Use blockinfile for tripleo-ssh-known-hosts
lineinfile combined with with_items was very inefficient for this task. Given that each node's hostkey is added to every other host, it resulted in O(n²) performance. Additional networks per node also worsened the problem. For example, in a 100 node deployment, with 4 networks per node, this task would need to be executed 40,000 times (100 * 100 * 4). Switching to use blockinfile brings the performance back to O(n), and also removes any dependency on the number of networks per node. This change also backports the task layout which improves general performance and functionality of the role. Change-Id: Id51d27f53abf3421c29a11065377e9303ad68d79 (cherry picked from commit 4157d7a5df083a49bfb3b1d1c7cd5f233c1930c4) Signed-off-by: Kevin Carter <kecarter@redhat.com>
This commit is contained in:
parent
74991a643a
commit
e394318edb
|
@ -10,21 +10,51 @@
|
|||
tempfile:
|
||||
state: file
|
||||
register: ssh_known_hosts_tmp
|
||||
|
||||
- name: Check for ssh_known_hosts file
|
||||
stat:
|
||||
path: /etc/ssh/ssh_known_hosts
|
||||
register: _ssh_known_hosts
|
||||
|
||||
- name: Create a temporary copy of ssh_known_hosts
|
||||
shell: |
|
||||
if [[ -e /etc/ssh/ssh_known_hosts ]]; then
|
||||
cat /etc/ssh/ssh_known_hosts > '{{ ssh_known_hosts_tmp.path }}'
|
||||
fi
|
||||
slurp:
|
||||
src: "/etc/ssh/ssh_known_hosts"
|
||||
register: existing_ssh_known_hosts
|
||||
when:
|
||||
- _ssh_known_hosts.stat.exists | bool
|
||||
|
||||
- name: Write temporary file
|
||||
copy:
|
||||
content: "{{ existing_ssh_known_hosts['content'] | b64decode }}"
|
||||
dest: "{{ ssh_known_hosts_tmp.path }}"
|
||||
when:
|
||||
- _ssh_known_hosts.stat.exists | bool
|
||||
|
||||
- name: Set ssh_known_hosts fact
|
||||
run_once: true
|
||||
set_fact:
|
||||
ssh_known_hosts_lines: |-
|
||||
{%- for item in groups['overcloud'] | intersect(play_hosts) %}
|
||||
{{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] ~ ' ssh-rsa ' ~ hostvars[item]['ansible_ssh_host_key_rsa_public'] }}
|
||||
{% endfor %}
|
||||
|
||||
- name: Add host keys to temporary ssh_known_hosts
|
||||
lineinfile:
|
||||
blockinfile:
|
||||
path: "{{ ssh_known_hosts_tmp.path }}"
|
||||
line: "{{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] + ' ssh-rsa ' + hostvars[item]['ansible_ssh_host_key_rsa_public'] }}"
|
||||
create: yes
|
||||
with_items: "{{ groups['overcloud']|intersect(play_hosts) }}"
|
||||
block: "{{ ssh_known_hosts_lines }}"
|
||||
create: true
|
||||
|
||||
# Workaround https://bugs.launchpad.net/tripleo/+bug/1810932
|
||||
# Ansible modules perform a replace instead of in-place modification.
|
||||
# This breaks propagation of changes to containers that bind mount ssh_known_hosts
|
||||
- name: In-place update of /etc/ssh_known_hosts
|
||||
shell: |
|
||||
shell: |-
|
||||
cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts
|
||||
rm -f '{{ ssh_known_hosts_tmp.path }}'
|
||||
|
||||
- name: Remove temp file
|
||||
file:
|
||||
path: "{{ ssh_known_hosts_tmp.path }}"
|
||||
state: absent
|
||||
tags:
|
||||
- tripleo_ssh_known_hosts
|
||||
|
||||
|
|
Loading…
Reference in New Issue