(cmd) - -    def _run(self, cmds, input_data): -        ''' Actually executes the command. This makes mocking easier. ''' -        curr_env = os.environ.copy() -        curr_env.update({'KUBECONFIG': self.kubeconfig}) -        proc = subprocess.Popen(cmds, -                                stdin=subprocess.PIPE, -                                stdout=subprocess.PIPE, -                                stderr=subprocess.PIPE, -                                env=curr_env) - -        stdout, stderr = proc.communicate(input_data) - -        return proc.returncode, stdout.decode(), stderr.decode() - -    # pylint: disable=too-many-arguments,too-many-branches -    def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None): -        '''Base command for oc ''' -        cmds = [] -        if oadm: -            cmds = ['oadm'] -        else: -            cmds = ['oc'] - -        if self.all_namespaces: -            cmds.extend(['--all-namespaces']) -        elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']:  # E501 -            cmds.extend(['-n', self.namespace]) - -        cmds.extend(cmd) - -        rval = {} -        results = '' -        err = None - -        if self.verbose: -            print(' '.join(cmds)) - -        returncode, stdout, stderr = self._run(cmds, input_data) - -        rval = {"returncode": returncode, -                "results": results, -                "cmd": ' '.join(cmds)} - -        if returncode == 0: -            if output: -                if output_type == 'json': -                    try: -                        rval['results'] = json.loads(stdout) -                    except ValueError as err: -                        if "No JSON object could be decoded" in err.args: -                            err = err.args -                elif output_type == 'raw': -                    rval['results'] = stdout - -            if self.verbose: -                print("STDOUT: {0}".format(stdout)) -                print("STDERR: {0}".format(stderr)) - -            if err: -                rval.update({"err": err, -                             "stderr": stderr, -                             "stdout": stdout, -                             "cmd": cmds}) - -        else: -            rval.update({"stderr": stderr, -                         "stdout": stdout, -                         "results": {}}) - -        return rval - - -class Utils(object): -    ''' utilities for openshiftcli modules ''' - -    @staticmethod -    def _write(filename, contents): -        ''' Actually write the file contents to disk. This helps with mocking. ''' - -        with open(filename, 'w') as sfd: -            sfd.write(contents) - -    @staticmethod -    def create_tmp_file_from_contents(rname, data, ftype='yaml'): -        ''' create a file in tmp with name and contents''' - -        tmp = Utils.create_tmpfile(prefix=rname) - -        if ftype == 'yaml': -            # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage -            # pylint: disable=no-member -            if hasattr(yaml, 'RoundTripDumper'): -                Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper)) -            else: -                Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False)) - -        elif ftype == 'json': -            Utils._write(tmp, json.dumps(data)) -        else: -            Utils._write(tmp, data) - -        # Register cleanup when module is done -        atexit.register(Utils.cleanup, [tmp]) -        return tmp - -    @staticmethod -    def create_tmpfile_copy(inc_file): -        '''create a temporary copy of a file''' -        tmpfile = Utils.create_tmpfile('lib_openshift-') -        Utils._write(tmpfile, open(inc_file).read()) - -        # Cleanup the tmpfile -        atexit.register(Utils.cleanup, [tmpfile]) - -        return tmpfile - -    @staticmethod -    def create_tmpfile(prefix='tmp'): -        ''' Generates and returns a temporary file name ''' - -        with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: -            return tmp.name - -    @staticmethod -    def create_tmp_files_from_contents(content, content_type=None): -        '''Turn an array of dict: filename, content into a files array''' -        if not isinstance(content, list): -            content = [content] -        files = [] -        for item in content: -            path = Utils.create_tmp_file_from_contents(item['path'] + '-', -                                                       item['data'], -                                                       ftype=content_type) -            files.append({'name': os.path.basename(item['path']), -                          'path': path}) -        return files - -    @staticmethod -    def cleanup(files): -        '''Clean up on exit ''' -        for sfile in files: -            if os.path.exists(sfile): -                if os.path.isdir(sfile): -                    shutil.rmtree(sfile) -                elif os.path.isfile(sfile): -                    os.remove(sfile) - -    @staticmethod -    def exists(results, _name): -        ''' Check to see if the results include the name ''' -        if not results: -            return False - -        if Utils.find_result(results, _name): -            return True - -        return False - -    @staticmethod -    def find_result(results, _name): -        ''' Find the specified result by name''' -        rval = None -        for result in results: -            if 'metadata' in result and result['metadata']['name'] == _name: -                rval = result -                break - -        return rval - -    @staticmethod -    def get_resource_file(sfile, sfile_type='yaml'): -        ''' return the service file ''' -        contents = None -        with open(sfile) as sfd: -            contents = sfd.read() - -        if sfile_type == 'yaml': -            # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage -            # pylint: disable=no-member -            if hasattr(yaml, 'RoundTripLoader'): -                contents = yaml.load(contents, yaml.RoundTripLoader) -            else: -                contents = yaml.safe_load(contents) -        elif sfile_type == 'json': -            contents = json.loads(contents) - -        return contents - -    @staticmethod -    def filter_versions(stdout): -        ''' filter the oc version output ''' - -        version_dict = {} -        version_search = ['oc', 'openshift', 'kubernetes'] - -        for line in stdout.strip().split('\n'): -            for term in version_search: -                if not line: -                    continue -                if line.startswith(term): -                    version_dict[term] = line.split()[-1] - -        # horrible hack to get openshift version in Openshift 3.2 -        #  By default "oc version in 3.2 does not return an "openshift" version -        if "openshift" not in version_dict: -            version_dict["openshift"] = version_dict["oc"] - -        return version_dict - -    @staticmethod -    def add_custom_versions(versions): -        ''' create custom versions strings ''' - -        versions_dict = {} - -        for tech, version in versions.items(): -            # clean up "-" from version -            if "-" in version: -                version = version.split("-")[0] - -            if version.startswith('v'): -                versions_dict[tech + '_numeric'] = version[1:].split('+')[0] -                # "v3.3.0.33" is what we have, we want "3.3" -                versions_dict[tech + '_short'] = version[1:4] - -        return versions_dict - -    @staticmethod -    def openshift_installed(): -        ''' check if openshift is installed ''' -        import yum - -        yum_base = yum.YumBase() -        if yum_base.rpmdb.searchNevra(name='atomic-openshift'): -            return True - -        return False - -    # Disabling too-many-branches.  This is a yaml dictionary comparison function -    # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements -    @staticmethod -    def check_def_equal(user_def, result_def, skip_keys=None, debug=False): -        ''' Given a user defined definition, compare it with the results given back by our query.  ''' - -        # Currently these values are autogenerated and we do not need to check them -        skip = ['metadata', 'status'] -        if skip_keys: -            skip.extend(skip_keys) - -        for key, value in result_def.items(): -            if key in skip: -                continue - -            # Both are lists -            if isinstance(value, list): -                if key not in user_def: -                    if debug: -                        print('User data does not have key [%s]' % key) -                        print('User data: %s' % user_def) -                    return False - -                if not isinstance(user_def[key], list): -                    if debug: -                        print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key])) -                    return False - -                if len(user_def[key]) != len(value): -                    if debug: -                        print("List lengths are not equal.") -                        print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value))) -                        print("user_def: %s" % user_def[key]) -                        print("value: %s" % value) -                    return False - -                for values in zip(user_def[key], value): -                    if isinstance(values[0], dict) and isinstance(values[1], dict): -                        if debug: -                            print('sending list - list') -                            print(type(values[0])) -                            print(type(values[1])) -                        result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) -                        if not result: -                            print('list compare returned false') -                            return False - -                    elif value != user_def[key]: -                        if debug: -                            print('value should be identical') -                            print(value) -                            print(user_def[key]) -                        return False - -            # recurse on a dictionary -            elif isinstance(value, dict): -                if key not in user_def: -                    if debug: -                        print("user_def does not have key [%s]" % key) -                    return False -                if not isinstance(user_def[key], dict): -                    if debug: -                        print("dict returned false: not instance of dict") -                    return False - -                # before passing ensure keys match -                api_values = set(value.keys()) - set(skip) -                user_values = set(user_def[key].keys()) - set(skip) -                if api_values != user_values: -                    if debug: -                        print("keys are not equal in dict") -                        print(api_values) -                        print(user_values) -                    return False - -                result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) -                if not result: -                    if debug: -                        print("dict returned false") -                        print(result) -                    return False - -            # Verify each key, value pair is the same -            else: -                if key not in user_def or value != user_def[key]: -                    if debug: -                        print("value not equal; user_def does not have key") -                        print(key) -                        print(value) -                        if key in user_def: -                            print(user_def[key]) -                    return False - -        if debug: -            print('returning true') -        return True - - -class OpenShiftCLIConfig(object): -    '''Generic Config''' -    def __init__(self, rname, namespace, kubeconfig, options): -        self.kubeconfig = kubeconfig -        self.name = rname -        self.namespace = namespace -        self._options = options - -    @property -    def config_options(self): -        ''' return config options ''' -        return self._options - -    def to_option_list(self): -        '''return all options as a string''' -        return self.stringify() - -    def stringify(self): -        ''' return the options hash as cli params in a string ''' -        rval = [] -        for key, data in self.config_options.items(): -            if data['include'] \ -               and (data['value'] or isinstance(data['value'], int)): -                rval.append('--%s=%s' % (key.replace('_', '-'), data['value'])) - -        return rval - - -# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/deploymentconfig.py -*- -*- -*- - - -# pylint: disable=too-many-public-methods -class DeploymentConfig(Yedit): -    ''' Class to model an openshift DeploymentConfig''' -    default_deployment_config = ''' -apiVersion: v1 -kind: DeploymentConfig -metadata: -  name: default_dc -  namespace: default -spec: -  replicas: 0 -  selector: -    default_dc: default_dc -  strategy: -    resources: {} -    rollingParams: -      intervalSeconds: 1 -      maxSurge: 0 -      maxUnavailable: 25% -      timeoutSeconds: 600 -      updatePercent: -25 -      updatePeriodSeconds: 1 -    type: Rolling -  template: -    metadata: -    spec: -      containers: -      - env: -        - name: default -          value: default -        image: default -        imagePullPolicy: IfNotPresent -        name: default_dc -        ports: -        - containerPort: 8000 -          hostPort: 8000 -          protocol: TCP -          name: default_port -        resources: {} -        terminationMessagePath: /dev/termination-log -      dnsPolicy: ClusterFirst -      hostNetwork: true -      nodeSelector: -        type: compute -      restartPolicy: Always -      securityContext: {} -      serviceAccount: default -      serviceAccountName: default -      terminationGracePeriodSeconds: 30 -  triggers: -  - type: ConfigChange -''' - -    replicas_path = "spec.replicas" -    env_path = "spec.template.spec.containers[0].env" -    volumes_path = "spec.template.spec.volumes" -    container_path = "spec.template.spec.containers" -    volume_mounts_path = "spec.template.spec.containers[0].volumeMounts" - -    def __init__(self, content=None): -        ''' Constructor for deploymentconfig ''' -        if not content: -            content = DeploymentConfig.default_deployment_config - -        super(DeploymentConfig, self).__init__(content=content) - -    def add_env_value(self, key, value): -        ''' add key, value pair to env array ''' -        rval = False -        env = self.get_env_vars() -        if env: -            env.append({'name': key, 'value': value}) -            rval = True -        else: -            result = self.put(DeploymentConfig.env_path, {'name': key, 'value': value}) -            rval = result[0] - -        return rval - -    def exists_env_value(self, key, value): -        ''' return whether a key, value  pair exists ''' -        results = self.get_env_vars() -        if not results: -            return False - -        for result in results: -            if result['name'] == key and result['value'] == value: -                return True - -        return False - -    def exists_env_key(self, key): -        ''' return whether a key, value  pair exists ''' -        results = self.get_env_vars() -        if not results: -            return False - -        for result in results: -            if result['name'] == key: -                return True - -        return False - -    def get_env_var(self, key): -        '''return a environment variables ''' -        results = self.get(DeploymentConfig.env_path) or [] -        if not results: -           return None - -        for env_var in results: -            if env_var['name'] == key: -                return env_var - -        return None - -    def get_env_vars(self): -        '''return a environment variables ''' -        return self.get(DeploymentConfig.env_path) or [] - -    def delete_env_var(self, keys): -        '''delete a list of keys ''' -        if not isinstance(keys, list): -            keys = [keys] - -        env_vars_array = self.get_env_vars() -        modified = False -        idx = None -        for key in keys: -            for env_idx, env_var in enumerate(env_vars_array): -                if env_var['name'] == key: -                    idx = env_idx -                    break - -            if idx: -                modified = True -                del env_vars_array[idx] - -        if modified: -            return True - -        return False - -    def update_env_var(self, key, value): -        '''place an env in the env var list''' - -        env_vars_array = self.get_env_vars() -        idx = None -        for env_idx, env_var in enumerate(env_vars_array): -            if env_var['name'] == key: -                idx = env_idx -                break - -        if idx: -            env_vars_array[idx]['value'] = value -        else: -            self.add_env_value(key, value) - -        return True - -    def exists_volume_mount(self, volume_mount): -        ''' return whether a volume mount exists ''' -        exist_volume_mounts = self.get_volume_mounts() - -        if not exist_volume_mounts: -            return False - -        volume_mount_found = False -        for exist_volume_mount in exist_volume_mounts: -            if exist_volume_mount['name'] == volume_mount['name']: -                volume_mount_found = True -                break - -        return volume_mount_found - -    def exists_volume(self, volume): -        ''' return whether a volume exists ''' -        exist_volumes = self.get_volumes() - -        volume_found = False -        for exist_volume in exist_volumes: -            if exist_volume['name'] == volume['name']: -                volume_found = True -                break - -        return volume_found - -    def find_volume_by_name(self, volume, mounts=False): -        ''' return the index of a volume ''' -        volumes = [] -        if mounts: -            volumes = self.get_volume_mounts() -        else: -            volumes = self.get_volumes() -        for exist_volume in volumes: -            if exist_volume['name'] == volume['name']: -                return exist_volume - -        return None - -    def get_replicas(self): -        ''' return replicas setting ''' -        return self.get(DeploymentConfig.replicas_path) - -    def get_volume_mounts(self): -        '''return volume mount information ''' -        return self.get_volumes(mounts=True) - -    def get_volumes(self, mounts=False): -        '''return volume mount information ''' -        if mounts: -            return self.get(DeploymentConfig.volume_mounts_path) or [] - -        return self.get(DeploymentConfig.volumes_path) or [] - -    def delete_volume_by_name(self, volume): -        '''delete a volume ''' -        modified = False -        exist_volume_mounts = self.get_volume_mounts() -        exist_volumes = self.get_volumes() -        del_idx = None -        for idx, exist_volume in enumerate(exist_volumes): -            if 'name' in exist_volume and exist_volume['name'] == volume['name']: -                del_idx = idx -                break - -        if del_idx != None: -            del exist_volumes[del_idx] -            modified = True - -        del_idx = None -        for idx, exist_volume_mount in enumerate(exist_volume_mounts): -            if 'name' in exist_volume_mount and exist_volume_mount['name'] == volume['name']: -                del_idx = idx -                break - -        if del_idx != None: -            del exist_volume_mounts[idx] -            modified = True - -        return