Move away from md5 digests in managing octavia amphora images
This patch changes the image management code from using deprecated md5
checksum methods to sha digests.
This patch also fixes amphora update code so it uses the checksum of the
image after conversion to raw if it raw conversion was enabled.
Closes-Bug: #1843059
Change-Id: I1817f11bcce90ab5ac29ea3bbf30b3dbf488de5f
(cherry picked from commit 7d212d68c5
)
This commit is contained in:
parent
985e7a9f94
commit
4fcd5cac1e
|
@ -25,6 +25,43 @@
|
|||
- amphora_image is undefined
|
||||
- (image_file_result.stat.exists | bool) and (not (symlnk_check.stat.islnk | bool))
|
||||
|
||||
- name: Capture the file's checksum
|
||||
set_fact:
|
||||
image_checksum: "{{ image_file_result.stat.checksum }}"
|
||||
when:
|
||||
- image_file_result.stat.exists | bool
|
||||
|
||||
- name: Convert image if indicated
|
||||
when:
|
||||
- amp_to_raw | bool
|
||||
block:
|
||||
- name: create temporary directory
|
||||
tempfile:
|
||||
state: directory
|
||||
register: amp_tmp_dir
|
||||
|
||||
- name: set RAW file name
|
||||
set_fact:
|
||||
raw_filename: "{{ amp_tmp_dir.path }}/{{ image_filename|splitext|first|basename }}.img"
|
||||
|
||||
- name: convert image from qcow2 to raw
|
||||
shell: |
|
||||
qemu-img convert -f qcow2 -O raw {{ image_filename }} {{ raw_filename }}
|
||||
|
||||
- name: setting amphora format to raw
|
||||
set_fact:
|
||||
raw_format: raw
|
||||
|
||||
- name: get the checksum for the converted file
|
||||
stat:
|
||||
path: "{{ raw_filename }}"
|
||||
get_checksum: true
|
||||
register: raw_file_result
|
||||
|
||||
- name: update image_checksum with checksum of the converted file
|
||||
set_fact:
|
||||
image_checksum: "{{ raw_file_result.stat.checksum }}"
|
||||
|
||||
- name: gather facts about the service project
|
||||
shell: |
|
||||
openstack project show "{{ auth_project_name }}" -c id -f value
|
||||
|
@ -50,7 +87,7 @@
|
|||
|
||||
- name: get checksum if there's an image in glance already
|
||||
shell: |
|
||||
openstack image show {{ glance_id_result.stdout }} -c checksum -f value
|
||||
openstack image show {{ glance_id_result.stdout }} -c properties -f json
|
||||
environment:
|
||||
OS_USERNAME: "{{ auth_username }}"
|
||||
OS_PASSWORD: "{{ auth_password }}"
|
||||
|
@ -60,20 +97,69 @@
|
|||
register: glance_results
|
||||
failed_when: false
|
||||
|
||||
- name: set current_md5 fact from glance if image already exists there
|
||||
- name: set current_checksum fact from glance if image already exists there
|
||||
set_fact:
|
||||
current_md5: "{{ glance_results.stdout }}"
|
||||
current_image_facts: "{{ glance_results.stdout | from_json }}"
|
||||
when:
|
||||
- glance_results.rc is defined
|
||||
- glance_results.rc == 0
|
||||
|
||||
- name: store the current checksum if available
|
||||
when:
|
||||
- current_image_facts.properties.image_checksum is defined
|
||||
set_fact:
|
||||
current_checksum: "{{ current_image_facts.properties.image_checksum }}"
|
||||
|
||||
- name: calculate the image checksum if it is missing
|
||||
when:
|
||||
- image_id is defined
|
||||
- current_checksum is not defined
|
||||
block:
|
||||
- name: create temporary directory
|
||||
tempfile:
|
||||
state: directory
|
||||
register: amp_tmp_dir
|
||||
|
||||
- name: download the current amphora image
|
||||
command: |
|
||||
openstack image save --file "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp" {{ image_id }}
