Merge "Move away from md5 digests in managing octavia amphora images" into stable/victoria

tripleo_ansible/roles/octavia_undercloud/tasks/image_mgmt.yml

@@ -25,6 +25,43 @@
     - amphora_image is undefined
     - (image_file_result.stat.exists | bool) and (not (symlnk_check.stat.islnk | bool))
 
+- name: Capture the file's checksum
+  set_fact:
+    image_checksum: "{{ image_file_result.stat.checksum }}"
+  when:
+    - image_file_result.stat.exists | bool
+
+- name: Convert image if indicated
+  when:
+    - amp_to_raw | bool
+  block:
+    - name: create temporary directory
+      tempfile:
+        state: directory
+      register: amp_tmp_dir
+
+    - name: set RAW file name
+      set_fact:
+        raw_filename: "{{ amp_tmp_dir.path }}/{{ image_filename|splitext|first|basename }}.img"
+
+    - name: convert image from qcow2 to raw
+      shell: |
+        qemu-img convert -f qcow2 -O raw {{ image_filename }} {{ raw_filename }}
+
+    - name: setting amphora format to raw
+      set_fact:
+        raw_format: raw
+
+    - name: get the checksum for the converted file
+      stat:
+        path: "{{ raw_filename }}"
+        get_checksum: true
+      register: raw_file_result
+
+    - name: update image_checksum with checksum of the converted file
+      set_fact:
+        image_checksum: "{{ raw_file_result.stat.checksum }}"
+
 - name: gather facts about the service project
   shell: |
     openstack project show "{{ auth_project_name }}" -c id -f value
@@ -50,7 +87,7 @@
 
 - name: get checksum if there's an image in glance already
   shell: |
-    openstack image show {{ glance_id_result.stdout }} -c checksum -f value
+    openstack image show {{ glance_id_result.stdout }} -c properties -f json
   environment:
     OS_USERNAME: "{{ auth_username }}"
     OS_PASSWORD: "{{ auth_password }}"
@@ -60,20 +97,69 @@
   register: glance_results
   failed_when: false
 
-- name: set current_md5 fact from glance if image already exists there
+- name: set current_checksum fact from glance if image already exists there
   set_fact:
-    current_md5: "{{ glance_results.stdout }}"
+    current_image_facts: "{{ glance_results.stdout | from_json  }}"
   when:
     - glance_results.rc is defined
     - glance_results.rc == 0
 
+- name: store the current checksum if available
+  when:
+    - current_image_facts.properties.image_checksum is defined
+  set_fact:
+    current_checksum: "{{ current_image_facts.properties.image_checksum }}"
+
+- name: calculate the image checksum if it is missing
+  when:
+    - image_id is defined
+    - current_checksum is not defined
+  block:
+    - name: create temporary directory
+      tempfile:
+        state: directory
+      register: amp_tmp_dir
+
+    - name: download the current amphora image
+      command: |
+        openstack image save --file "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp" {{ image_id }}
+      environment:
+        OS_USERNAME: "{{ auth_username }}"
+        OS_PASSWORD: "{{ auth_password }}"
+        OS_PROJECT_NAME: "{{ auth_project_name }}"
+
+    - name: calculate the missing checksum
+      stat:
+        path: "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp"
+        get_checksum: true
+      register: tmp_file_result
+
+    - name: update current checksum fact
+      set_fact:
+        current_checksum: "{{ tmp_file_result.stat.checksum }}"
+
+    - name: store the property on the image so it is there next time
+      command: |
+        openstack image set --property image_checksum={{ current_checksum }}  {{ image_id }}
+      environment:
+        OS_USERNAME: "{{ auth_username }}"
+        OS_PASSWORD: "{{ auth_password }}"
+        OS_PROJECT_NAME: "{{ auth_project_name }}"
+
+    - name: remove the temporary copy of the current amphora image
+      file:
+        path: "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp"
+        state: absent
+
+
 - name: determine if the image needs to be replaced
   set_fact:
-    replace_image: "{{ current_md5 != image_file_result.stat.md5 }}"
+    replace_image: "{{ current_checksum != image_checksum }}"
   when:
-    - current_md5 is defined
+    - current_checksum is defined
+    - image_checksum is defined
 
-- name: move existing image if the names match and the md5s are not the same
+- name: move existing image if the names match and the checksums are not the same
   shell: |
     ts=`openstack image show {{ image_id }} -f value -c created_at`
     ts=${ts//:/}
@@ -90,27 +176,7 @@
   set_fact:
     upload_image: true
   when:
-    - (current_md5 is not defined) or (replace_image is defined and replace_image | bool)
-
-- block:
-    - name: create temporary directory
-      tempfile:
-        state: directory
-      register: amp_tmp_dir
-
-    - name: set RAW file name
-      set_fact:
-        raw_filename: "{{ amp_tmp_dir.path }}/{{ image_filename|splitext|first|basename }}.img"
-
-    - name: convert image from qcow2 to raw
-      shell: |
-        qemu-img convert -f qcow2 -O raw {{ image_filename }} {{ raw_filename }}
-
-    - name: setting amphora format to raw
-      set_fact:
-        raw_format: raw
-  when:
-    - amp_to_raw | bool
+    - (current_checksum is not defined) or (replace_image is defined and replace_image | bool)
 
 - name: upload image to glance
   shell: |
@@ -118,6 +184,7 @@
       --container-format bare --tag {{ amp_image_tag }} \
       --file {{ raw_filename|default(image_filename) }} \
       --property hw_architecture={{ amp_hw_arch }} \
+      --property image_checksum={{ image_checksum }} \
       --private {{ amphora_image }}
   environment:
     OS_USERNAME: "{{ auth_username }}"
@@ -130,8 +197,8 @@
     - upload_image is defined
 
 - name: delete converted raw image
+  when:
+    - amp_tmp_dir.path is defined
   file:
     path: "{{ amp_tmp_dir.path }}"
     state: absent
-  when:
-    - amp_to_raw | bool

tripleo_ansible/roles/octavia_undercloud/tasks/main.yml

@@ -25,7 +25,7 @@
   stat:
     path: "{{ image_filename }}"
     follow: true
-    get_md5: true
+    get_checksum: true
   register: image_file_result
 
 - include_tasks: image_mgmt.yml