modified - -    def add_volume_mount(self, volume_mount): -        ''' add a volume or volume mount to the proper location ''' -        exist_volume_mounts = self.get_volume_mounts() - -        if not exist_volume_mounts and volume_mount: -            self.put(DeploymentConfig.volume_mounts_path, [volume_mount]) -        else: -            exist_volume_mounts.append(volume_mount) - -    def add_volume(self, volume): -        ''' add a volume or volume mount to the proper location ''' -        exist_volumes = self.get_volumes() -        if not volume: -            return - -        if not exist_volumes: -            self.put(DeploymentConfig.volumes_path, [volume]) -        else: -            exist_volumes.append(volume) - -    def update_replicas(self, replicas): -        ''' update replicas value ''' -        self.put(DeploymentConfig.replicas_path, replicas) - -    def update_volume(self, volume): -        '''place an env in the env var list''' -        exist_volumes = self.get_volumes() - -        if not volume: -            return False - -        # update the volume -        update_idx = None -        for idx, exist_vol in enumerate(exist_volumes): -            if exist_vol['name'] == volume['name']: -                update_idx = idx -                break - -        if update_idx != None: -            exist_volumes[update_idx] = volume -        else: -            self.add_volume(volume) - -        return True - -    def update_volume_mount(self, volume_mount): -        '''place an env in the env var list''' -        modified = False - -        exist_volume_mounts = self.get_volume_mounts() - -        if not volume_mount: -            return False - -        # update the volume mount -        for exist_vol_mount in exist_volume_mounts: -            if exist_vol_mount['name'] == volume_mount['name']: -                if 'mountPath' in exist_vol_mount and \ -                   str(exist_vol_mount['mountPath']) != str(volume_mount['mountPath']): -                    exist_vol_mount['mountPath'] = volume_mount['mountPath'] -                    modified = True -                break - -        if not modified: -            self.add_volume_mount(volume_mount) -            modified = True - -        return modified - -    def needs_update_volume(self, volume, volume_mount): -        ''' verify a volume update is needed ''' -        exist_volume = self.find_volume_by_name(volume) -        exist_volume_mount = self.find_volume_by_name(volume, mounts=True) -        results = [] -        results.append(exist_volume['name'] == volume['name']) - -        if 'secret' in volume: -            results.append('secret' in exist_volume) -            results.append(exist_volume['secret']['secretName'] == volume['secret']['secretName']) -            results.append(exist_volume_mount['name'] == volume_mount['name']) -            results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath']) - -        elif 'emptyDir' in volume: -            results.append(exist_volume_mount['name'] == volume['name']) -            results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath']) - -        elif 'persistentVolumeClaim' in volume: -            pvc = 'persistentVolumeClaim' -            results.append(pvc in exist_volume) -            if results[-1]: -                results.append(exist_volume[pvc]['claimName'] == volume[pvc]['claimName']) - -                if 'claimSize' in volume[pvc]: -                    results.append(exist_volume[pvc]['claimSize'] == volume[pvc]['claimSize']) - -        elif 'hostpath' in volume: -            results.append('hostPath' in exist_volume) -            results.append(exist_volume['hostPath']['path'] == volume_mount['mountPath']) - -        return not all(results) - -    def needs_update_replicas(self, replicas): -        ''' verify whether a replica update is needed ''' -        current_reps = self.get(DeploymentConfig.replicas_path) -        return not current_reps == replicas - -# -*- -*- -*- End included fragment: lib/deploymentconfig.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/secret.py -*- -*- -*- - -# pylint: disable=too-many-instance-attributes -class SecretConfig(object): -    ''' Handle secret options ''' -    # pylint: disable=too-many-arguments -    def __init__(self, -                 sname, -                 namespace, -                 kubeconfig, -                 secrets=None): -        ''' constructor for handling secret options ''' -        self.kubeconfig = kubeconfig -        self.name = sname -        self.namespace = namespace -        self.secrets = secrets -        self.data = {} - -        self.create_dict() - -    def create_dict(self): -        ''' assign the correct properties for a secret dict ''' -        self.data['apiVersion'] = 'v1' -        self.data['kind'] = 'Secret' -        self.data['metadata'] = {} -        self.data['metadata']['name'] = self.name -        self.data['metadata']['namespace'] = self.namespace -        self.data['data'] = {} -        if self.secrets: -            for key, value in self.secrets.items(): -                self.data['data'][key] = value - -# pylint: disable=too-many-instance-attributes -class Secret(Yedit): -    ''' Class to wrap the oc command line tools ''' -    secret_path = "data" -    kind = 'secret' - -    def __init__(self, content): -        '''secret constructor''' -        super(Secret, self).__init__(content=content) -        self._secrets = None - -    @property -    def secrets(self): -        '''secret property getter''' -        if self._secrets is None: -            self._secrets = self.get_secrets() -        return self._secrets - -    @secrets.setter -    def secrets(self): -        '''secret property setter''' -        if self._secrets is None: -            self._secrets = self.get_secrets() -        return self._secrets - -    def get_secrets(self): -        ''' returns all of the defined secrets ''' -        return self.get(Secret.secret_path) or {} - -    def add_secret(self, key, value): -        ''' add a secret ''' -        if self.secrets: -            self.secrets[key] = value -        else: -            self.put(Secret.secret_path, {key: value}) - -        return True - -    def delete_secret(self, key): -        ''' delete secret''' -        try: -            del self.secrets[key] -        except KeyError as _: -            return False - -        return True - -    def find_secret(self, key): -        ''' find secret''' -        rval = None -        try: -            rval = self.secrets[key] -        except KeyError as _: -            return None - -        return {'key': key, 'value': rval} - -    def update_secret(self, key, value): -        ''' update a secret''' -        if key in self.secrets: -            self.secrets[key] = value -        else: -            self.add_secret(key, value) - -        return True - -# -*- -*- -*- End included fragment: lib/secret.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/service.py -*- -*- -*- - - -# pylint: disable=too-many-instance-attributes -class ServiceConfig(object): -    ''' Handle service options ''' -    # pylint: disable=too-many-arguments -    def __init__(self, -                 sname, -                 namespace, -                 ports, -                 selector=None, -                 labels=None, -                 cluster_ip=None, -                 portal_ip=None, -                 session_affinity=None, -                 service_type=None): -        ''' constructor for handling service options ''' -        self.name = sname -        self.namespace = namespace -        self.ports = ports -        self.selector = selector -        self.labels = labels -        self.cluster_ip = cluster_ip -        self.portal_ip = portal_ip -        self.session_affinity = session_affinity -        self.service_type = service_type -        self.data = {} - -        self.create_dict() - -    def create_dict(self): -        ''' instantiates a service dict ''' -        self.data['apiVersion'] = 'v1' -        self.data['kind'] = 'Service' -        self.data['metadata'] = {} -        self.data['metadata']['name'] = self.name -        self.data['metadata']['namespace'] = self.namespace -        if self.labels: -            for lab, lab_value  in self.labels.items(): -                self.data['metadata'][lab] = lab_value -        self.data['spec'] = {} - -        if self.ports: -            self.data['spec']['ports'] = self.ports -        else: -            self.data['spec']['ports'] = [] - -        if self.selector: -            self.data['spec']['selector'] = self.selector - -        self.data['spec']['sessionAffinity'] = self.session_affinity or 'None' - -        if self.cluster_ip: -            self.data['spec']['clusterIP'] = self.cluster_ip - -        if self.portal_ip: -            self.data['spec']['portalIP'] = self.portal_ip - -        if self.service_type: -            self.data['spec']['type'] = self.service_type - -# pylint: disable=too-many-instance-attributes,too-many-public-methods -class Service(Yedit): -    ''' Class to model the oc service object ''' -    port_path = "spec.ports" -    portal_ip = "spec.portalIP" -    cluster_ip = "spec.clusterIP" -    kind = 'Service' - -    def __init__(self, content): -        '''Service constructor''' -        super(Service, self).__init__(content=content) - -    def get_ports(self): -        ''' get a list of ports ''' -        return self.get(Service.port_path) or [] - -    def add_ports(self, inc_ports): -        ''' add a port object to the ports list ''' -        if not isinstance(inc_ports, list): -            inc_ports = [inc_ports] - -        ports = self.get_ports() -        if not ports: -            self.put(Service.port_path, inc_ports) -        else: -            ports.extend(inc_ports) - -        return True - -    def find_ports(self, inc_port): -        ''' find a specific port ''' -        for port in self.get_ports(): -            if port['port'] == inc_port['port']: -                return port - -        return None - -    def delete_ports(self, inc_ports): -        ''' remove a port from a service ''' -        if not isinstance(inc_ports, list): -            inc_ports = [inc_ports] - -        ports = self.get(Service.port_path) or [] - -        if not ports: -            return True - -        removed = False -        for inc_port in inc_ports: -            port = self.find_ports(inc_port) -            if port: -                ports.remove(port) -                removed = True - -        return removed - -    def add_cluster_ip(self, sip): -        '''add cluster ip''' -        self.put(Service.cluster_ip, sip) - -    def add_portal_ip(self, pip): -        '''add cluster ip''' -        self.put(Service.portal_ip, pip) - -# -*- -*- -*- End included fragment: lib/service.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/volume.py -*- -*- -*- - -class Volume(object): -    ''' Class to model an openshift volume object''' -    volume_mounts_path = {"pod": "spec.containers[0].volumeMounts", -                          "dc":  "spec.template.spec.containers[0].volumeMounts", -                          "rc":  "spec.template.spec.containers[0].volumeMounts", -                         } -    volumes_path = {"pod": "spec.volumes", -                    "dc":  "spec.template.spec.volumes", -                    "rc":  "spec.template.spec.volumes", -                   } - -    @staticmethod -    def create_volume_structure(volume_info): -        ''' return a properly structured volume ''' -        volume_mount = None -        volume = {'name': volume_info['name']} -        if volume_info['type'] == 'secret': -            volume['secret'] = {} -            volume[volume_info['type']] = {'secretName': volume_info['secret_name']} -            volume_mount = {'mountPath': volume_info['path'], -                            'name': volume_info['name']} -        elif volume_info['type'] == 'emptydir': -            volume['emptyDir'] = {} -            volume_mount = {'mountPath': volume_info['path'], -                            'name': volume_info['name']} -        elif volume_info['type'] == 'pvc': -            volume['persistentVolumeClaim'] = {} -            volume['persistentVolumeClaim']['claimName'] = volume_info['claimName'] -            volume['persistentVolumeClaim']['claimSize'] = volume_info['claimSize'] -        elif volume_info['type'] == 'hostpath': -            volume['hostPath'] = {} -            volume['hostPath']['path'] = volume_info['path'] - -        return (volume, volume_mount) - -# -*- -*- -*- End included fragment: lib/volume.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: class/oc_version.py -*- -*- -*- - - -# pylint: disable=too-many-instance-attributes -class OCVersion(OpenShiftCLI): -    ''' Class to wrap the oc command line tools ''' -    # pylint allows 5 -    # pylint: disable=too-many-arguments -    def __init__(self, -                 config, -                 debug): -        ''' Constructor for OCVersion ''' -        super(OCVersion, self).__init__(None, config) -        self.debug = debug - -    def get(self): -        '''get and return version information ''' - -        results = {} - -        version_results = self._version() - -        if version_results['returncode'] == 0: -            filtered_vers = Utils.filter_versions(version_results['results']) -            custom_vers = Utils.add_custom_versions(filtered_vers) - -            results['returncode'] = version_results['returncode'] -            results.update(filtered_vers) -            results.update(custom_vers) - -            return results - -        raise OpenShiftCLIError('Problem detecting openshift version.') - -    @staticmethod -    def run_ansible(params): -        '''run the idempotent ansible code''' -        oc_version = OCVersion(params['kubeconfig'], params['debug']) - -        if params['state'] == 'list': - -            #pylint: disable=protected-access -            result = oc_version.get() -            return {'state': params['state'], -                    'results': result, -                    'changed': False} - -# -*- -*- -*- End included fragment: class/oc_version.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: class/oc_adm_registry.py -*- -*- -*- - -class RegistryException(Exception): -    ''' Registry Exception Class ''' -    pass - - -class RegistryConfig(OpenShiftCLIConfig): -    ''' RegistryConfig is a DTO for the registry.  ''' -    def __init__(self, rname, namespace, kubeconfig, registry_options): -        super(RegistryConfig, self).__init__(rname, namespace, kubeconfig, registry_options) - - -class Registry(OpenShiftCLI): -    ''' Class to wrap the oc command line tools ''' - -    volume_mount_path = 'spec.template.spec.containers[0].volumeMounts' -    volume_path = 'spec.template.spec.volumes' -    env_path = 'spec.template.spec.containers[0].env' - -    def __init__(self, -                 registry_config, -                 verbose=False): -        ''' Constructor for Registry - -           a registry consists of 3 or more parts -           - dc/docker-registry -           - svc/docker-registry - -           Parameters: -           :registry_config: -           :verbose: -        ''' -        super(Registry, self).__init__(registry_config.namespace, registry_config.kubeconfig, verbose) -        self.version = OCVersion(registry_config.kubeconfig, verbose) -        self.svc_ip = None -        self.portal_ip = None -        self.config = registry_config -        self.verbose = verbose -        self.registry_parts = [{'kind': 'dc', 'name': self.config.name}, -                               {'kind': 'svc', 'name': self.config.name}, -                              ] - -        self.__prepared_registry = None -        self.volume_mounts = [] -        self.volumes = [] -        if self.config.config_options['volume_mounts']['value']: -            for volume in self.config.config_options['volume_mounts']['value']: -                volume_info = {'secret_name': volume.get('secret_name', None), -                               'name':        volume.get('name', None), -                               'type':        volume.get('type', None), -                               'path':        volume.get('path', None), -                               'claimName':   volume.get('claim_name', None), -                               'claimSize':   volume.get('claim_size', None), -                              } - -                vol, vol_mount = Volume.create_volume_structure(volume_info) -                self.volumes.append(vol) -                self.volume_mounts.append(vol_mount) - -        self.dconfig = None -        self.svc = None - -    @property -    def deploymentconfig(self): -        ''' deploymentconfig property ''' -        return self.dconfig - -    @deploymentconfig.setter -    def deploymentconfig(self, config): -        ''' setter for deploymentconfig property ''' -        self.dconfig = config - -    @property -    def service(self): -        ''' service property ''' -        return self.svc - -    @service.setter -    def service(self, config): -        ''' setter for service property ''' -        self.svc = config - -    @property -    def prepared_registry(self): -        ''' prepared_registry property ''' -        if not self.__prepared_registry: -            results = self.prepare_registry() -            if not results: -                raise RegistryException('Could not perform registry preparation.') -            self.__prepared_registry = results - -        return self.__prepared_registry - -    @prepared_registry.setter -    def prepared_registry(self, data): -        ''' setter method for prepared_registry attribute ''' -        self.__prepared_registry = data - -    def get(self): -        ''' return the self.registry_parts ''' -        self.deploymentconfig = None -        self.service = None - -        rval = 0 -        for part in self.registry_parts: -            result = self._get(part['kind'], rname=part['name']) -            if result['returncode'] == 0 and part['kind'] == 'dc': -                self.deploymentconfig = DeploymentConfig(result['results'][0]) -            elif result['returncode'] == 0 and part['kind'] == 'svc': -                self.service = Yedit(content=result['results'][0]) - -            if result['returncode'] != 0: -                rval = result['returncode'] - - -        return {'returncode': rval, 'deploymentconfig': self.deploymentconfig, 'service': self.service} - -    def exists(self): -        '''does the object exist?''' -        self.get() -        if self.deploymentconfig or self.service: -            return True - -        return False - -    def delete(self, complete=True): -        '''return all pods ''' -        parts = [] -        for part in self.registry_parts: -            if not complete and part['kind'] == 'svc': -                continue -            parts.append(self._delete(part['kind'], part['name'])) - -        # Clean up returned results -        rval = 0 -        for part in parts: -            # pylint: disable=invalid-sequence-index -            if 'returncode' in part and part['returncode'] != 0: -                rval = part['returncode'] - -        return {'returncode': rval, 'results': parts} - -    def prepare_registry(self): -        ''' prepare a registry for instantiation ''' -        options = self.config.to_option_list() - -        cmd = ['registry', '-n', self.config.namespace] -        cmd.extend(options) -        cmd.extend(['--dry-run=True', '-o', 'json']) - -        results = self.openshift_cmd(cmd, oadm=True, output=True, output_type='json') -        # probably need to parse this -        # pylint thinks results is a string -        # pylint: disable=no-member -        if results['returncode'] != 0 and 'items' in results['results']: -            return results - -        service = None -        deploymentconfig = None -        # pylint: disable=invalid-sequence-index -        for res in results['results']['items']: -            if res['kind'] == 'DeploymentConfig': -                deploymentconfig = DeploymentConfig(res) -            elif res['kind'] == 'Service': -                service = Service(res) - -        # Verify we got a service and a deploymentconfig -        if not service or not deploymentconfig: -            return results - -        # results will need to get parsed here and modifications added -        deploymentconfig = DeploymentConfig(self.add_modifications(deploymentconfig)) - -        # modify service ip -        if self.svc_ip: -            service.put('spec.clusterIP', self.svc_ip) -        if self.portal_ip: -            service.put('spec.portalIP', self.portal_ip) - -        # need to create the service and the deploymentconfig -        service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict) -        deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict) - -        return {"service": service, -                "service_file": service_file, -                "service_update": False, -                "deployment": deploymentconfig, -                "deployment_file": deployment_file, -                "deployment_update": False} - -    def create(self): -        '''Create a registry''' -        results = [] -        for config_file in ['deployment_file', 'service_file']: -            results.append(self._create(self.prepared_registry[config_file])) - -        # Clean up returned results -        rval = 0 -        for result in results: -            # pylint: disable=invalid-sequence-index -            if 'returncode' in result and result['returncode'] != 0: -                rval = result['returncode'] - -        return {'returncode': rval, 'results': results} - -    def update(self): -        '''run update for the registry.  