Use blockinfile for tripleo-ssh-known-hosts

lineinfile combined with with_items was very inefficient for this task. Given that each node's hostkey is added to every other host, it resulted in O(n²) performance. Additional networks per node also worsened the problem. For example, in a 100 node deployment, with 4 networks per node, this task would need to be executed 40,000 times (100 * 100 * 4). Switching to use blockinfile brings the performance back to O(n), and also removes any dependency on the number of networks per node. This change also backports the task layout which improves general performance and functionality of the role. Change-Id: Id51d27f53abf3421c29a11065377e9303ad68d79 (cherry picked from commit 4157d7a5df083a49bfb3b1d1c7cd5f233c1930c4) Signed-off-by: Kevin Carter <kecarter@redhat.com>
2019-09-09 12:33:17 -05:00 · 2019-09-09 12:33:17 -05:00 · ddf5afa2c3
parent 609c1a8d7d
commit ddf5afa2c3
1 changed files with 40 additions and 10 deletions
--- a/roles/tripleo-ssh-known-hosts/tasks/main.yml
+++ b/roles/tripleo-ssh-known-hosts/tasks/main.yml
@ -9,21 +9,51 @@
      tempfile:
        state: file
      register: ssh_known_hosts_tmp
+
+    - name: Check for ssh_known_hosts file
+      stat:
+        path: /etc/ssh/ssh_known_hosts
+      register: _ssh_known_hosts
+
    - name: Create a temporary copy of ssh_known_hosts
-      shell: |
-        if [[ -e /etc/ssh/ssh_known_hosts ]]; then
-          cat /etc/ssh/ssh_known_hosts > '{{ ssh_known_hosts_tmp.path }}'
-        fi
+      slurp:
+        src: "/etc/ssh/ssh_known_hosts"
+      register: existing_ssh_known_hosts
+      when:
+        - _ssh_known_hosts.stat.exists | bool
+
+    - name: Write temporary file
+      copy:
+        content: "{{ existing_ssh_known_hosts['content'] | b64decode }}"
+        dest: "{{ ssh_known_hosts_tmp.path }}"
+      when:
+        - _ssh_known_hosts.stat.exists | bool
+
+    - name: Set ssh_known_hosts fact
+      run_once: true
+      set_fact:
+        ssh_known_hosts_lines: |-
+          {%- for item in groups['overcloud'] | intersect(play_hosts) %}
+          {{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] ~ ' ssh-rsa ' ~ hostvars[item]['ansible_ssh_host_key_rsa_public'] }}
+          {% endfor %}
+
    - name: Add host keys to temporary ssh_known_hosts
-      lineinfile:
+      blockinfile:
        path: "{{ ssh_known_hosts_tmp.path }}"
-        line: "{{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] + ' ssh-rsa ' + hostvars[item]['ansible_ssh_host_key_rsa_public'] }}"
-        create: yes
-      with_items: "{{ groups['overcloud']|intersect(play_hosts) }}"
+        block: "{{ ssh_known_hosts_lines }}"
+        create: true
+
+    # Workaround https://bugs.launchpad.net/tripleo/+bug/1810932
+    # Ansible modules perform a replace instead of in-place modification.
+    # This breaks propagation of changes to containers that bind mount ssh_known_hosts
    - name: In-place update of /etc/ssh_known_hosts
-      shell: |
+      shell: |-
        cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts
-        rm -f '{{ ssh_known_hosts_tmp.path }}'
+
+    - name: Remove temp file
+      file:
+        path: "{{ ssh_known_hosts_tmp.path }}"
+        state: absent
  tags:
    - tripleo_ssh_known_hosts