|
||||
environment:
|
||||
OS_USERNAME: "{{ auth_username }}"
|
||||
OS_PASSWORD: "{{ auth_password }}"
|
||||
OS_PROJECT_NAME: "{{ auth_project_name }}"
|
||||
|
||||
- name: calculate the missing checksum
|
||||
stat:
|
||||
path: "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp"
|
||||
get_checksum: true
|
||||
register: tmp_file_result
|
||||
|
||||
- name: update current checksum fact
|
||||
set_fact:
|
||||
current_checksum: "{{ tmp_file_result.stat.checksum }}"
|
||||
|
||||
- name: store the property on the image so it is there next time
|
||||
command: |
|
||||
openstack image set --property image_checksum={{ current_checksum }} {{ image_id }}
|
||||
environment:
|
||||
OS_USERNAME: "{{ auth_username }}"
|
||||
OS_PASSWORD: "{{ auth_password }}"
|
||||
OS_PROJECT_NAME: "{{ auth_project_name }}"
|
||||
|
||||
- name: remove the temporary copy of the current amphora image
|
||||
file:
|
||||
path: "{{ amp_tmp_dir.path }}/{{ image_id }}.tmp"
|
||||
state: absent
|
||||
|
||||
|
||||
- name: determine if the image needs to be replaced
|
||||
set_fact:
|
||||
replace_image: "{{ current_md5 != image_file_result.stat.md5 }}"
|
||||
replace_image: "{{ current_checksum != image_checksum }}"
|
||||
when:
|
||||
- current_md5 is defined
|
||||
- current_checksum is defined
|
||||
- image_checksum is defined
|
||||
|
||||
- name: move existing image if the names match and the md5s are not the same
|
||||
- name: move existing image if the names match and the checksums are not the same
|
||||
shell: |
|
||||
ts=`openstack image show {{ image_id }} -f value -c created_at`
|
||||
ts=${ts//:/}
|
||||
|
@ -90,27 +176,7 @@
|
|||
set_fact:
|
||||
upload_image: true
|
||||
when:
|
||||
- (current_md5 is not defined) or (replace_image is defined and replace_image | bool)
|
||||
|
||||
- block:
|
||||
- name: create temporary directory
|
||||
tempfile:
|
||||
state: directory
|
||||
register: amp_tmp_dir
|
||||
|
||||
- name: set RAW file name
|
||||
set_fact:
|
||||
raw_filename: "{{ amp_tmp_dir.path }}/{{ image_filename|splitext|first|basename }}.img"
|
||||
|
||||
- name: convert image from qcow2 to raw
|
||||
shell: |
|
||||
qemu-img convert -f qcow2 -O raw {{ image_filename }} {{ raw_filename }}
|
||||
|
||||
- name: setting amphora format to raw
|
||||
set_fact:
|
||||
raw_format: raw
|
||||
when:
|
||||
- amp_to_raw | bool
|
||||
- (current_checksum is not defined) or (replace_image is defined and replace_image | bool)
|
||||
|
||||
- name: upload image to glance
|
||||
shell: |
|
||||
|
@ -118,6 +184,7 @@
|
|||
--container-format bare --tag {{ amp_image_tag }} \
|
||||
--file {{ raw_filename|default(image_filename) }} \
|
||||
--property hw_architecture={{ amp_hw_arch }} \
|
||||
--property image_checksum={{ image_checksum }} \
|
||||
--private {{ amphora_image }}
|
||||
environment:
|
||||
OS_USERNAME: "{{ auth_username }}"
|
||||
|
@ -130,8 +197,8 @@
|
|||
- upload_image is defined
|
||||
|
||||
- name: delete converted raw image
|
||||
when:
|
||||
- amp_tmp_dir.path is defined
|
||||
file:
|
||||
path: "{{ amp_tmp_dir.path }}"
|
||||
state: absent
|
||||
when:
|
||||
- amp_to_raw | bool
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
stat:
|
||||
path: "{{ image_filename }}"
|
||||
follow: true
|
||||
get_md5: true
|
||||
get_checksum: true
|
||||
register: image_file_result
|
||||
|
||||
- include_tasks: image_mgmt.yml
|
||||
|
|
Loading…
Reference in New Issue