This performs a delete and then create ''' -        # Store the current service IP -        if self.service: -            svcip = self.service.get('spec.clusterIP') -            if svcip: -                self.svc_ip = svcip -            portip = self.service.get('spec.portalIP') -            if portip: -                self.portal_ip = portip - -        results = [] -        if self.prepared_registry['deployment_update']: -            results.append(self._replace(self.prepared_registry['deployment_file'])) -        if self.prepared_registry['service_update']: -            results.append(self._replace(self.prepared_registry['service_file'])) - -        # Clean up returned results -        rval = 0 -        for result in results: -            if result['returncode'] != 0: -                rval = result['returncode'] - -        return {'returncode': rval, 'results': results} - -    def add_modifications(self, deploymentconfig): -        ''' update a deployment config with changes ''' -        # The environment variable for REGISTRY_HTTP_SECRET is autogenerated -        # We should set the generated deploymentconfig to the in memory version -        # the following modifications will overwrite if needed -        result = self.deploymentconfig.get_env_var('REGISTRY_HTTP_SECRET') -        if result: -            deploymentconfig.update_env_var('REGISTRY_HTTP_SECRET', result['value']) - -        # Currently we know that our deployment of a registry requires a few extra modifications -        # Modification 1 -        # we need specific environment variables to be set -        for key, value in self.config.config_options['env_vars'].get('value', {}).items(): -            if not deploymentconfig.exists_env_key(key): -                deploymentconfig.add_env_value(key, value) -            else: -                deploymentconfig.update_env_var(key, value) - -        # Modification 2 -        # we need specific volume variables to be set -        for volume in self.volumes: -            deploymentconfig.update_volume(volume) - -        for vol_mount in self.volume_mounts: -            deploymentconfig.update_volume_mount(vol_mount) - -        # Modification 3 -        # Edits -        edit_results = [] -        for edit in self.config.config_options['edits'].get('value', []): -            if edit['action'] == 'put': -                edit_results.append(deploymentconfig.put(edit['key'], -                                                         edit['value'])) -            if edit['action'] == 'update': -                edit_results.append(deploymentconfig.update(edit['key'], -                                                            edit['value'], -                                                            edit.get('index', None), -                                                            edit.get('curr_value', None))) -            if edit['action'] == 'append': -                edit_results.append(deploymentconfig.append(edit['key'], -                                                            edit['value'])) - -        if edit_results and not any([res[0] for res in edit_results]): -            return None - -        return deploymentconfig.yaml_dict - -    def needs_update(self): -        ''' check to see if we need to update ''' -        if not self.service or not self.deploymentconfig: -            return True - -        exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol'] -        if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict, -                                     self.service.yaml_dict, -                                     exclude_list, -                                     debug=self.verbose): -            self.prepared_registry['service_update'] = True - -        exclude_list = ['dnsPolicy', -                        'terminationGracePeriodSeconds', -                        'restartPolicy', 'timeoutSeconds', -                        'livenessProbe', 'readinessProbe', -                        'terminationMessagePath', -                        'securityContext', -                        'imagePullPolicy', -                        'protocol', # ports.portocol: TCP -                        'type', # strategy: {'type': 'rolling'} -                        'defaultMode', # added on secrets -                        'activeDeadlineSeconds', # added in 1.5 for timeouts -                       ] - -        if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict, -                                     self.deploymentconfig.yaml_dict, -                                     exclude_list, -                                     debug=self.verbose): -            self.prepared_registry['deployment_update'] = True - -        return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False - -    # In the future, we would like to break out each ansible state into a function. -    # pylint: disable=too-many-branches,too-many-return-statements -    @staticmethod -    def run_ansible(params, check_mode): -        '''run idempotent ansible code''' - -        rconfig = RegistryConfig(params['name'], -                                 params['namespace'], -                                 params['kubeconfig'], -                                 {'images': {'value': params['images'], 'include': True}, -                                  'latest_images': {'value': params['latest_images'], 'include': True}, -                                  'labels': {'value': params['labels'], 'include': True}, -                                  'ports': {'value': ','.join(params['ports']), 'include': True}, -                                  'replicas': {'value': params['replicas'], 'include': True}, -                                  'selector': {'value': params['selector'], 'include': True}, -                                  'service_account': {'value': params['service_account'], 'include': True}, -                                  'mount_host': {'value': params['mount_host'], 'include': True}, -                                  'env_vars': {'value': params['env_vars'], 'include': False}, -                                  'volume_mounts': {'value': params['volume_mounts'], 'include': False}, -                                  'edits': {'value': params['edits'], 'include': False}, -                                  'enforce_quota': {'value': params['enforce_quota'], 'include': True}, -                                  'daemonset': {'value': params['daemonset'], 'include': True}, -                                  'tls_key': {'value': params['tls_key'], 'include': True}, -                                  'tls_certificate': {'value': params['tls_certificate'], 'include': True}, -                                 }) - - -        ocregistry = Registry(rconfig, params['debug']) - -        api_rval = ocregistry.get() - -        state = params['state'] -        ######## -        # get -        ######## -        if state == 'list': - -            if api_rval['returncode'] != 0: -                return {'failed': True, 'msg': api_rval} - -            return {'changed': False, 'results': api_rval, 'state': state} - -        ######## -        # Delete -        ######## -        if state == 'absent': -            if not ocregistry.exists(): -                return {'changed': False, 'state': state} - -            if check_mode: -                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} - -            # Unsure as to why this is angry with the return type. -            # pylint: disable=redefined-variable-type -            api_rval = ocregistry.delete() - -            if api_rval['returncode'] != 0: -                return {'failed': True, 'msg': api_rval} - -            return {'changed': True, 'results': api_rval, 'state': state} - -        if state == 'present': -            ######## -            # Create -            ######## -            if not ocregistry.exists(): - -                if check_mode: -                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} - -                api_rval = ocregistry.create() - -                if api_rval['returncode'] != 0: -                    return {'failed': True, 'msg': api_rval} - -                return {'changed': True, 'results': api_rval, 'state': state} - -            ######## -            # Update -            ######## -            if not params['force'] and not ocregistry.needs_update(): -                return {'changed': False, 'state': state} - -            if check_mode: -                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'} - -            api_rval = ocregistry.update() - -            if api_rval['returncode'] != 0: -                return {'failed': True, 'msg': api_rval} - -            return {'changed': True, 'results': api_rval, 'state': state} - -        return {'failed': True, 'msg': 'Unknown state passed. %s' % state} - -# -*- -*- -*- End included fragment: class/oc_adm_registry.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: ansible/oc_adm_registry.py -*- -*- -*- - -def main(): -    ''' -    ansible oc module for registry -    ''' - -    module = AnsibleModule( -        argument_spec=dict( -            state=dict(default='present', type='str', -                       choices=['present', 'absent']), -            debug=dict(default=False, type='bool'), -            namespace=dict(default='default', type='str'), -            name=dict(default=None, required=True, type='str'), - -            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), -            images=dict(default=None, type='str'), -            latest_images=dict(default=False, type='bool'), -            labels=dict(default=None, type='list'), -            ports=dict(default=['5000'], type='list'), -            replicas=dict(default=1, type='int'), -            selector=dict(default=None, type='str'), -            service_account=dict(default='registry', type='str'), -            mount_host=dict(default=None, type='str'), -            volume_mounts=dict(default=None, type='list'), -            env_vars=dict(default={}, type='dict'), -            edits=dict(default=[], type='list'), -            enforce_quota=dict(default=False, type='bool'), -            force=dict(default=False, type='bool'), -            daemonset=dict(default=False, type='bool'), -            tls_key=dict(default=None, type='str'), -            tls_certificate=dict(default=None, type='str'), -        ), - -        supports_check_mode=True, -    ) - -    results = Registry.run_ansible(module.params, module.check_mode) -    if 'failed' in results: -        module.fail_json(**results) - -    module.exit_json(**results) - - -if __name__ == '__main__': -    main() - -# -*- -*- -*- End included fragment: ansible/oc_adm_registry.py -*- -*- -*- diff --git a/roles/lib_openshift/library/oc_adm_registry.py.good b/roles/lib_openshift/library/oc_adm_registry.py.good deleted file mode 100644 index 6fc85073f..000000000 --- a/roles/lib_openshift/library/oc_adm_registry.py.good +++ /dev/null @@ -1,2601 +0,0 @@ -#!/usr/bin/env python -# pylint: disable=missing-docstring -# flake8: noqa: T001 -#     ___ ___ _  _ ___ ___    _ _____ ___ ___ -#    / __| __| \| | __| _ \  /_\_   _| __|   \ -#   | (_ | _|| .` | _||   / / _ \| | | _|| |) | -#    \___|___|_|\_|___|_|_\/_/_\_\_|_|___|___/_ _____ -#   |   \ / _ \  | \| |/ _ \_   _| | __|   \_ _|_   _| -#   | |) | (_) | | .` | (_) || |   | _|| |) | |  | | -#   |___/ \___/  |_|\_|\___/ |_|   |___|___/___| |_| -# -# Copyright 2016 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -#    http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -*- -*- -*- Begin included fragment: lib/import.py -*- -*- -*- -''' -   OpenShiftCLI class that wraps the oc commands in a subprocess -''' -# pylint: disable=too-many-lines - -from __future__ import print_function -#import atexit -import copy -import json -import os -import re -import shutil -import subprocess -import tempfile -# pylint: disable=import-error -try: -    import ruamel.yaml as yaml -except ImportError: -    import yaml - -from ansible.module_utils.basic import AnsibleModule - -# -*- -*- -*- End included fragment: lib/import.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: doc/registry -*- -*- -*- - -DOCUMENTATION = ''' ---- -module: oc_adm_registry -short_description: Module to manage openshift registry -description: -  - Manage openshift registry programmatically. -options: -  state: -    description: -    - The desired action when managing openshift registry -    - present - update or create the registry -    - absent - tear down the registry service and deploymentconfig -    - list - returns the current representiation of a registry -    required: false -    default: False -    aliases: [] -  kubeconfig: -    description: -    - The path for the kubeconfig file to use for authentication -    required: false -    default: /etc/origin/master/admin.kubeconfig -    aliases: [] -  debug: -    description: -    - Turn on debug output. -    required: false -    default: False -    aliases: [] -  name: -    description: -    - The name of the registry -    required: false -    default: None -    aliases: [] -  namespace: -    description: -    - The selector when filtering on node labels -    required: false -    default: None -    aliases: [] -  images: -    description: -    - The image to base this registry on - ${component} will be replaced with --type -    required: 'openshift3/ose-${component}:${version}' -    default: None -    aliases: [] -  latest_images: -    description: -    - If true, attempt to use the latest image for the registry instead of the latest release. -    required: false -    default: False -    aliases: [] -  labels: -    description: -    - A set of labels to uniquely identify the registry and its components. -    required: false -    default: None -    aliases: [] -  enforce_quota: -    description: -    - If set, the registry will refuse to write blobs if they exceed quota limits -    required: False -    default: False -    aliases: [] -  mount_host: -    description: -    - If set, the registry volume will be created as a host-mount at this path. -    required: False -    default: False -    aliases: [] -  ports: -    description: -    - A comma delimited list of ports or port pairs to expose on the registry pod.  The default is set for 5000. -    required: False -    default: [5000] -    aliases: [] -  replicas: -    description: -    - The replication factor of the registry; commonly 2 when high availability is desired. -    required: False -    default: 1 -    aliases: [] -  selector: -    description: -    - Selector used to filter nodes on deployment. Used to run registries on a specific set of nodes. -    required: False -    default: None -    aliases: [] -  service_account: -    description: -    - Name of the service account to use to run the registry pod. -    required: False -    default: 'registry' -    aliases: [] -  tls_certificate: -    description: -    - An optional path to a PEM encoded certificate (which may contain the private key) for serving over TLS -    required: false -    default: None -    aliases: [] -  tls_key: -    description: -    - An optional path to a PEM encoded private key for serving over TLS -    required: false -    default: None -    aliases: [] -  volume_mounts: -    description: -    - The volume mounts for the registry. -    required: false -    default: None -    aliases: [] -  daemonset: -    description: -    - Use a daemonset instead of a deployment config. -    required: false -    default: False -    aliases: [] -  edits: -    description: -    - A list of modifications to make on the deploymentconfig -    required: false -    default: None -    aliases: [] -  env_vars: -    description: -    - A dictionary of modifications to make on the deploymentconfig. e.g. FOO: BAR -    required: false -    default: None -    aliases: [] -  force: -    description: -    - Force a registry update. -    required: false -    default: False -    aliases: [] -author: -- "Kenny Woodson <kwoodson@redhat.com>" -extends_documentation_fragment: [] -''' - -EXAMPLES = ''' -- name: create a secure registry -  oc_adm_registry: -    name: docker-registry -    service_account: registry -    replicas: 2 -    namespace: default -    selector: type=infra -    images: "registry.ops.openshift.com/openshift3/ose-${component}:${version}" -    env_vars: -      REGISTRY_CONFIGURATION_PATH: /etc/registryconfig/config.yml -      REGISTRY_HTTP_TLS_CERTIFICATE: /etc/secrets/registry.crt -      REGISTRY_HTTP_TLS_KEY: /etc/secrets/registry.key -      REGISTRY_HTTP_SECRET: supersecret -    volume_mounts: -    - path: /etc/secrets -      name: dockercerts -      type: secret -      secret_name: registry-secret -    - path: /etc/registryconfig -      name: dockersecrets -      type: secret -      secret_name: docker-registry-config -    edits: -    - key: spec.template.spec.containers[0].livenessProbe.httpGet.scheme -      value: HTTPS -      action: put -    - key: spec.template.spec.containers[0].readinessProbe.httpGet.scheme -      value: HTTPS -      action: put -    - key: spec.strategy.rollingParams -      value: -        intervalSeconds: 1 -        maxSurge: 50% -        maxUnavailable: 50% -        timeoutSeconds: 600 -        updatePeriodSeconds: 1 -      action: put -    - key: spec.template.spec.containers[0].resources.limits.memory -      value: 2G -      action: update -    - key: spec.template.spec.containers[0].resources.requests.memory -      value: 1G -      action: update - -  register: registryout - -''' - -# -*- -*- -*- End included fragment: doc/registry -*- -*- -*- - -# -*- -*- -*- Begin included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- -# pylint: disable=undefined-variable,missing-docstring -# noqa: E301,E302 - - -class YeditException(Exception): -    ''' Exception class for Yedit ''' -    pass - - -# pylint: disable=too-many-public-methods -class Yedit(object): -    ''' Class to modify yaml files ''' -    re_valid_key = r"(((\[-?\d+\])|([0-9a-zA-Z%s/_-]+)).?)+$" -    re_key = r"(?:\[(-?