afs-release: don't use paramiko

It is always something ... paramiko 2.0.0 in Bionic does not have support for ed25519 keys which we have setup for the vos_release user. Rather than reworking the entire chain deploying that key, switch to calling ssh directly. Change-Id: Iacb0812f475c178189d2233b3a2324337f3bb419
2020-02-13 21:07:43 +11:00 · 2020-02-13 21:07:43 +11:00 · e1628a667a
parent 30297fb10d
commit e1628a667a
3 changed files with 24 additions and 15 deletions
--- a/playbooks/roles/afs-release/files/release-volumes.py
+++ b/playbooks/roles/afs-release/files/release-volumes.py
@ -29,8 +29,6 @@ import subprocess

 from contextlib import contextmanager
 from datetime import datetime
-from paramiko import SSHClient
-

 VOLUMES = ['docs',
           'docs.dev',
@ -71,20 +69,31 @@ def get_last_update(volume):
    return ret


-def release(volume, host, key, stats):
+def release(volume, host, user, key, stats):
    log.info("Releasing %s" % volume)

    vn = volume.replace('.','_')

    with stats.timer('%s.%s' % (STATSD_PREFIX, vn)):
-        client = SSHClient()
-        client.load_host_keys(key)
-        client.connect(host)
-        stdin, stdout, stderr = client.exec_command('vos release %s' % volume)
-        for line in stdout.readlines():
+        # NOTE(ianw) : clearly paramiko would be better, but bionic
+        # version 2.0.0 can't read a ed25519 key which we used in the
+        # all the other ansible setup.
+        cmd = ('ssh', '-T', '-i', '%s' % key,
+               '%s@%s' % (user, host), '--',
+               'vos', 'release', volume)
+        log.debug('Running: %s' % ' '.join(cmd))
+        p = subprocess.Popen(cmd,
+                             shell=False,
+                             stdout=subprocess.PIPE,
+                             stderr=subprocess.PIPE,
+                             universal_newlines=True)
+        output, error = p.communicate()
+        for line in output.split('\n'):
            log.debug(line)
-            client.close()
-        logging.info("Release of %s successful" % volume)
+        if not error:
+            log.info("Release of %s successful" % volume)
+        else:
+            log.error("Release of %s failed" % volume)


 def check_release(volume):
@ -119,7 +128,7 @@ def get_lock(path):
        f.flush()
        log.debug("Acquired release lock")
        yield
-        logging.debug("Release lock")
+        log.debug("Release lock")
        fcntl.flock(f, fcntl.LOCK_UN)


@ -134,6 +143,8 @@ def main():
                        help="Force vos release, even if not required")
    parser.add_argument('--skip-release', action='store_true',
                        help="Skip vos release, even if required")
+    parser.add_argument('--ssh-user', action='store',
+                        default='vos_release', help="SSH user on remote host")
    parser.add_argument('--ssh-identity', action='store',
                        default='/root/.ssh/id_vos_release',
                        help="SSH identify file for remote vos release")
@ -168,8 +179,8 @@ def main():
                if args.skip_release:
                    log.info("Force skipping release")
                else:
-                    release(volume, args.ssh_server, args.ssh_identity,
-                        stats)
+                    release(volume, args.ssh_server, args.ssh_user,
+                            args.ssh_identity, stats)

    log.debug("--- Complete %s ---" % datetime.now())

--- a/playbooks/roles/afs-release/files/requirements.txt
+++ b/playbooks/roles/afs-release/files/requirements.txt
@ -1,2 +1 @@
-paramiko # LGPL 2.1
 statsd>=3.2.1 # MIT
--- a/playbooks/roles/afs-release/tasks/main.yaml
+++ b/playbooks/roles/afs-release/tasks/main.yaml
@ -24,7 +24,6 @@
  package:
    name:
      - python3-statsd
-      - python3-paramiko
    state: present

 - name: Install release cron job