afs-release: don't use paramiko

It is always something ... paramiko 2.0.0 in Bionic does not have
support for ed25519 keys which we have setup for the vos_release user.
Rather than reworking the entire chain deploying that key, switch to
calling ssh directly.

Change-Id: Iacb0812f475c178189d2233b3a2324337f3bb419

playbooks/roles/afs-release/files/release-volumes.py

@@ -29,8 +29,6 @@ import subprocess
 
 from contextlib import contextmanager
 from datetime import datetime
-from paramiko import SSHClient
-
 
 VOLUMES = ['docs',
            'docs.dev',
@@ -71,20 +69,31 @@ def get_last_update(volume):
     return ret
 
 
-def release(volume, host, key, stats):
+def release(volume, host, user, key, stats):
     log.info("Releasing %s" % volume)
 
     vn = volume.replace('.','_')
 
     with stats.timer('%s.%s' % (STATSD_PREFIX, vn)):
-        client = SSHClient()
+        # NOTE(ianw) : clearly paramiko would be better, but bionic
-        client.load_host_keys(key)
+        # version 2.0.0 can't read a ed25519 key which we used in the
-        client.connect(host)
+        # all the other ansible setup.
-        stdin, stdout, stderr = client.exec_command('vos release %s' % volume)
+        cmd = ('ssh', '-T', '-i', '%s' % key,
-        for line in stdout.readlines():
+               '%s@%s' % (user, host), '--',
+               'vos', 'release', volume)
+        log.debug('Running: %s' % ' '.join(cmd))
+        p = subprocess.Popen(cmd,
+                             shell=False,
+                             stdout=subprocess.PIPE,
+                             stderr=subprocess.PIPE,
+                             universal_newlines=True)
+        output, error = p.communicate()
+        for line in output.split('\n'):
             log.debug(line)
-            client.close()
+        if not error:
-        logging.info("Release of %s successful" % volume)
+            log.info("Release of %s successful" % volume)
+        else:
+            log.error("Release of %s failed" % volume)
 
 
 def check_release(volume):
@@ -119,7 +128,7 @@ def get_lock(path):
         f.flush()
         log.debug("Acquired release lock")
         yield
-        logging.debug("Release lock")
+        log.debug("Release lock")
         fcntl.flock(f, fcntl.LOCK_UN)
 
 
@@ -134,6 +143,8 @@ def main():
                         help="Force vos release, even if not required")
     parser.add_argument('--skip-release', action='store_true',
                         help="Skip vos release, even if required")
+    parser.add_argument('--ssh-user', action='store',
+                        default='vos_release', help="SSH user on remote host")
     parser.add_argument('--ssh-identity', action='store',
                         default='/root/.ssh/id_vos_release',
                         help="SSH identify file for remote vos release")
@@ -168,8 +179,8 @@ def main():
                 if args.skip_release:
                     log.info("Force skipping release")
                 else:
-                    release(volume, args.ssh_server, args.ssh_identity,
+                    release(volume, args.ssh_server, args.ssh_user,
-                        stats)
+                            args.ssh_identity, stats)
 
     log.debug("--- Complete %s ---" % datetime.now())
 

playbooks/roles/afs-release/files/requirements.txt

@@ -1,2 +1 @@
-paramiko # LGPL 2.1
 statsd>=3.2.1 # MIT

playbooks/roles/afs-release/tasks/main.yaml

@@ -24,7 +24,6 @@
   package:
     name:
       - python3-statsd
-      - python3-paramiko
     state: present
 
 - name: Install release cron job