\d+)\])|([0-9a-zA-Z%s/_-]+)" -    com_sep = set(['.', '#', '|', ':']) - -    # pylint: disable=too-many-arguments -    def __init__(self, -                 filename=None, -                 content=None, -                 content_type='yaml', -                 separator='.', -                 backup=False): -        self.content = content -        self._separator = separator -        self.filename = filename -        self.__yaml_dict = content -        self.content_type = content_type -        self.backup = backup -        self.load(content_type=self.content_type) -        if self.__yaml_dict is None: -            self.__yaml_dict = {} - -    @property -    def separator(self): -        ''' getter method for yaml_dict ''' -        return self._separator - -    @separator.setter -    def separator(self): -        ''' getter method for yaml_dict ''' -        return self._separator - -    @property -    def yaml_dict(self): -        ''' getter method for yaml_dict ''' -        return self.__yaml_dict - -    @yaml_dict.setter -    def yaml_dict(self, value): -        ''' setter method for yaml_dict ''' -        self.__yaml_dict = value - -    @staticmethod -    def parse_key(key, sep='.'): -        '''parse the key allowing the appropriate separator''' -        common_separators = list(Yedit.com_sep - set([sep])) -        return re.findall(Yedit.re_key % ''.join(common_separators), key) - -    @staticmethod -    def valid_key(key, sep='.'): -        '''validate the incoming key''' -        common_separators = list(Yedit.com_sep - set([sep])) -        if not re.match(Yedit.re_valid_key % ''.join(common_separators), key): -            return False - -        return True - -    @staticmethod -    def remove_entry(data, key, sep='.'): -        ''' remove data at location key ''' -        if key == '' and isinstance(data, dict): -            data.clear() -            return True -        elif key == '' and isinstance(data, list): -            del data[:] -            return True - -        if not (key and Yedit.valid_key(key, sep)) and \ -           isinstance(data, (list, dict)): -            return None - -        key_indexes = Yedit.parse_key(key, sep) -        for arr_ind, dict_key in key_indexes[:-1]: -            if dict_key and isinstance(data, dict): -                data = data.get(dict_key, None) -            elif (arr_ind and isinstance(data, list) and -                  int(arr_ind) <= len(data) - 1): -                data = data[int(arr_ind)] -            else: -                return None - -        # process last index for remove -        # expected list entry -        if key_indexes[-1][0]: -            if isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1:  # noqa: E501 -                del data[int(key_indexes[-1][0])] -                return True - -        # expected dict entry -        elif key_indexes[-1][1]: -            if isinstance(data, dict): -                del data[key_indexes[-1][1]] -                return True - -    @staticmethod -    def add_entry(data, key, item=None, sep='.'): -        ''' Get an item from a dictionary with key notation a.b.c -            d = {'a': {'b': 'c'}}} -            key = a#b -            return c -        ''' -        if key == '': -            pass -        elif (not (key and Yedit.valid_key(key, sep)) and -              isinstance(data, (list, dict))): -            return None - -        key_indexes = Yedit.parse_key(key, sep) -        for arr_ind, dict_key in key_indexes[:-1]: -            if dict_key: -                if isinstance(data, dict) and dict_key in data and data[dict_key]:  # noqa: E501 -                    data = data[dict_key] -                    continue - -                elif data and not isinstance(data, dict): -                    return None - -                data[dict_key] = {} -                data = data[dict_key] - -            elif (arr_ind and isinstance(data, list) and -                  int(arr_ind) <= len(data) - 1): -                data = data[int(arr_ind)] -            else: -                return None - -        if key == '': -            data = item - -        # process last index for add -        # expected list entry -        elif key_indexes[-1][0] and isinstance(data, list) and int(key_indexes[-1][0]) <= len(data) - 1:  # noqa: E501 -            data[int(key_indexes[-1][0])] = item - -        # expected dict entry -        elif key_indexes[-1][1] and isinstance(data, dict): -            data[key_indexes[-1][1]] = item - -        return data - -    @staticmethod -    def get_entry(data, key, sep='.'): -        ''' Get an item from a dictionary with key notation a.b.c -            d = {'a': {'b': 'c'}}} -            key = a.b -            return c -        ''' -        if key == '': -            pass -        elif (not (key and Yedit.valid_key(key, sep)) and -              isinstance(data, (list, dict))): -            return None - -        key_indexes = Yedit.parse_key(key, sep) -        for arr_ind, dict_key in key_indexes: -            if dict_key and isinstance(data, dict): -                data = data.get(dict_key, None) -            elif (arr_ind and isinstance(data, list) and -                  int(arr_ind) <= len(data) - 1): -                data = data[int(arr_ind)] -            else: -                return None - -        return data - -    @staticmethod -    def _write(filename, contents): -        ''' Actually write the file contents to disk. This helps with mocking. ''' - -        tmp_filename = filename + '.yedit' - -        with open(tmp_filename, 'w') as yfd: -            yfd.write(contents) - -        os.rename(tmp_filename, filename) - -    def write(self): -        ''' write to file ''' -        if not self.filename: -            raise YeditException('Please specify a filename.') - -        if self.backup and self.file_exists(): -            shutil.copy(self.filename, self.filename + '.orig') - -        # Try to set format attributes if supported -        try: -            self.yaml_dict.fa.set_block_style() -        except AttributeError: -            pass - -        # Try to use RoundTripDumper if supported. -        try: -            Yedit._write(self.filename, yaml.dump(self.yaml_dict, Dumper=yaml.RoundTripDumper)) -        except AttributeError: -            Yedit._write(self.filename, yaml.safe_dump(self.yaml_dict, default_flow_style=False)) - -        return (True, self.yaml_dict) - -    def read(self): -        ''' read from file ''' -        # check if it exists -        if self.filename is None or not self.file_exists(): -            return None - -        contents = None -        with open(self.filename) as yfd: -            contents = yfd.read() - -        return contents - -    def file_exists(self): -        ''' return whether file exists ''' -        if os.path.exists(self.filename): -            return True - -        return False - -    def load(self, content_type='yaml'): -        ''' return yaml file ''' -        contents = self.read() - -        if not contents and not self.content: -            return None - -        if self.content: -            if isinstance(self.content, dict): -                self.yaml_dict = self.content -                return self.yaml_dict -            elif isinstance(self.content, str): -                contents = self.content - -        # check if it is yaml -        try: -            if content_type == 'yaml' and contents: -                # Try to set format attributes if supported -                try: -                    self.yaml_dict.fa.set_block_style() -                except AttributeError: -                    pass - -                # Try to use RoundTripLoader if supported. -                try: -                    self.yaml_dict = yaml.safe_load(contents, yaml.RoundTripLoader) -                except AttributeError: -                    self.yaml_dict = yaml.safe_load(contents) - -                # Try to set format attributes if supported -                try: -                    self.yaml_dict.fa.set_block_style() -                except AttributeError: -                    pass - -            elif content_type == 'json' and contents: -                self.yaml_dict = json.loads(contents) -        except yaml.YAMLError as err: -            # Error loading yaml or json -            raise YeditException('Problem with loading yaml file. %s' % err) - -        return self.yaml_dict - -    def get(self, key): -        ''' get a specified key''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, key, self.separator) -        except KeyError: -            entry = None - -        return entry - -    def pop(self, path, key_or_item): -        ''' remove a key, value pair from a dict or an item for a list''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry is None: -            return (False, self.yaml_dict) - -        if isinstance(entry, dict): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            if key_or_item in entry: -                entry.pop(key_or_item) -                return (True, self.yaml_dict) -            return (False, self.yaml_dict) - -        elif isinstance(entry, list): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            ind = None -            try: -                ind = entry.index(key_or_item) -            except ValueError: -                return (False, self.yaml_dict) - -            entry.pop(ind) -            return (True, self.yaml_dict) - -        return (False, self.yaml_dict) - -    def delete(self, path): -        ''' remove path from a dict''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry is None: -            return (False, self.yaml_dict) - -        result = Yedit.remove_entry(self.yaml_dict, path, self.separator) -        if not result: -            return (False, self.yaml_dict) - -        return (True, self.yaml_dict) - -    def exists(self, path, value): -        ''' check if value exists at path''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if isinstance(entry, list): -            if value in entry: -                return True -            return False - -        elif isinstance(entry, dict): -            if isinstance(value, dict): -                rval = False -                for key, val in value.items(): -                    if entry[key] != val: -                        rval = False -                        break -                else: -                    rval = True -                return rval - -            return value in entry - -        return entry == value - -    def append(self, path, value): -        '''append value to a list''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry is None: -            self.put(path, []) -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        if not isinstance(entry, list): -            return (False, self.yaml_dict) - -        # AUDIT:maybe-no-member makes sense due to loading data from -        # a serialized format. -        # pylint: disable=maybe-no-member -        entry.append(value) -        return (True, self.yaml_dict) - -    # pylint: disable=too-many-arguments -    def update(self, path, value, index=None, curr_value=None): -        ''' put path, value into a dict ''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if isinstance(entry, dict): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            if not isinstance(value, dict): -                raise YeditException('Cannot replace key, value entry in ' + -                                     'dict with non-dict type. value=[%s] [%s]' % (value, type(value)))  # noqa: E501 - -            entry.update(value) -            return (True, self.yaml_dict) - -        elif isinstance(entry, list): -            # AUDIT:maybe-no-member makes sense due to fuzzy types -            # pylint: disable=maybe-no-member -            ind = None -            if curr_value: -                try: -                    ind = entry.index(curr_value) -                except ValueError: -                    return (False, self.yaml_dict) - -            elif index is not None: -                ind = index - -            if ind is not None and entry[ind] != value: -                entry[ind] = value -                return (True, self.yaml_dict) - -            # see if it exists in the list -            try: -                ind = entry.index(value) -            except ValueError: -                # doesn't exist, append it -                entry.append(value) -                return (True, self.yaml_dict) - -            # already exists, return -            if ind is not None: -                return (False, self.yaml_dict) -        return (False, self.yaml_dict) - -    def put(self, path, value): -        ''' put path, value into a dict ''' -        try: -            entry = Yedit.get_entry(self.yaml_dict, path, self.separator) -        except KeyError: -            entry = None - -        if entry == value: -            return (False, self.yaml_dict) - -        # deepcopy didn't work -        # Try to use ruamel.yaml and fallback to pyyaml -        try: -            tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, -                                                      default_flow_style=False), -                                 yaml.RoundTripLoader) -        except AttributeError: -            tmp_copy = copy.deepcopy(self.yaml_dict) - -        # set the format attributes if available -        try: -            tmp_copy.fa.set_block_style() -        except AttributeError: -            pass - -        result = Yedit.add_entry(tmp_copy, path, value, self.separator) -        if not result: -            return (False, self.yaml_dict) - -        self.yaml_dict = tmp_copy - -        return (True, self.yaml_dict) - -    def create(self, path, value): -        ''' create a yaml file ''' -        if not self.file_exists(): -            # deepcopy didn't work -            # Try to use ruamel.yaml and fallback to pyyaml -            try: -                tmp_copy = yaml.load(yaml.round_trip_dump(self.yaml_dict, -                                                          default_flow_style=False), -                                     yaml.RoundTripLoader) -            except AttributeError: -                tmp_copy = copy.deepcopy(self.yaml_dict) - -            # set the format attributes if available -            try: -                tmp_copy.fa.set_block_style() -            except AttributeError: -                pass - -            result = Yedit.add_entry(tmp_copy, path, value, self.separator) -            if result: -                self.yaml_dict = tmp_copy -                return (True, self.yaml_dict) - -        return (False, self.yaml_dict) - -    @staticmethod -    def get_curr_value(invalue, val_type): -        '''return the current value''' -        if invalue is None: -            return None - -        curr_value = invalue -        if val_type == 'yaml': -            curr_value = yaml.load(invalue) -        elif val_type == 'json': -            curr_value = json.loads(invalue) - -        return curr_value - -    @staticmethod -    def parse_value(inc_value, vtype=''): -        '''determine value type passed''' -        true_bools = ['y', 'Y', 'yes', 'Yes', 'YES', 'true', 'True', 'TRUE', -                      'on', 'On', 'ON', ] -        false_bools = ['n', 'N', 'no', 'No', 'NO', 'false', 'False', 'FALSE', -                       'off', 'Off', 'OFF'] - -        # It came in as a string but you didn't specify value_type as string -        # we will convert to bool if it matches any of the above cases -        if isinstance(inc_value, str) and 'bool' in vtype: -            if inc_value not in true_bools and inc_value not in false_bools: -                raise YeditException('Not a boolean type. str=[%s] vtype=[%s]' -                                     % (inc_value, vtype)) -        elif isinstance(inc_value, bool) and 'str' in vtype: -            inc_value = str(inc_value) - -        # If vtype is not str then go ahead and attempt to yaml load it. -        if isinstance(inc_value, str) and 'str' not in vtype: -            try: -                inc_value = yaml.load(inc_value) -            except Exception: -                raise YeditException('Could not determine type of incoming ' + -                                     'value. value=[%s] vtype=[%s]' -                                     % (type(inc_value), vtype)) - -        return inc_value - -    # pylint: disable=too-many-return-statements,too-many-branches -    @staticmethod -    def run_ansible(module): -        '''perform the idempotent crud operations''' -        yamlfile = Yedit(filename=module.params['src'], -                         backup=module.params['backup'], -                         separator=module.params['separator']) - -        if module.params['src']: -            rval = yamlfile.load() - -            if yamlfile.yaml_dict is None and \ -               module.params['state'] != 'present': -                return {'failed': True, -                        'msg': 'Error opening file [%s].  Verify that the ' + -                               'file exists, that it is has correct' + -                               ' permissions, and is valid yaml.'} - -        if module.params['state'] == 'list': -            if module.params['content']: -                content = Yedit.parse_value(module.params['content'], -                                            module.params['content_type']) -                yamlfile.yaml_dict = content - -            if module.params['key']: -                rval = yamlfile.get(module.params['key']) or {} - -            return {'changed': False, 'result': rval, 'state': "list"} - -        elif module.params['state'] == 'absent': -            if module.params['content']: -                content = Yedit.parse_value(module.params['content'], -                                            module.params['content_type']) -                yamlfile.yaml_dict = content - -            if module.params['update']: -                rval = yamlfile.pop(module.params['key'], -                                    module.params['value']) -            else: -                rval = yamlfile.delete(module.params['key']) - -            if rval[0] and module.params['src']: -                yamlfile.write() - -            return {'changed': rval[0], 'result': rval[1], 'state': "absent"} - -        elif module.params['state'] == 'present': -            # check if content is different than what is in the file -            if module.params['content']: -                content = Yedit.parse_value(module.params['content'], -                                            module.params['content_type']) - -                # We had no edits to make and the contents are the same -                if yamlfile.yaml_dict == content and \ -                   module.params['value'] is None: -                    return {'changed': False, -                            'result': yamlfile.yaml_dict, -                            'state': "present"} - -                yamlfile.yaml_dict = content - -            # we were passed a value; parse it -            if module.params['value']: -                value = Yedit.parse_value(module.params['value'], -                                          module.params['value_type']) -                key = module.params['key'] -                if module.params['update']: -                    # pylint: disable=line-too-long -                    curr_value = Yedit.get_curr_value(Yedit.parse_value(module.params['curr_value']),  # noqa: E501 -                                                      module.params['curr_value_format'])  # noqa: E501 - -                    rval = yamlfile.update(key, value, module.params['index'], curr_value)  # noqa: E501 - -                elif module.params['append']: -                    rval = yamlfile.append(key, value) -                else: -                    rval = yamlfile.put(key, value) - -                if rval[0] and module.params['src']: -                    yamlfile.write() - -                return {'changed': rval[0], -                        'result': rval[1], 'state': "present"} - -            # no edits to make -            if module.params['src']: -                # pylint: disable=redefined-variable-type -                rval = yamlfile.write() -                return {'changed': rval[0], -                        'result': rval[1], -                        'state': "present"} - -        return {'failed': True, 'msg': 'Unkown state passed'} - -# -*- -*- -*- End included fragment: ../../lib_utils/src/class/yedit.