tripleo_container_manage: add safeguard against wrong healthcheck config

If a container config has by mistake a healthcheck but no systemd restart policy, we don't want to manage the healthcheck because it requires its service to be created. To prevent that situation, we'll create the healthchecks only if they are already part of the systemd services list that was created earlier. For that, we're using the intersect() filter which allows to get the intersection of 2 lists (systemd services and healthchecks to create). Adding molecule coverage to test this scenario. Closes-Bug: #1873249 Change-Id: Id5cc784bae597def0648f07d28b6463b387d2212
2020-04-16 08:51:32 -04:00 · 2020-04-16 08:51:32 -04:00 · 04f16051cc
parent cfd3e13ff7
commit 04f16051cc
3 changed files with 26 additions and 4 deletions
--- a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml
+++ b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml
@ -62,6 +62,21 @@
              - tripleo_fedora_healthcheck_active_result.rc == 0
            fail_msg: 'tripleo_fedora systemd healthcheck service is not active'
            success_msg: 'tripleo_fedora systemd healthcheck service is active'
+        - name: Check if tripleo_fedora_bis has systemd service
+          stat:
+            path: /etc/systemd/system/tripleo_fedora_bis.service
+          register: stat_tripleo_fedora_bis_systemd
+        - name: Check if tripleo_fedora_bis has systemd healthcheck timer
+          stat:
+            path: /etc/systemd/system/tripleo_fedora_bis_healthcheck.timer
+          register: stat_tripleo_fedora_bis_systemd_timer
+        - name: Assert that tripleo_fedora_bis has no systemd integration
+          assert:
+            that:
+              - not stat_tripleo_fedora_bis_systemd.stat.exists
+              - not stat_tripleo_fedora_bis_systemd_timer.stat.exists
+            fail_msg: 'tripleo_fedora_bis has systemd service'
+            success_msg: 'tripleo_fedora_bis has no systemd service'
    - name: Verify that Fedora bis container was created correctly
      block:
        - name: Check for fedora_bis container
--- a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml
+++ b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml
@ -43,7 +43,8 @@
          {
            "image": "fedora:latest",
            "net": "host",
-            "command": "sleep 3600"
+            "command": "sleep 3600",
+            "healthcheck": { "test": "echo test" }
          }
        dest: '/tmp/container-configs/fedora_bis.json'
    - name: Create a third configuration file for a fedora container
--- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/systemd.yml
+++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/systemd.yml
@ -14,10 +14,16 @@
 # License for the specific language governing permissions and limitations
 # under the License.

- name: Set container_name and container_sysd facts
+- name: Set container_config fact
  set_fact:
-    container_config: "{{ data | list | haskey(attribute='restart', value=['always','unless-stopped'], any=True) }}"
-    container_config_healthcheck: "{{ data | list | haskey(attribute='healthcheck') }}"
+    container_config: "{{ data | list | haskey(attribute='restart', value=['always','unless-stopped'], any=True) | default([]) }}"
+
+- name: Set container_config_healthcheck fact
+  set_fact:
+    # Using intersect to prevent a service which isn't controlled by systemd
+    # but has healthcheck in its configuration (by mistake)
+    # See https://bugs.launchpad.net/tripleo/+bug/1873249
+    container_config_healthcheck: "{{ data | list | haskey(attribute='healthcheck') | intersect(container_config) | default([]) }}"

 - name: "Manage systemd files"
  no_log: "{{ not tripleo_container_manage_debug }}"