From 04f16051cc112180d4fb66fc002a453c1ede23d2 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 16 Apr 2020 08:51:32 -0400 Subject: [PATCH] tripleo_container_manage: add safeguard against wrong healthcheck config If a container config has by mistake a healthcheck but no systemd restart policy, we don't want to manage the healthcheck because it requires its service to be created. To prevent that situation, we'll create the healthchecks only if they are already part of the systemd services list that was created earlier. For that, we're using the intersect() filter which allows to get the intersection of 2 lists (systemd services and healthchecks to create). Adding molecule coverage to test this scenario. Closes-Bug: #1873249 Change-Id: Id5cc784bae597def0648f07d28b6463b387d2212 --- .../molecule/default/converge.yml | 15 +++++++++++++++ .../molecule/default/prepare.yml | 3 ++- .../tasks/podman/systemd.yml | 12 +++++++++--- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml index 95e551f78..8052eb174 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/converge.yml @@ -62,6 +62,21 @@ - tripleo_fedora_healthcheck_active_result.rc == 0 fail_msg: 'tripleo_fedora systemd healthcheck service is not active' success_msg: 'tripleo_fedora systemd healthcheck service is active' + - name: Check if tripleo_fedora_bis has systemd service + stat: + path: /etc/systemd/system/tripleo_fedora_bis.service + register: stat_tripleo_fedora_bis_systemd + - name: Check if tripleo_fedora_bis has systemd healthcheck timer + stat: + path: /etc/systemd/system/tripleo_fedora_bis_healthcheck.timer + register: stat_tripleo_fedora_bis_systemd_timer + - name: Assert that tripleo_fedora_bis has no systemd integration + assert: + that: + - not stat_tripleo_fedora_bis_systemd.stat.exists + - not stat_tripleo_fedora_bis_systemd_timer.stat.exists + fail_msg: 'tripleo_fedora_bis has systemd service' + success_msg: 'tripleo_fedora_bis has no systemd service' - name: Verify that Fedora bis container was created correctly block: - name: Check for fedora_bis container diff --git a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml index 76c9095a6..a7c4d4528 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/molecule/default/prepare.yml @@ -43,7 +43,8 @@ { "image": "fedora:latest", "net": "host", - "command": "sleep 3600" + "command": "sleep 3600", + "healthcheck": { "test": "echo test" } } dest: '/tmp/container-configs/fedora_bis.json' - name: Create a third configuration file for a fedora container diff --git a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/systemd.yml b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/systemd.yml index 9c22ebc31..98cd1ead7 100644 --- a/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/systemd.yml +++ b/tripleo_ansible/roles/tripleo_container_manage/tasks/podman/systemd.yml @@ -14,10 +14,16 @@ # License for the specific language governing permissions and limitations # under the License. -- name: Set container_name and container_sysd facts +- name: Set container_config fact set_fact: - container_config: "{{ data | list | haskey(attribute='restart', value=['always','unless-stopped'], any=True) }}" - container_config_healthcheck: "{{ data | list | haskey(attribute='healthcheck') }}" + container_config: "{{ data | list | haskey(attribute='restart', value=['always','unless-stopped'], any=True) | default([]) }}" + +- name: Set container_config_healthcheck fact + set_fact: + # Using intersect to prevent a service which isn't controlled by systemd + # but has healthcheck in its configuration (by mistake) + # See https://bugs.launchpad.net/tripleo/+bug/1873249 + container_config_healthcheck: "{{ data | list | haskey(attribute='healthcheck') | intersect(container_config) | default([]) }}" - name: "Manage systemd files" no_log: "{{ not tripleo_container_manage_debug }}"