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/base.py -*- -*- -*- -# pylint: disable=too-many-lines -# noqa: E301,E302,E303,T001 - - -class OpenShiftCLIError(Exception): -    '''Exception class for openshiftcli''' -    pass - - -ADDITIONAL_PATH_LOOKUPS = ['/usr/local/bin', os.path.expanduser('~/bin')] - - -def locate_oc_binary(): -    ''' Find and return oc binary file ''' -    # https://github.com/openshift/openshift-ansible/issues/3410 -    # oc can be in /usr/local/bin in some cases, but that may not -    # be in $PATH due to ansible/sudo -    paths = os.environ.get("PATH", os.defpath).split(os.pathsep) + ADDITIONAL_PATH_LOOKUPS - -    oc_binary = 'oc' - -    # Use shutil.which if it is available, otherwise fallback to a naive path search -    try: -        which_result = shutil.which(oc_binary, path=os.pathsep.join(paths)) -        if which_result is not None: -            oc_binary = which_result -    except AttributeError: -        for path in paths: -            if os.path.exists(os.path.join(path, oc_binary)): -                oc_binary = os.path.join(path, oc_binary) -                break - -    return oc_binary - - -# pylint: disable=too-few-public-methods -class OpenShiftCLI(object): -    ''' Class to wrap the command line tools ''' -    def __init__(self, -                 namespace, -                 kubeconfig='/etc/origin/master/admin.kubeconfig', -                 verbose=False, -                 all_namespaces=False): -        ''' Constructor for OpenshiftCLI ''' -        self.namespace = namespace -        self.verbose = verbose -        self.kubeconfig = Utils.create_tmpfile_copy(kubeconfig) -        self.all_namespaces = all_namespaces -        self.oc_binary = locate_oc_binary() - -    # Pylint allows only 5 arguments to be passed. -    # pylint: disable=too-many-arguments -    def _replace_content(self, resource, rname, content, force=False, sep='.'): -        ''' replace the current object with the content ''' -        res = self._get(resource, rname) -        if not res['results']: -            return res - -        fname = Utils.create_tmpfile(rname + '-') - -        yed = Yedit(fname, res['results'][0], separator=sep) -        changes = [] -        for key, value in content.items(): -            changes.append(yed.put(key, value)) - -        if any([change[0] for change in changes]): -            yed.write() - -            #atexit.register(Utils.cleanup, [fname]) - -            return self._replace(fname, force) - -        return {'returncode': 0, 'updated': False} - -    def _replace(self, fname, force=False): -        '''replace the current object with oc replace''' -        cmd = ['replace', '-f', fname] -        if force: -            cmd.append('--force') -        return self.openshift_cmd(cmd) - -    def _create_from_content(self, rname, content): -        '''create a temporary file and then call oc create on it''' -        fname = Utils.create_tmpfile(rname + '-') -        yed = Yedit(fname, content=content) -        yed.write() - -        #atexit.register(Utils.cleanup, [fname]) - -        return self._create(fname) - -    def _create(self, fname): -        '''call oc create on a filename''' -        return self.openshift_cmd(['create', '-f', fname]) - -    def _delete(self, resource, rname, selector=None): -        '''call oc delete on a resource''' -        cmd = ['delete', resource, rname] -        if selector: -            cmd.append('--selector=%s' % selector) - -        return self.openshift_cmd(cmd) - -    def _process(self, template_name, create=False, params=None, template_data=None):  # noqa: E501 -        '''process a template - -           template_name: the name of the template to process -           create: whether to send to oc create after processing -           params: the parameters for the template -           template_data: the incoming template's data; instead of a file -        ''' -        cmd = ['process'] -        if template_data: -            cmd.extend(['-f', '-']) -        else: -            cmd.append(template_name) -        if params: -            param_str = ["%s=%s" % (key, value) for key, value in params.items()] -            cmd.append('-v') -            cmd.extend(param_str) - -        results = self.openshift_cmd(cmd, output=True, input_data=template_data) - -        if results['returncode'] != 0 or not create: -            return results - -        fname = Utils.create_tmpfile(template_name + '-') -        yed = Yedit(fname, results['results']) -        yed.write() - -        #atexit.register(Utils.cleanup, [fname]) - -        return self.openshift_cmd(['create', '-f', fname]) - -    def _get(self, resource, rname=None, selector=None): -        '''return a resource by name ''' -        cmd = ['get', resource] -        if selector: -            cmd.append('--selector=%s' % selector) -        elif rname: -            cmd.append(rname) - -        cmd.extend(['-o', 'json']) - -        rval = self.openshift_cmd(cmd, output=True) - -        # Ensure results are retuned in an array -        if 'items' in rval: -            rval['results'] = rval['items'] -        elif not isinstance(rval['results'], list): -            rval['results'] = [rval['results']] - -        return rval - -    def _schedulable(self, node=None, selector=None, schedulable=True): -        ''' perform oadm manage-node scheduable ''' -        cmd = ['manage-node'] -        if node: -            cmd.extend(node) -        else: -            cmd.append('--selector=%s' % selector) - -        cmd.append('--schedulable=%s' % schedulable) - -        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw')  # noqa: E501 - -    def _list_pods(self, node=None, selector=None, pod_selector=None): -        ''' perform oadm list pods - -            node: the node in which to list pods -            selector: the label selector filter if provided -            pod_selector: the pod selector filter if provided -        ''' -        cmd = ['manage-node'] -        if node: -            cmd.extend(node) -        else: -            cmd.append('--selector=%s' % selector) - -        if pod_selector: -            cmd.append('--pod-selector=%s' % pod_selector) - -        cmd.extend(['--list-pods', '-o', 'json']) - -        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') - -    # pylint: disable=too-many-arguments -    def _evacuate(self, node=None, selector=None, pod_selector=None, dry_run=False, grace_period=None, force=False): -        ''' perform oadm manage-node evacuate ''' -        cmd = ['manage-node'] -        if node: -            cmd.extend(node) -        else: -            cmd.append('--selector=%s' % selector) - -        if dry_run: -            cmd.append('--dry-run') - -        if pod_selector: -            cmd.append('--pod-selector=%s' % pod_selector) - -        if grace_period: -            cmd.append('--grace-period=%s' % int(grace_period)) - -        if force: -            cmd.append('--force') - -        cmd.append('--evacuate') - -        return self.openshift_cmd(cmd, oadm=True, output=True, output_type='raw') - -    def _version(self): -        ''' return the openshift version''' -        return self.openshift_cmd(['version'], output=True, output_type='raw') - -    def _import_image(self, url=None, name=None, tag=None): -        ''' perform image import ''' -        cmd = ['import-image'] - -        image = '{0}'.format(name) -        if tag: -            image += ':{0}'.format(tag) - -        cmd.append(image) - -        if url: -            cmd.append('--from={0}/{1}'.format(url, image)) - -        cmd.append('-n{0}'.format(self.namespace)) - -        cmd.append('--confirm') -        return self.openshift_cmd(cmd) - -    def _run(self, cmds, input_data): -        ''' Actually executes the command. This makes mocking easier. ''' -        curr_env = os.environ.copy() -        curr_env.update({'KUBECONFIG': self.kubeconfig}) -        proc = subprocess.Popen(cmds, -                                stdin=subprocess.PIPE, -                                stdout=subprocess.PIPE, -                                stderr=subprocess.PIPE, -                                env=curr_env) - -        stdout, stderr = proc.communicate(input_data) - -        return proc.returncode, stdout.decode(), stderr.decode() - -    # pylint: disable=too-many-arguments,too-many-branches -    def openshift_cmd(self, cmd, oadm=False, output=False, output_type='json', input_data=None): -        '''Base command for oc ''' -        cmds = [self.oc_binary] - -        if oadm: -            cmds.append('adm') - -        if self.all_namespaces: -            cmds.extend(['--all-namespaces']) -        elif self.namespace is not None and self.namespace.lower() not in ['none', 'emtpy']:  # E501 -            cmds.extend(['-n', self.namespace]) - -        cmds.extend(cmd) - -        rval = {} -        results = '' -        err = None - -        if self.verbose: -            print(' '.join(cmds)) - -        try: -            returncode, stdout, stderr = self._run(cmds, input_data) -        except OSError as ex: -            returncode, stdout, stderr = 1, '', 'Failed to execute {}: {}'.format(subprocess.list2cmdline(cmds), ex) - -        rval = {"returncode": returncode, -                "results": results, -                "cmd": ' '.join(cmds)} - -        if returncode == 0: -            if output: -                if output_type == 'json': -                    try: -                        rval['results'] = json.loads(stdout) -                    except ValueError as err: -                        if "No JSON object could be decoded" in err.args: -                            err = err.args -                elif output_type == 'raw': -                    rval['results'] = stdout - -            if self.verbose: -                print("STDOUT: {0}".format(stdout)) -                print("STDERR: {0}".format(stderr)) - -            if err: -                rval.update({"err": err, -                             "stderr": stderr, -                             "stdout": stdout, -                             "cmd": cmds}) - -        else: -            rval.update({"stderr": stderr, -                         "stdout": stdout, -                         "results": {}}) - -        return rval - - -class Utils(object): -    ''' utilities for openshiftcli modules ''' - -    @staticmethod -    def _write(filename, contents): -        ''' Actually write the file contents to disk. This helps with mocking. ''' - -        with open(filename, 'w') as sfd: -            sfd.write(contents) - -    @staticmethod -    def create_tmp_file_from_contents(rname, data, ftype='yaml'): -        ''' create a file in tmp with name and contents''' - -        tmp = Utils.create_tmpfile(prefix=rname) - -        if ftype == 'yaml': -            # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage -            # pylint: disable=no-member -            if hasattr(yaml, 'RoundTripDumper'): -                Utils._write(tmp, yaml.dump(data, Dumper=yaml.RoundTripDumper)) -            else: -                Utils._write(tmp, yaml.safe_dump(data, default_flow_style=False)) - -        elif ftype == 'json': -            Utils._write(tmp, json.dumps(data)) -        else: -            Utils._write(tmp, data) - -        # Register cleanup when module is done -        #atexit.register(Utils.cleanup, [tmp]) -        return tmp - -    @staticmethod -    def create_tmpfile_copy(inc_file): -        '''create a temporary copy of a file''' -        tmpfile = Utils.create_tmpfile('lib_openshift-') -        Utils._write(tmpfile, open(inc_file).read()) - -        # Cleanup the tmpfile -        #atexit.register(Utils.cleanup, [tmpfile]) - -        return tmpfile - -    @staticmethod -    def create_tmpfile(prefix='tmp'): -        ''' Generates and returns a temporary file name ''' - -        with tempfile.NamedTemporaryFile(prefix=prefix, delete=False) as tmp: -            return tmp.name - -    @staticmethod -    def create_tmp_files_from_contents(content, content_type=None): -        '''Turn an array of dict: filename, content into a files array''' -        if not isinstance(content, list): -            content = [content] -        files = [] -        for item in content: -            path = Utils.create_tmp_file_from_contents(item['path'] + '-', -                                                       item['data'], -                                                       ftype=content_type) -            files.append({'name': os.path.basename(item['path']), -                          'path': path}) -        return files - -    @staticmethod -    def cleanup(files): -        '''Clean up on exit ''' -        for sfile in files: -            if os.path.exists(sfile): -                if os.path.isdir(sfile): -                    shutil.rmtree(sfile) -                elif os.path.isfile(sfile): -                    os.remove(sfile) - -    @staticmethod -    def exists(results, _name): -        ''' Check to see if the results include the name ''' -        if not results: -            return False - -        if Utils.find_result(results, _name): -            return True - -        return False - -    @staticmethod -    def find_result(results, _name): -        ''' Find the specified result by name''' -        rval = None -        for result in results: -            if 'metadata' in result and result['metadata']['name'] == _name: -                rval = result -                break - -        return rval - -    @staticmethod -    def get_resource_file(sfile, sfile_type='yaml'): -        ''' return the service file ''' -        contents = None -        with open(sfile) as sfd: -            contents = sfd.read() - -        if sfile_type == 'yaml': -            # AUDIT:no-member makes sense here due to ruamel.YAML/PyYAML usage -            # pylint: disable=no-member -            if hasattr(yaml, 'RoundTripLoader'): -                contents = yaml.load(contents, yaml.RoundTripLoader) -            else: -                contents = yaml.safe_load(contents) -        elif sfile_type == 'json': -            contents = json.loads(contents) - -        return contents - -    @staticmethod -    def filter_versions(stdout): -        ''' filter the oc version output ''' - -        version_dict = {} -        version_search = ['oc', 'openshift', 'kubernetes'] - -        for line in stdout.strip().split('\n'): -            for term in version_search: -                if not line: -                    continue -                if line.startswith(term): -                    version_dict[term] = line.split()[-1] - -        # horrible hack to get openshift version in Openshift 3.2 -        #  By default "oc version in 3.2 does not return an "openshift" version -        if "openshift" not in version_dict: -            version_dict["openshift"] = version_dict["oc"] - -        return version_dict - -    @staticmethod -    def add_custom_versions(versions): -        ''' create custom versions strings ''' - -        versions_dict = {} - -        for tech, version in versions.items(): -            # clean up "-" from version -            if "-" in version: -                version = version.split("-")[0] - -            if version.startswith('v'): -                versions_dict[tech + '_numeric'] = version[1:].split('+')[0] -                # "v3.3.0.33" is what we have, we want "3.3" -                versions_dict[tech + '_short'] = version[1:4] - -        return versions_dict - -    @staticmethod -    def openshift_installed(): -        ''' check if openshift is installed ''' -        import yum - -        yum_base = yum.YumBase() -        if yum_base.rpmdb.searchNevra(name='atomic-openshift'): -            return True - -        return False - -    # Disabling too-many-branches.  This is a yaml dictionary comparison function -    # pylint: disable=too-many-branches,too-many-return-statements,too-many-statements -    @staticmethod -    def check_def_equal(user_def, result_def, skip_keys=None, debug=False): -        ''' Given a user defined definition, compare it with the results given back by our query.  ''' - -        # Currently these values are autogenerated and we do not need to check them -        skip = ['metadata', 'status'] -        if skip_keys: -            skip.extend(skip_keys) - -        for key, value in result_def.items(): -            if key in skip: -                continue - -            # Both are lists -            if isinstance(value, list): -                if key not in user_def: -                    if debug: -                        print('User data does not have key [%s]' % key) -                        print('User data: %s' % user_def) -                    return False - -                if not isinstance(user_def[key], list): -                    if debug: -                        print('user_def[key] is not a list key=[%s] user_def[key]=%s' % (key, user_def[key])) -                    return False - -                if len(user_def[key]) != len(value): -                    if debug: -                        print("List lengths are not equal.") -                        print("key=[%s]: user_def[%s] != value[%s]" % (key, len(user_def[key]), len(value))) -                        print("user_def: %s" % user_def[key]) -                        print("value: %s" % value) -                    return False - -                for values in zip(user_def[key], value): -                    if isinstance(values[0], dict) and isinstance(values[1], dict): -                        if debug: -                            print('sending list - list') -                            print(type(values[0])) -                            print(type(values[1])) -                        result = Utils.check_def_equal(values[0], values[1], skip_keys=skip_keys, debug=debug) -                        if not result: -                            print('list compare returned false') -                            return False - -                    elif value != user_def[key]: -                        if debug: -                            print('value should be identical') -                            print(user_def[key]) -                            print(value) -                        return False - -            # recurse on a dictionary -            elif isinstance(value, dict): -                if key not in user_def: -                    if debug: -                        print("user_def does not have key [%s]" % key) -                    return False -                if not isinstance(user_def[key], dict): -                    if debug: -                        print("dict returned false: not instance of dict") -                    return False - -                # before passing ensure keys match -                api_values = set(value.keys()) - set(skip) -                user_values = set(user_def[key].keys()) - set(skip) -                if api_values != user_values: -                    if debug: -                        print("keys are not equal in dict") -                        print('user_def: %s' % user_values) -                        print('memory: %s' % api_values) -                    return False - -                result = Utils.check_def_equal(user_def[key], value, skip_keys=skip_keys, debug=debug) -                if not result: -                    if debug: -                        print("dict returned false") -                        print(result) -                    return False - -            # Verify each key, value pair is the same -            else: -                if key not in user_def or value != user_def[key]: -                    if debug: -                        print("value not equal; user_def does not have key") -                        print(key) -                        print(value) -                        if key in user_def: -                            print(user_def[key]) -                    return False - -        if debug: -            print('returning true') -        return True - - -class OpenShiftCLIConfig(object): -    '''Generic Config''' -    def __init__(self, rname, namespace, kubeconfig, options): -        self.kubeconfig = kubeconfig -        self.name = rname -        self.namespace = namespace -        self._options = options - -    @property -    def config_options(self): -        ''' return config options ''' -        return self._options - -    def to_option_list(self): -        '''return all options as a string''' -        return self.stringify() - -    def stringify(self): -        ''' return the options hash as cli params in a string ''' -        rval = [] -        for key, data in self.config_options.items(): -            if data['include'] \ -               and (data['value'] or isinstance(data['value'], int)): -                rval.append('--%s=%s' % (key.replace('_', '-'), data['value'])) - -        return rval - - -# -*- -*- -*- End included fragment: lib/base.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/deploymentconfig.py -*- -*- -*- - - -# pylint: disable=too-many-public-methods -class DeploymentConfig(Yedit): -    ''' Class to model an openshift DeploymentConfig''' -    default_deployment_config = ''' -apiVersion: v1 -kind: DeploymentConfig -metadata: -  name: default_dc -  namespace: default -spec: -  replicas: 0 -  selector: -    default_dc: default_dc -  strategy: -    resources: {} -    rollingParams: -      intervalSeconds: 1 -      maxSurge: 0 -      maxUnavailable: 25% -      timeoutSeconds: 600 -      updatePercent: -25 -      updatePeriodSeconds: 1 -    type: Rolling -  template: -    metadata: -    spec: -      containers: -      - env: -        - name: default -          value: default -        image: default -        imagePullPolicy: IfNotPresent -        name: default_dc -        ports: -        - containerPort: 8000 -          hostPort: 8000 -          protocol: TCP -          name: default_port -        resources: {} -        terminationMessagePath: /dev/termination-log -      dnsPolicy: ClusterFirst -      hostNetwork: true -      nodeSelector: -        type: compute -      restartPolicy: Always -      securityContext: {} -      serviceAccount: default -      serviceAccountName: default -      terminationGracePeriodSeconds: 30 -  triggers: -  - type: ConfigChange -''' - -    replicas_path = "spec.replicas" -    env_path = "spec.template.spec.containers[0].env" -    volumes_path = "spec.template.spec.volumes" -    container_path = "spec.template.spec.containers" -    volume_mounts_path = "spec.template.spec.containers[0].volumeMounts" - -    def __init__(self, content=None): -        ''' Constructor for deploymentconfig ''' -        if not content: -            content = DeploymentConfig.default_deployment_config - -        super(DeploymentConfig, self).__init__(content=content) - -    def add_env_value(self, key, value): -        ''' add key, value pair to env array ''' -        rval = False -        env = self.get_env_vars() -        if env: -            env.append({'name': key, 'value': value}) -            rval = True -        else: -            result = self.put(DeploymentConfig.env_path, {'name': key, 'value': value}) -            rval = result[0] - -        return rval - -    def exists_env_value(self, key, value): -        ''' return whether a key, value  pair exists ''' -        results = self.get_env_vars() -        if not results: -            return False - -        for result in results: -            if result['name'] == key and result['value'] == value: -                return True - -        return False - -    def exists_env_key(self, key): -        ''' return whether a key, value  pair exists ''' -        results = self.get_env_vars() -        if not results: -            return False - -        for result in results: -            if result['name'] == key: -                return True - -        return False - -    def get_env_var(self, key): -        '''return a environment variables ''' -        results = self.get(DeploymentConfig.env_path) or [] -        if not results: -            return None - -        for env_var in results: -            if env_var['name'] == key: -                return env_var - -        return None - -    def get_env_vars(self): -        '''return a environment variables ''' -        return self.get(DeploymentConfig.env_path) or [] - -    def delete_env_var(self, keys): -        '''delete a list of keys ''' -        if not isinstance(keys, list): -            keys = [keys] - -        env_vars_array = self.get_env_vars() -        modified = False -        idx = None -        for key in keys: -            for env_idx, env_var in enumerate(env_vars_array): -                if env_var['name'] == key: -                    idx = env_idx -                    break - -            if idx: -                modified = True -                del env_vars_array[idx] - -        if modified: -            return True - -        return False - -    def update_env_var(self, key, value): -        '''place an env in the env var list''' - -        env_vars_array = self.get_env_vars() -        idx = None -        for env_idx, env_var in enumerate(env_vars_array): -            if env_var['name'] == key: -                idx = env_idx -                break - -        if idx: -            env_vars_array[idx]['value'] = value -        else: -            self.add_env_value(key, value) - -        return True - -    def exists_volume_mount(self, volume_mount): -        ''' return whether a volume mount exists ''' -        exist_volume_mounts = self.get_volume_mounts() - -        if not exist_volume_mounts: -            return False - -        volume_mount_found = False -        for exist_volume_mount in exist_volume_mounts: -            if exist_volume_mount['name'] == volume_mount['name']: -                volume_mount_found = True -                break - -        return volume_mount_found - -    def exists_volume(self, volume): -        ''' return whether a volume exists ''' -        exist_volumes = self.get_volumes() - -        volume_found = False -        for exist_volume in exist_volumes: -            if exist_volume['name'] == volume['name']: -                volume_found = True -                break - -        return volume_found - -    def find_volume_by_name(self, volume, mounts=False): -        ''' return the index of a volume ''' -        volumes = [] -        if mounts: -            volumes = self.get_volume_mounts() -        else: -            volumes = self.get_volumes() -        for exist_volume in volumes: -            if exist_volume['name'] == volume['name']: -                return exist_volume - -        return None - -    def get_replicas(self): -        ''' return replicas setting ''' -        return self.get(DeploymentConfig.replicas_path) - -    def get_volume_mounts(self): -        '''return volume mount information ''' -        return self.get_volumes(mounts=True) - -    def get_volumes(self, mounts=False): -        '''return volume mount information ''' -        if mounts: -            return self.get(DeploymentConfig.volume_mounts_path) or [] - -        return self.get(DeploymentConfig.volumes_path) or [] - -    def delete_volume_by_name(self, volume): -        '''delete a volume ''' -        modified = False -        exist_volume_mounts = self.get_volume_mounts() -        exist_volumes = self.get_volumes() -        del_idx = None -        for idx, exist_volume in enumerate(exist_volumes): -            if 'name' in exist_volume and exist_volume['name'] == volume['name']: -                del_idx = idx -                break - -        if del_idx != None: -            del exist_volumes[del_idx] -            modified = True - -        del_idx = None -        for idx, exist_volume_mount in enumerate(exist_volume_mounts): -            if 'name' in exist_volume_mount and exist_volume_mount['name'] == volume['name']: -                del_idx = idx -                break - -        if del_idx != None: -            del exist_volume_mounts[idx] -            modified = True - -        return modified - -    def add_volume_mount(self, volume_mount): -        ''' add a volume or volume mount to the proper location ''' -        exist_volume_mounts = self.get_volume_mounts() - -        if not exist_volume_mounts and volume_mount: -            self.put(DeploymentConfig.volume_mounts_path, [volume_mount]) -        else: -            exist_volume_mounts.append(volume_mount) - -    def add_volume(self, volume): -        ''' add a volume or volume mount to the proper location ''' -        exist_volumes = self.get_volumes() -        if not volume: -            return - -        if not exist_volumes: -            self.put(DeploymentConfig.volumes_path, [volume]) -        else: -            exist_volumes.append(volume) - -    def update_replicas(self, replicas): -        ''' update replicas value ''' -        self.put(DeploymentConfig.replicas_path, replicas) - -    def update_volume(self, volume): -        '''place an env in the env var list''' -        exist_volumes = self.get_volumes() - -        if not volume: -            return False - -        # update the volume -        update_idx = None -        for idx, exist_vol in enumerate(exist_volumes): -            if exist_vol['name'] == volume['name']: -                update_idx = idx -                break - -        if update_idx != None: -            exist_volumes[update_idx] = volume -        else: -            self.add_volume(volume) - -        return True - -    def update_volume_mount(self, volume_mount): -        '''place an env in the env var list''' -        modified = False - -        exist_volume_mounts = self.get_volume_mounts() - -        if not volume_mount: -            return False - -        # update the volume mount -        for exist_vol_mount in exist_volume_mounts: -            if exist_vol_mount['name'] == volume_mount['name']: -                if 'mountPath' in exist_vol_mount and \ -                   str(exist_vol_mount['mountPath']) != str(volume_mount['mountPath']): -                    exist_vol_mount['mountPath'] = volume_mount['mountPath'] -                    modified = True -                break - -        if not modified: -            self.add_volume_mount(volume_mount) -            modified = True - -        return modified - -    def needs_update_volume(self, volume, volume_mount): -        ''' verify a volume update is needed ''' -        exist_volume = self.find_volume_by_name(volume) -        exist_volume_mount = self.find_volume_by_name(volume, mounts=True) -        results = [] -        results.append(exist_volume['name'] == volume['name']) - -        if 'secret' in volume: -            results.append('secret' in exist_volume) -            results.append(exist_volume['secret']['secretName'] == volume['secret']['secretName']) -            results.append(exist_volume_mount['name'] == volume_mount['name']) -            results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath']) - -        elif 'emptyDir' in volume: -            results.append(exist_volume_mount['name'] == volume['name']) -            results.append(exist_volume_mount['mountPath'] == volume_mount['mountPath']) - -        elif 'persistentVolumeClaim' in volume: -            pvc = 'persistentVolumeClaim' -            results.append(pvc in exist_volume) -            if results[-1]: -                results.append(exist_volume[pvc]['claimName'] == volume[pvc]['claimName']) - -                if 'claimSize' in volume[pvc]: -                    results.append(exist_volume[pvc]['claimSize'] == volume[pvc]['claimSize']) - -        elif 'hostpath' in volume: -            results.append('hostPath' in exist_volume) -            results.append(exist_volume['hostPath']['path'] == volume_mount['mountPath']) - -        return not all(results) - -    def needs_update_replicas(self, replicas): -        ''' verify whether a replica update is needed ''' -        current_reps = self.get(DeploymentConfig.replicas_path) -        return not current_reps == replicas - -# -*- -*- -*- End included fragment: lib/deploymentconfig.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/secret.py -*- -*- -*- - -# pylint: disable=too-many-instance-attributes -class SecretConfig(object): -    ''' Handle secret options ''' -    # pylint: disable=too-many-arguments -    def __init__(self, -                 sname, -                 namespace, -                 kubeconfig, -                 secrets=None): -        ''' constructor for handling secret options ''' -        self.kubeconfig = kubeconfig -        self.name = sname -        self.namespace = namespace -        self.secrets = secrets -        self.data = {} - -        self.create_dict() - -    def create_dict(self): -        ''' assign the correct properties for a secret dict ''' -        self.data['apiVersion'] = 'v1' -        self.data['kind'] = 'Secret' -        self.data['metadata'] = {} -        self.data['metadata']['name'] = self.name -        self.data['metadata']['namespace'] = self.namespace -        self.data['data'] = {} -        if self.secrets: -            for key, value in self.secrets.items(): -                self.data['data'][key] = value - -# pylint: disable=too-many-instance-attributes -class Secret(Yedit): -    ''' Class to wrap the oc command line tools ''' -    secret_path = "data" -    kind = 'secret' - -    def __init__(self, content): -        '''secret constructor''' -        super(Secret, self).__init__(content=content) -        self._secrets = None - -    @property -    def secrets(self): -        '''secret property getter''' -        if self._secrets is None: -            self._secrets = self.get_secrets() -        return self._secrets - -    @secrets.setter -    def secrets(self): -        '''secret property setter''' -        if self._secrets is None: -            self._secrets = self.get_secrets() -        return self._secrets - -    def get_secrets(self): -        ''' returns all of the defined secrets ''' -        return self.get(Secret.secret_path) or {} - -    def add_secret(self, key, value): -        ''' add a secret ''' -        if self.secrets: -            self.secrets[key] = value -        else: -            self.put(Secret.secret_path, {key: value}) - -        return True - -    def delete_secret(self, key): -        ''' delete secret''' -        try: -            del self.secrets[key] -        except KeyError as _: -            return False - -        return True - -    def find_secret(self, key): -        ''' find secret''' -        rval = None -        try: -            rval = self.secrets[key] -        except KeyError as _: -            return None - -        return {'key': key, 'value': rval} - -    def update_secret(self, key, value): -        ''' update a secret''' -        if key in self.secrets: -            self.secrets[key] = value -        else: -            self.add_secret(key, value) - -        return True - -# -*- -*- -*- End included fragment: lib/secret.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/service.py -*- -*- -*- - - -# pylint: disable=too-many-instance-attributes -class ServiceConfig(object): -    ''' Handle service options ''' -    # pylint: disable=too-many-arguments -    def __init__(self, -                 sname, -                 namespace, -                 ports, -                 selector=None, -                 labels=None, -                 cluster_ip=None, -                 portal_ip=None, -                 session_affinity=None, -                 service_type=None): -        ''' constructor for handling service options ''' -        self.name = sname -        self.namespace = namespace -        self.ports = ports -        self.selector = selector -        self.labels = labels -        self.cluster_ip = cluster_ip -        self.portal_ip = portal_ip -        self.session_affinity = session_affinity -        self.service_type = service_type -        self.data = {} - -        self.create_dict() - -    def create_dict(self): -        ''' instantiates a service dict ''' -        self.data['apiVersion'] = 'v1' -        self.data['kind'] = 'Service' -        self.data['metadata'] = {} -        self.data['metadata']['name'] = self.name -        self.data['metadata']['namespace'] = self.namespace -        if self.labels: -            for lab, lab_value  in self.labels.items(): -                self.data['metadata'][lab] = lab_value -        self.data['spec'] = {} - -        if self.ports: -            self.data['spec']['ports'] = self.ports -        else: -            self.data['spec']['ports'] = [] - -        if self.selector: -            self.data['spec']['selector'] = self.selector - -        self.data['spec']['sessionAffinity'] = self.session_affinity or 'None' - -        if self.cluster_ip: -            self.data['spec']['clusterIP'] = self.cluster_ip - -        if self.portal_ip: -            self.data['spec']['portalIP'] = self.portal_ip - -        if self.service_type: -            self.data['spec']['type'] = self.service_type - -# pylint: disable=too-many-instance-attributes,too-many-public-methods -class Service(Yedit): -    ''' Class to model the oc service object ''' -    port_path = "spec.ports" -    portal_ip = "spec.portalIP" -    cluster_ip = "spec.clusterIP" -    selector = "spec.selector" -    kind = 'Service' - -    def __init__(self, content): -        '''Service constructor''' -        super(Service, self).__init__(content=content) - -    def get_ports(self): -        ''' get a list of ports ''' -        return self.get(Service.port_path) or [] - -    def get_selector(self): -        ''' get the service selector''' -        return self.get(Service.selector) or {} - -    def add_ports(self, inc_ports): -        ''' add a port object to the ports list ''' -        if not isinstance(inc_ports, list): -            inc_ports = [inc_ports] - -        ports = self.get_ports() -        if not ports: -            self.put(Service.port_path, inc_ports) -        else: -            ports.extend(inc_ports) - -        return True - -    def find_ports(self, inc_port): -        ''' find a specific port ''' -        for port in self.get_ports(): -            if port['port'] == inc_port['port']: -                return port - -        return None - -    def delete_ports(self, inc_ports): -        ''' remove a port from a service ''' -        if not isinstance(inc_ports, list): -            inc_ports = [inc_ports] - -        ports = self.get(Service.port_path) or [] - -        if not ports: -            return True - -        removed = False -        for inc_port in inc_ports: -            port = self.find_ports(inc_port) -            if port: -                ports.remove(port) -                removed = True - -        return removed - -    def add_cluster_ip(self, sip): -        '''add cluster ip''' -        self.put(Service.cluster_ip, sip) - -    def add_portal_ip(self, pip): -        '''add cluster ip''' -        self.put(Service.portal_ip, pip) - -# -*- -*- -*- End included fragment: lib/service.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: lib/volume.py -*- -*- -*- - -class Volume(object): -    ''' Class to model an openshift volume object''' -    volume_mounts_path = {"pod": "spec.containers[0].volumeMounts", -                          "dc":  "spec.template.spec.containers[0].volumeMounts", -                          "rc":  "spec.template.spec.containers[0].volumeMounts", -                         } -    volumes_path = {"pod": "spec.volumes", -                    "dc":  "spec.template.spec.volumes", -                    "rc":  "spec.template.spec.volumes", -                   } - -    @staticmethod -    def create_volume_structure(volume_info): -        ''' return a properly structured volume ''' -        volume_mount = None -        volume = {'name': volume_info['name']} -        if volume_info['type'] == 'secret': -            volume['secret'] = {} -            volume[volume_info['type']] = {'secretName': volume_info['secret_name']} -            volume_mount = {'mountPath': volume_info['path'], -                            'name': volume_info['name']} -        elif volume_info['type'] == 'emptydir': -            volume['emptyDir'] = {} -            volume_mount = {'mountPath': volume_info['path'], -                            'name': volume_info['name']} -        elif volume_info['type'] == 'pvc': -            volume['persistentVolumeClaim'] = {} -            volume['persistentVolumeClaim']['claimName'] = volume_info['claimName'] -            volume['persistentVolumeClaim']['claimSize'] = volume_info['claimSize'] -        elif volume_info['type'] == 'hostpath': -            volume['hostPath'] = {} -            volume['hostPath']['path'] = volume_info['path'] - -        return (volume, volume_mount) - -# -*- -*- -*- End included fragment: lib/volume.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: class/oc_version.py -*- -*- -*- - - -# pylint: disable=too-many-instance-attributes -class OCVersion(OpenShiftCLI): -    ''' Class to wrap the oc command line tools ''' -    # pylint allows 5 -    # pylint: disable=too-many-arguments -    def __init__(self, -                 config, -                 debug): -        ''' Constructor for OCVersion ''' -        super(OCVersion, self).__init__(None, config) -        self.debug = debug - -    def get(self): -        '''get and return version information ''' - -        results = {} - -        version_results = self._version() - -        if version_results['returncode'] == 0: -            filtered_vers = Utils.filter_versions(version_results['results']) -            custom_vers = Utils.add_custom_versions(filtered_vers) - -            results['returncode'] = version_results['returncode'] -            results.update(filtered_vers) -            results.update(custom_vers) - -            return results - -        raise OpenShiftCLIError('Problem detecting openshift version.') - -    @staticmethod -    def run_ansible(params): -        '''run the idempotent ansible code''' -        oc_version = OCVersion(params['kubeconfig'], params['debug']) - -        if params['state'] == 'list': - -            #pylint: disable=protected-access -            result = oc_version.get() -            return {'state': params['state'], -                    'results': result, -                    'changed': False} - -# -*- -*- -*- End included fragment: class/oc_version.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: class/oc_adm_registry.py -*- -*- -*- - -class RegistryException(Exception): -    ''' Registry Exception Class ''' -    pass - - -class RegistryConfig(OpenShiftCLIConfig): -    ''' RegistryConfig is a DTO for the registry.  ''' -    def __init__(self, rname, namespace, kubeconfig, registry_options): -        super(RegistryConfig, self).__init__(rname, namespace, kubeconfig, registry_options) - - -class Registry(OpenShiftCLI): -    ''' Class to wrap the oc command line tools ''' - -    volume_mount_path = 'spec.template.spec.containers[0].volumeMounts' -    volume_path = 'spec.template.spec.volumes' -    env_path = 'spec.template.spec.containers[0].env' - -    def __init__(self, -                 registry_config, -                 verbose=False): -        ''' Constructor for Registry - -           a registry consists of 3 or more parts -           - dc/docker-registry -           - svc/docker-registry - -           Parameters: -           :registry_config: -           :verbose: -        ''' -        super(Registry, self).__init__(registry_config.namespace, registry_config.kubeconfig, verbose) -        self.version = OCVersion(registry_config.kubeconfig, verbose) -        self.svc_ip = None -        self.portal_ip = None -        self.config = registry_config -        self.verbose = verbose -        self.registry_parts = [{'kind': 'dc', 'name': self.config.name}, -                               {'kind': 'svc', 'name': self.config.name}, -                              ] - -        self.__prepared_registry = None -        self.volume_mounts = [] -        self.volumes = [] -        if self.config.config_options['volume_mounts']['value']: -            for volume in self.config.config_options['volume_mounts']['value']: -                volume_info = {'secret_name': volume.get('secret_name', None), -                               'name':        volume.get('name', None), -                               'type':        volume.get('type', None), -                               'path':        volume.get('path', None), -                               'claimName':   volume.get('claim_name', None), -                               'claimSize':   volume.get('claim_size', None), -                              } - -                vol, vol_mount = Volume.create_volume_structure(volume_info) -                self.volumes.append(vol) -                self.volume_mounts.append(vol_mount) - -        self.dconfig = None -        self.svc = None - -    @property -    def deploymentconfig(self): -        ''' deploymentconfig property ''' -        return self.dconfig - -    @deploymentconfig.setter -    def deploymentconfig(self, config): -        ''' setter for deploymentconfig property ''' -        self.dconfig = config - -    @property -    def service(self): -        ''' service property ''' -        return self.svc - -    @service.setter -    def service(self, config): -        ''' setter for service property ''' -        self.svc = config - -    @property -    def prepared_registry(self): -        ''' prepared_registry property ''' -        if not self.__prepared_registry: -            results = self.prepare_registry() -            if not results: -                raise RegistryException('Could not perform registry preparation.') -            self.__prepared_registry = results - -        return self.__prepared_registry - -    @prepared_registry.setter -    def prepared_registry(self, data): -        ''' setter method for prepared_registry attribute ''' -        self.__prepared_registry = data - -    def get(self): -        ''' return the self.registry_parts ''' -        self.deploymentconfig = None -        self.service = None - -        rval = 0 -        for part in self.registry_parts: -            result = self._get(part['kind'], rname=part['name']) -            if result['returncode'] == 0 and part['kind'] == 'dc': -                self.deploymentconfig = DeploymentConfig(result['results'][0]) -            elif result['returncode'] == 0 and part['kind'] == 'svc': -                self.service = Service(result['results'][0]) - -            if result['returncode'] != 0: -                rval = result['returncode'] - - -        return {'returncode': rval, 'deploymentconfig': self.deploymentconfig, 'service': self.service} - -    def exists(self): -        '''does the object exist?''' -        self.get() -        if self.deploymentconfig or self.service: -            return True - -        return False - -    def delete(self, complete=True): -        '''return all pods ''' -        parts = [] -        for part in self.registry_parts: -            if not complete and part['kind'] == 'svc': -                continue -            parts.append(self._delete(part['kind'], part['name'])) - -        # Clean up returned results -        rval = 0 -        for part in parts: -            # pylint: disable=invalid-sequence-index -            if 'returncode' in part and part['returncode'] != 0: -                rval = part['returncode'] - -        return {'returncode': rval, 'results': parts} - -    def prepare_registry(self): -        ''' prepare a registry for instantiation ''' -        options = self.config.to_option_list() - -        cmd = ['registry', '-n', self.config.namespace] -        cmd.extend(options) -        cmd.extend(['--dry-run=True', '-o', 'json']) - -        results = self.openshift_cmd(cmd, oadm=True, output=True, output_type='json') -        # probably need to parse this -        # pylint thinks results is a string -        # pylint: disable=no-member -        if results['returncode'] != 0 and 'items' in results['results']: -            return results - -        service = None -        deploymentconfig = None -        # pylint: disable=invalid-sequence-index -        for res in results['results']['items']: -            if res['kind'] == 'DeploymentConfig': -                deploymentconfig = DeploymentConfig(res) -            elif res['kind'] == 'Service': -                service = Service(res) - -        # Verify we got a service and a deploymentconfig -        if not service or not deploymentconfig: -            return results - -        # results will need to get parsed here and modifications added -        deploymentconfig = DeploymentConfig(self.add_modifications(deploymentconfig)) - -        # modify service ip -        if self.svc_ip: -            service.put('spec.clusterIP', self.svc_ip) -        if self.portal_ip: -            service.put('spec.portalIP', self.portal_ip) - -        # the dry-run doesn't apply the selector correctly -        service.put('spec.selector', self.service.get_selector()) - - -        # need to create the service and the deploymentconfig -        service_file = Utils.create_tmp_file_from_contents('service', service.yaml_dict) -        deployment_file = Utils.create_tmp_file_from_contents('deploymentconfig', deploymentconfig.yaml_dict) - -        return {"service": service, -                "service_file": service_file, -                "service_update": False, -                "deployment": deploymentconfig, -                "deployment_file": deployment_file, -                "deployment_update": False} - -    def create(self): -        '''Create a registry''' -        results = [] -        for config_file in ['deployment_file', 'service_file']: -            results.append(self._create(self.prepared_registry[config_file])) - -        # Clean up returned results -        rval = 0 -        for result in results: -            # pylint: disable=invalid-sequence-index -            if 'returncode' in result and result['returncode'] != 0: -                rval = result['returncode'] - -        return {'returncode': rval, 'results': results} - -    def update(self): -        '''run update for the registry.  This performs a delete and then create ''' -        # Store the current service IP -        if self.service: -            svcip = self.service.get('spec.clusterIP') -            if svcip: -                self.svc_ip = svcip -            portip = self.service.get('spec.portalIP') -            if portip: -                self.portal_ip = portip - -        results = [] -        if self.prepared_registry['deployment_update']: -            results.append(self._replace(self.prepared_registry['deployment_file'])) -        if self.prepared_registry['service_update']: -            results.append(self._replace(self.prepared_registry['service_file'])) - -        # Clean up returned results -        rval = 0 -        for result in results: -            if result['returncode'] != 0: -                rval = result['returncode'] - -        return {'returncode': rval, 'results': results} - -    def add_modifications(self, deploymentconfig): -        ''' update a deployment config with changes ''' -        # The environment variable for REGISTRY_HTTP_SECRET is autogenerated -        # We should set the generated deploymentconfig to the in memory version -        # the following modifications will overwrite if needed -        if self.deploymentconfig: -            result = self.deploymentconfig.get_env_var('REGISTRY_HTTP_SECRET') -            if result: -                deploymentconfig.update_env_var('REGISTRY_HTTP_SECRET', result['value']) - -        # Currently we know that our deployment of a registry requires a few extra modifications -        # Modification 1 -        # we need specific environment variables to be set -        for key, value in self.config.config_options['env_vars'].get('value', {}).items(): -            if not deploymentconfig.exists_env_key(key): -                deploymentconfig.add_env_value(key, value) -            else: -                deploymentconfig.update_env_var(key, value) - -        # Modification 2 -        # we need specific volume variables to be set -        for volume in self.volumes: -            deploymentconfig.update_volume(volume) - -        for vol_mount in self.volume_mounts: -            deploymentconfig.update_volume_mount(vol_mount) - -        # Modification 3 -        # Edits -        edit_results = [] -        for edit in self.config.config_options['edits'].get('value', []): -            if edit['action'] == 'put': -                edit_results.append(deploymentconfig.put(edit['key'], -                                                         edit['value'])) -            if edit['action'] == 'update': -                edit_results.append(deploymentconfig.update(edit['key'], -                                                            edit['value'], -                                                            edit.get('index', None), -                                                            edit.get('curr_value', None))) -            if edit['action'] == 'append': -                edit_results.append(deploymentconfig.append(edit['key'], -                                                            edit['value'])) - -        if edit_results and not any([res[0] for res in edit_results]): -            return None - -        return deploymentconfig.yaml_dict - -    def needs_update(self): -        ''' check to see if we need to update ''' -        if not self.service or not self.deploymentconfig: -            return True - -        exclude_list = ['clusterIP', 'portalIP', 'type', 'protocol'] -        if not Utils.check_def_equal(self.prepared_registry['service'].yaml_dict, -                                     self.service.yaml_dict, -                                     exclude_list, -                                     debug=self.verbose): -            self.prepared_registry['service_update'] = True - -        exclude_list = ['dnsPolicy', -                        'terminationGracePeriodSeconds', -                        'restartPolicy', 'timeoutSeconds', -                        'livenessProbe', 'readinessProbe', -                        'terminationMessagePath', -                        'securityContext', -                        'imagePullPolicy', -                        'protocol', # ports.portocol: TCP -                        'type', # strategy: {'type': 'rolling'} -                        'defaultMode', # added on secrets -                        'activeDeadlineSeconds', # added in 1.5 for timeouts -                       ] - -        if not Utils.check_def_equal(self.prepared_registry['deployment'].yaml_dict, -                                     self.deploymentconfig.yaml_dict, -                                     exclude_list, -                                     debug=self.verbose): -            self.prepared_registry['deployment_update'] = True - -        return self.prepared_registry['deployment_update'] or self.prepared_registry['service_update'] or False - -    # In the future, we would like to break out each ansible state into a function. -    # pylint: disable=too-many-branches,too-many-return-statements -    @staticmethod -    def run_ansible(params, check_mode): -        '''run idempotent ansible code''' - -        rconfig = RegistryConfig(params['name'], -                                 params['namespace'], -                                 params['kubeconfig'], -                                 {'images': {'value': params['images'], 'include': True}, -                                  'latest_images': {'value': params['latest_images'], 'include': True}, -                                  'labels': {'value': params['labels'], 'include': True}, -                                  'ports': {'value': ','.join(params['ports']), 'include': True}, -                                  'replicas': {'value': params['replicas'], 'include': True}, -                                  'selector': {'value': params['selector'], 'include': True}, -                                  'service_account': {'value': params['service_account'], 'include': True}, -                                  'mount_host': {'value': params['mount_host'], 'include': True}, -                                  'env_vars': {'value': params['env_vars'], 'include': False}, -                                  'volume_mounts': {'value': params['volume_mounts'], 'include': False}, -                                  'edits': {'value': params['edits'], 'include': False}, -                                  'enforce_quota': {'value': params['enforce_quota'], 'include': True}, -                                  'daemonset': {'value': params['daemonset'], 'include': True}, -                                  'tls_key': {'value': params['tls_key'], 'include': True}, -                                  'tls_certificate': {'value': params['tls_certificate'], 'include': True}, -                                 }) - - -        ocregistry = Registry(rconfig, params['debug']) - -        api_rval = ocregistry.get() - -        state = params['state'] -        ######## -        # get -        ######## -        if state == 'list': - -            if api_rval['returncode'] != 0: -                return {'failed': True, 'msg': api_rval} - -            return {'changed': False, 'results': api_rval, 'state': state} - -        ######## -        # Delete -        ######## -        if state == 'absent': -            if not ocregistry.exists(): -                return {'changed': False, 'state': state} - -            if check_mode: -                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a delete.'} - -            # Unsure as to why this is angry with the return type. -            # pylint: disable=redefined-variable-type -            api_rval = ocregistry.delete() - -            if api_rval['returncode'] != 0: -                return {'failed': True, 'msg': api_rval} - -            return {'changed': True, 'results': api_rval, 'state': state} - -        if state == 'present': -            ######## -            # Create -            ######## -            if not ocregistry.exists(): - -                if check_mode: -                    return {'changed': True, 'msg': 'CHECK_MODE: Would have performed a create.'} - -                api_rval = ocregistry.create() - -                if api_rval['returncode'] != 0: -                    return {'failed': True, 'msg': api_rval} - -                return {'changed': True, 'results': api_rval, 'state': state} - -            ######## -            # Update -            ######## -            if not params['force'] and not ocregistry.needs_update(): -                return {'changed': False, 'state': state} - -            if check_mode: -                return {'changed': True, 'msg': 'CHECK_MODE: Would have performed an update.'} - -            api_rval = ocregistry.update() - -            if api_rval['returncode'] != 0: -                return {'failed': True, 'msg': api_rval} - -            return {'changed': True, 'results': api_rval, 'state': state} - -        return {'failed': True, 'msg': 'Unknown state passed. %s' % state} - -# -*- -*- -*- End included fragment: class/oc_adm_registry.py -*- -*- -*- - -# -*- -*- -*- Begin included fragment: ansible/oc_adm_registry.py -*- -*- -*- - -def main(): -    ''' -    ansible oc module for registry -    ''' - -    module = AnsibleModule( -        argument_spec=dict( -            state=dict(default='present', type='str', -                       choices=['present', 'absent']), -            debug=dict(default=False, type='bool'), -            namespace=dict(default='default', type='str'), -            name=dict(default=None, required=True, type='str'), - -            kubeconfig=dict(default='/etc/origin/master/admin.kubeconfig', type='str'), -            images=dict(default=None, type='str'), -            latest_images=dict(default=False, type='bool'), -            labels=dict(default=None, type='list'), -            ports=dict(default=['5000'], type='list'), -            replicas=dict(default=1, type='int'), -            selector=dict(default=None, type='str'), -            service_account=dict(default='registry', type='str'), -            mount_host=dict(default=None, type='str'), -            volume_mounts=dict(default=None, type='list'), -            env_vars=dict(default={}, type='dict'), -            edits=dict(default=[], type='list'), -            enforce_quota=dict(default=False, type='bool'), -            force=dict(default=False, type='bool'), -            daemonset=dict(default=False, type='bool'), -            tls_key=dict(default=None, type='str'), -            tls_certificate=dict(default=None, type='str'), -        ), - -        supports_check_mode=True, -    ) - -    results = Registry.run_ansible(module.params, module.check_mode) -    if 'failed' in results: -        module.fail_json(**results) - -    module.exit_json(**results) - - -if __name__ == '__main__': -    main() - -# -*- -*- -*- End included fragment: ansible/oc_adm_registry.py -*- -*- -*- diff --git a/roles/lib_openshift/src/class/oc_adm_registry.py b/roles/lib_openshift/src/class/oc_adm_registry.py index c083cd179..25519c9c9 100644 --- a/roles/lib_openshift/src/class/oc_adm_registry.py +++ b/roles/lib_openshift/src/class/oc_adm_registry.py @@ -87,8 +87,8 @@ class Registry(OpenShiftCLI):          ''' prepared_registry property '''          if not self.__prepared_registry:              results = self.prepare_registry() -            if not results: -                raise RegistryException('Could not perform registry preparation.') +            if not results or ('returncode' in results and results['returncode'] != 0): +                raise RegistryException('Could not perform registry preparation. {}'.format(results))              self.__prepared_registry = results          return self.__prepared_registry @@ -153,8 +153,8 @@ class Registry(OpenShiftCLI):          # probably need to parse this          # pylint thinks results is a string          # pylint: disable=no-member -        if results['returncode'] != 0 and 'items' in results['results']: -            return results +        if results['returncode'] != 0 and 'items' not in results['results']: +            raise RegistryException('Could not perform registry preparation. {}'.format(results))          service = None          deploymentconfig = None diff --git a/roles/nuage_master/tasks/main.yaml b/roles/nuage_master/tasks/main.yaml index d211d30e8..fefd28bbd 100644 --- a/roles/nuage_master/tasks/main.yaml +++ b/roles/nuage_master/tasks/main.yaml @@ -22,6 +22,15 @@      - nuage.key      - nuage.kubeconfig +- name: Copy the certificates and keys +  become: yes +  copy: src="/tmp/{{ item }}" dest="{{ cert_output_dir }}/{{ item }}" +  with_items: +    - ca.crt +    - nuage.crt +    - nuage.key +    - nuage.kubeconfig +  - include: certificates.yml  - name: Create nuage-openshift-monitor.yaml diff --git a/roles/nuage_master/tasks/serviceaccount.yml b/roles/nuage_master/tasks/serviceaccount.yml index 16ea08244..eee448e2c 100644 --- a/roles/nuage_master/tasks/serviceaccount.yml +++ b/roles/nuage_master/tasks/serviceaccount.yml @@ -3,14 +3,20 @@    command: mktemp -u /tmp/openshift-ansible-XXXXXXX.kubeconfig    register: nuage_tmp_conf_mktemp    changed_when: False +  run_once: True +  delegate_to: "{{ nuage_ca_master }}"  - set_fact:      nuage_tmp_conf: "{{ nuage_tmp_conf_mktemp.stdout }}" +  run_once: True +  delegate_to: "{{ nuage_ca_master }}"  - name: Copy Configuration to temporary conf    command: >      cp {{ openshift.common.config_base }}/master/admin.kubeconfig {{nuage_tmp_conf}}    changed_when: false +  run_once: True +  delegate_to: "{{ nuage_ca_master }}"  - name: Create Admin Service Account    oc_serviceaccount: @@ -18,6 +24,8 @@      name: nuage      namespace: default      state: present +  run_once: True +  delegate_to: "{{ nuage_ca_master }}"  - name: Configure role/user permissions    command: > @@ -27,6 +35,8 @@    register: osnuage_perm_task    failed_when: "'the object has been modified' not in osnuage_perm_task.stderr and osnuage_perm_task.rc != 0"    changed_when: osnuage_perm_task.rc == 0 +  run_once: True +  delegate_to: "{{ nuage_ca_master }}"  - name: Generate the node client config    command: > @@ -40,8 +50,12 @@        --signer-serial={{ openshift_master_ca_serial }}        --basename='nuage'        --user={{ nuage_service_account }} +  delegate_to: "{{ nuage_ca_master }}" +  run_once: True  - name: Clean temporary configuration file    command: >      rm -f {{nuage_tmp_conf}}    changed_when: false +  delegate_to: "{{ nuage_ca_master }}" +  run_once: True diff --git a/roles/openshift_facts/vars/main.yml b/roles/openshift_facts/vars/main.yml index 053a4cfc8..07f5100ad 100644 --- a/roles/openshift_facts/vars/main.yml +++ b/roles/openshift_facts/vars/main.yml @@ -2,6 +2,7 @@  required_packages:    - iproute    - python-dbus +  - python-six    - PyYAML    - yum-utils diff --git a/roles/openshift_health_checker/openshift_checks/__init__.py b/roles/openshift_health_checker/openshift_checks/__init__.py index 50f26765b..8433923ed 100644 --- a/roles/openshift_health_checker/openshift_checks/__init__.py +++ b/roles/openshift_health_checker/openshift_checks/__init__.py @@ -8,9 +8,11 @@ import os  from abc import ABCMeta, abstractmethod, abstractproperty  from importlib import import_module +# add_metaclass is not available in the embedded six from module_utils in Ansible 2.2.1 +from six import add_metaclass  # pylint import-error disabled because pylint cannot find the package  # when installed in a virtualenv -from ansible.module_utils.six.moves import add_metaclass, reduce  # pylint: disable=import-error, redefined-builtin +from ansible.module_utils.six.moves import reduce  # pylint: disable=import-error, redefined-builtin  class OpenShiftCheckException(Exception): diff --git a/roles/openshift_hosted/meta/main.yml b/roles/openshift_hosted/meta/main.yml index e9b590550..bbbb76414 100644 --- a/roles/openshift_hosted/meta/main.yml +++ b/roles/openshift_hosted/meta/main.yml @@ -17,19 +17,3 @@ dependencies:  - role: lib_openshift  - role: openshift_projects    openshift_projects: "{{ openshift_additional_projects | default({}) | oo_merge_dicts({'default':{'default_node_selector':''},'openshift-infra':{'default_node_selector':''},'logging':{'default_node_selector':''}}) }}" -- role: openshift_serviceaccounts -  openshift_serviceaccounts_names: -  - router -  - registry -  openshift_serviceaccounts_namespace: default -  openshift_serviceaccounts_sccs: -  - hostnetwork -  when: openshift.common.version_gte_3_2_or_1_2 -- role: openshift_serviceaccounts -  openshift_serviceaccounts_names: -  - router -  - registry -  openshift_serviceaccounts_namespace: default -  openshift_serviceaccounts_sccs: -  - privileged -  when: not openshift.common.version_gte_3_2_or_1_2 diff --git a/roles/openshift_hosted/tasks/registry/registry.yml b/roles/openshift_hosted/tasks/registry/registry.yml index d89ce855a..0b8042473 100644 --- a/roles/openshift_hosted/tasks/registry/registry.yml +++ b/roles/openshift_hosted/tasks/registry/registry.yml @@ -56,12 +56,24 @@      openshift_hosted_registry_force:      - False +- name: Create the registry service account +  oc_serviceaccount: +    name: "{{ openshift_hosted_registry_serviceaccount }}" +    namespace: "{{ openshift_hosted_registry_namespace }}" + +- name: Grant the registry serivce account access to the appropriate scc +  oc_adm_policy_user: +    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}" +    namespace: "{{ openshift_hosted_registry_namespace }}" +    resource_kind: scc +    resource_name: hostnetwork +  - name: oc adm policy add-cluster-role-to-user system:registry system:serviceaccount:default:registry    oc_adm_policy_user: -    user: system:serviceaccount:default:registry +    user: "system:serviceaccount:{{ openshift_hosted_registry_namespace }}:{{ openshift_hosted_registry_serviceaccount }}" +    namespace: "{{ openshift_hosted_registry_namespace }}"      resource_kind: cluster-role      resource_name: system:registry -    state: present  - name: create the default registry service    oc_service: diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml index 3b7021eae..0861b9ec2 100644 --- a/roles/openshift_hosted/tasks/router/router.yml +++ b/roles/openshift_hosted/tasks/router/router.yml @@ -22,6 +22,30 @@    with_items: "{{ openshift_hosted_routers | oo_collect(attribute='certificates') |                    oo_select_keys_from_list(['keyfile', 'certfile', 'cafile']) }}" +- name: Create the router service account(s) +  oc_serviceaccount: +    name: "{{ item.serviceaccount }}" +    namespace: "{{ item.namespace }}" +    state: present +  with_items: "{{ openshift_hosted_routers }}" + +- name: Grant the router serivce account(s) access to the appropriate scc +  oc_adm_policy_user: +    user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}" +    namespace: "{{ item.namespace }}" +    resource_kind: scc +    resource_name: hostnetwork +  with_items: "{{ openshift_hosted_routers }}" + +- name: Set additional permissions for router service account +  oc_adm_policy_user: +    user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}" +    namespace: "{{ item.namespace }}" +    resource_kind: cluster-role +    resource_name: cluster-reader +  when: item.namespace == 'default' +  with_items: "{{ openshift_hosted_routers }}" +  - name: Create OpenShift router    oc_adm_router:      name: "{{ item.name }}" diff --git a/roles/openshift_logging/meta/main.yaml b/roles/openshift_logging/meta/main.yaml index ab57242c8..9c480f73a 100644 --- a/roles/openshift_logging/meta/main.yaml +++ b/roles/openshift_logging/meta/main.yaml @@ -13,5 +13,4 @@ galaxy_info:    - cloud  dependencies:  - role: lib_openshift -- role: openshift_master_facts  - role: openshift_facts diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 2ef61cddf..98e0da1a2 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -249,7 +249,7 @@    # Using curl here since the uri module requires python-httplib2 and    # wait_for port doesn't provide health information.    command: > -    curl --silent +    curl --silent --tlsv1.2      {% if openshift.common.version_gte_3_2_or_1_2 | bool %}      --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt      {% else %} diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index aec48386e..938ac2a12 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -35,6 +35,15 @@ assetConfig:      keyFile: master.server.key      maxRequestsInFlight: 0      requestTimeoutSeconds: 0 +{% if openshift_master_min_tls_version is defined %} +    minTLSVersion: {{ openshift_master_min_tls_version }} +{% endif %} +{% if openshift_master_cipher_suites is defined %} +    cipherSuites: +{% for cipher_suite in openshift_master_cipher_suites %} +    - {{ cipher_suite }} +{% endfor %} +{% endif %}  {% if openshift_master_ha | bool %}  {% if openshift.master.audit_config | default(none) is not none and openshift.common.version_gte_3_2_or_1_2 | bool %}  auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} @@ -256,5 +265,14 @@ servingInfo:  {% endfor %}  {% endfor %}  {% endif %} +{% if openshift_master_min_tls_version is defined %} +  minTLSVersion: {{ openshift_master_min_tls_version }} +{% endif %} +{% if openshift_master_cipher_suites is defined %} +  cipherSuites: +{% for cipher_suite in openshift_master_cipher_suites %} +  - {{ cipher_suite }} +{% endfor %} +{% endif %}  volumeConfig:    dynamicProvisioningEnabled: {{ openshift.master.dynamic_provisioning_enabled }} diff --git a/roles/openshift_metrics/handlers/main.yml b/roles/openshift_metrics/handlers/main.yml new file mode 100644 index 000000000..ffb812271 --- /dev/null +++ b/roles/openshift_metrics/handlers/main.yml @@ -0,0 +1,26 @@ +--- +- name: restart master +  systemd: name={{ openshift.common.service_type }}-master state=restarted +  when: (openshift.master.ha is not defined or not openshift.master.ha | bool) and (not (master_service_status_changed | default(false) | bool)) +  notify: Verify API Server + +- name: Verify API Server +  # Using curl here since the uri module requires python-httplib2 and +  # wait_for port doesn't provide health information. +  command: > +    curl --silent --tlsv1.2 +    {% if openshift.common.version_gte_3_2_or_1_2 | bool %} +    --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt +    {% else %} +    --cacert {{ openshift.common.config_base }}/master/ca.crt +    {% endif %} +    {{ openshift.master.api_url }}/healthz/ready +  args: +    # Disables the following warning: +    # Consider using get_url or uri module rather than running curl +    warn: no +  register: api_available_output +  until: api_available_output.stdout == 'ok' +  retries: 120 +  delay: 1 +  changed_when: false diff --git a/roles/openshift_metrics/tasks/install_metrics.yaml b/roles/openshift_metrics/tasks/install_metrics.yaml index 66a3abdbd..ffe6f63a2 100644 --- a/roles/openshift_metrics/tasks/install_metrics.yaml +++ b/roles/openshift_metrics/tasks/install_metrics.yaml @@ -34,6 +34,8 @@      file_content: "{{ item.content | b64decode | from_yaml }}"    with_items: "{{ object_defs.results }}" +- include: update_master_config.yaml +  - command: >      {{openshift.common.client_binary}}      --config={{mktemp.stdout}}/admin.kubeconfig diff --git a/roles/openshift_metrics/tasks/update_master_config.yaml b/roles/openshift_metrics/tasks/update_master_config.yaml new file mode 100644 index 000000000..20fc45fd4 --- /dev/null +++ b/roles/openshift_metrics/tasks/update_master_config.yaml @@ -0,0 +1,9 @@ +--- +- name: Adding metrics route information to metricsPublicURL +  modify_yaml: +    dest: "{{ openshift.common.config_base }}/master/master-config.yaml" +    yaml_key: assetConfig.metricsPublicURL +    yaml_value: "https://{{ openshift_metrics_hawkular_hostname}}/hawkular/metrics" +  notify: restart master +  tags: +    - update_master_config diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 691227915..626248306 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -153,7 +153,7 @@    # Using curl here since the uri module requires python-httplib2 and    # wait_for port doesn't provide health information.    command: > -    curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt +    curl --silent --tlsv1.2 --cacert {{ openshift.common.config_base }}/node/ca.crt      {{ openshift_node_master_api_url }}/healthz/ready    args:      # Disables the following warning: diff --git a/roles/openshift_node/templates/node.yaml.v1.j2 b/roles/openshift_node/templates/node.yaml.v1.j2 index d3c3feb68..f2f929232 100644 --- a/roles/openshift_node/templates/node.yaml.v1.j2 +++ b/roles/openshift_node/templates/node.yaml.v1.j2 @@ -40,6 +40,15 @@ servingInfo:    certFile: server.crt    clientCA: ca.crt    keyFile: server.key +{% if openshift_node_min_tls_version is defined %} +  minTLSVersion: {{ openshift_node_min_tls_version }} +{% endif %} +{% if openshift_node_cipher_suites is defined %} +  cipherSuites: +{% for cipher_suite in openshift_node_cipher_suites %} +  - {{ cipher_suite }} +{% endfor %} +{% endif %}  volumeDirectory: {{ openshift.common.data_dir }}/openshift.local.volumes  proxyArguments:    proxy-mode: diff --git a/roles/openshift_serviceaccounts/meta/main.yml b/roles/openshift_serviceaccounts/meta/main.yml deleted file mode 100644 index 7a30c220f..000000000 --- a/roles/openshift_serviceaccounts/meta/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -galaxy_info: -  author: OpenShift Operations -  description: OpenShift Service Accounts -  company: Red Hat, Inc. -  license: Apache License, Version 2.0 -  min_ansible_version: 1.9 -  platforms: -  - name: EL -    versions: -    - 7 -  categories: -  - cloud -dependencies: -- { role: openshift_facts } -- { role: lib_openshift } diff --git a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml b/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml deleted file mode 100644 index b8cbe9a84..000000000 --- a/roles/openshift_serviceaccounts/tasks/legacy_add_scc_to_user.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -#### -# -# OSE 3.0.z did not have 'oadm policy add-scc-to-user'. -# -#### - -- name: tmp dir for openshift -  file: -    path: /tmp/openshift -    state: directory -    owner: root -    mode: 0700 - -- name: Create service account configs -  template: -    src: serviceaccount.j2 -    dest: "/tmp/openshift/{{ item }}-serviceaccount.yaml" -  with_items: '{{ openshift_serviceaccounts_names }}' - -- name: Get current security context constraints -  shell: > -    {{ openshift.common.client_binary }} get scc privileged -o yaml -    --output-version=v1 > /tmp/openshift/scc.yaml -  changed_when: false - -- name: Add security context constraint for {{ item }} -  lineinfile: -    dest: /tmp/openshift/scc.yaml -    line: "- system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}" -    insertafter: "^users:$" -  when: "item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users }}" -  with_nested: -  - '{{ openshift_serviceaccounts_names }}' -  - '{{ scc_test.results }}' - -- name: Apply new scc rules for service accounts -  command: "{{ openshift.common.client_binary }} update -f /tmp/openshift/scc.yaml --api-version=v1" diff --git a/roles/openshift_serviceaccounts/tasks/main.yml b/roles/openshift_serviceaccounts/tasks/main.yml deleted file mode 100644 index 1d570fa5b..000000000 --- a/roles/openshift_serviceaccounts/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: create the service account -  oc_serviceaccount: -    name: "{{ item }}" -    namespace: "{{ openshift_serviceaccounts_namespace }}" -    state: present -  with_items: -  - "{{ openshift_serviceaccounts_names }}" - -- name: test if scc needs to be updated -  command: > -      {{ openshift.common.client_binary }} get scc {{ item }} -o yaml -  changed_when: false -  failed_when: false -  register: scc_test -  with_items: "{{ openshift_serviceaccounts_sccs }}" - -- name: Grant the user access to the appropriate scc -  command: > -      {{ openshift.common.client_binary }} adm policy add-scc-to-user -      {{ item.1.item }} system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }} -  when: "openshift.common.version_gte_3_1_or_1_1 and item.1.rc == 0 and 'system:serviceaccount:{{ openshift_serviceaccounts_namespace }}:{{ item.0 }}' not in {{ (item.1.stdout | from_yaml).users | default([]) }}" -  with_nested: -  - "{{ openshift_serviceaccounts_names }}" -  - "{{ scc_test.results }}" - -- include: legacy_add_scc_to_user.yml -  when: not openshift.common.version_gte_3_1_or_1_1 diff --git a/roles/openshift_serviceaccounts/templates/serviceaccount.j2 b/roles/openshift_serviceaccounts/templates/serviceaccount.j2 deleted file mode 100644 index c5f12421f..000000000 --- a/roles/openshift_serviceaccounts/templates/serviceaccount.j2 +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: -  name: {{ item.0 }} | 
