From bfb8b2b7fddb8aaaed6579cfa3bf3d6e13d0dec3 Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Fri, 28 Feb 2020 13:59:47 -0500
Subject: [PATCH] Cleanup tasks for container-puppet.py

- When Paunch is disabled, don't create container-puppet.py and if the
  file exists, make sure we remove it so operators don't run it by
  accident.
- Remove the reference of that script from the README and the commands,
  to make it clear there is a new tool now.

Change-Id: I5032eef6567b37c02fe53dea852aadff3e185eec
---
 common/deploy-steps-tasks-step-0.j2.yaml | 11 ++++++++++-
 common/deploy-steps-tasks-step-1.yaml    |  2 +-
 common/deploy-steps-tasks.yaml           | 14 +++++++-------
 common/deploy-steps.j2                   |  6 ++++--
 common/generate-config-tasks.yaml        |  4 ++--
 deployment/README.rst                    |  7 ++++---
 6 files changed, 28 insertions(+), 16 deletions(-)

diff --git a/common/deploy-steps-tasks-step-0.j2.yaml b/common/deploy-steps-tasks-step-0.j2.yaml
index 18c6edcc81..836be12968 100644
--- a/common/deploy-steps-tasks-step-0.j2.yaml
+++ b/common/deploy-steps-tasks-step-0.j2.yaml
@@ -9,9 +9,18 @@
 - name: Create /var/lib/container-puppet
   no_log: True
   file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
-- name: Write container-puppet.py
+- name: Write container-puppet.py if Paunch is enabled
   no_log: True
   copy: src=docker_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.py force=yes mode=0600
+  when:
+    - enable_paunch|default(false)
+- name: Remove container-puppet.py if Paunch is disabled
+  no_log: True
+  file:
+    path: /var/lib/container-puppet/container-puppet.py
+    state: absent
+  when:
+    - not enable_paunch|default(false)
 - name: Write container-puppet.sh
   no_log: True
   copy: src=container_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.sh force=yes mode=0755 setype=container_file_t
diff --git a/common/deploy-steps-tasks-step-1.yaml b/common/deploy-steps-tasks-step-1.yaml
index 29e71aa3df..ba2e1bd3ab 100644
--- a/common/deploy-steps-tasks-step-1.yaml
+++ b/common/deploy-steps-tasks-step-1.yaml
@@ -98,7 +98,7 @@
   tags:
     - host_config
 
-# Config file for our container-puppet.py script, used to generate container configs
+# Puppet Containers Config directory used to generate container configs
 - name: Create /var/lib/container-puppet
   file:
     path: /var/lib/container-puppet
diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index 08c4703894..0d83f99197 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -61,22 +61,22 @@
         - host_config
       ignore_errors: "{{ ansible_check_mode|bool }}"
 
-    #########################################
-    # Pre-cache facts for container-puppet.py
-    #########################################
+    #######################################
+    # Pre-cache facts for puppet containers
+    #######################################
     # We don't want the pre-cache tasks to be skipped in dry-run so we force
     # check_mode to "no".
     # https://bugzilla.redhat.com/show_bug.cgi?id=1738529
-    - name: Pre-cache facts for container-puppet.py
+    - name: Pre-cache facts for puppet containers
       include_role:
         name: tripleo_puppet_cache
       tags:
         - container_config
         - container_config_tasks
 
-    ######################################
-    # Generate config via container-puppet.py
-    ######################################
+    #######################################
+    # Generate config via puppet containers
+    #######################################
 
     - name: Include container-puppet tasks (generate config) during step 1
       include_tasks: generate-config-tasks.yaml
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index d9617199d6..aacd8738a5 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -73,7 +73,7 @@ parameters:
   DockerPuppetDebug:
     type: boolean
     default: false
-    description: Set to True to enable debug logging with container-puppet.py
+    description: Set to True to enable debug logging with Puppet Containers
   DockerPuppetProcessCount:
     type: number
     default: 6
@@ -1525,9 +1525,11 @@ outputs:
 {%- endfor %}
                 - name: Create /var/lib/container-puppet
                   file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
-                - name: Write container-puppet.py
+                - name: Write container-puppet.py if Paunch is enabled
                   no_log: True
                   copy: src=docker_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.py force=yes mode=0600
+                  when:
+                    - enable_paunch|default(false)
                 - name: Write container-puppet.sh
                   no_log: True
                   copy: src=container_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.sh force=yes mode=0755 setype=container_file_t
diff --git a/common/generate-config-tasks.yaml b/common/generate-config-tasks.yaml
index 6550938b7e..33c1175485 100644
--- a/common/generate-config-tasks.yaml
+++ b/common/generate-config-tasks.yaml
@@ -79,7 +79,7 @@
         # numbers are failures
         tripleo_container_manage_valid_exit_code: [0, 2]
 
-- name: Diff container-puppet.py puppet-generated changes for check mode
+- name: Diff puppet-generated changes for check mode
   shell: |
     diff -ruN --no-dereference -q /var/lib/config-data/puppet-generated /var/lib/config-data/check-mode/puppet-generated
     diff -ruN --no-dereference /var/lib/config-data/puppet-generated /var/lib/config-data/check-mode/puppet-generated
@@ -93,7 +93,7 @@
   failed_when: false
   changed_when: diff_results.rc == 1
 
-- name: Diff container-puppet.py puppet-generated changes for check mode
+- name: Diff puppet-generated changes for check mode
   debug:
     var: diff_results.stdout_lines
   changed_when: diff_results.rc == 1
diff --git a/deployment/README.rst b/deployment/README.rst
index ddc515a1f9..14c63a0b72 100644
--- a/deployment/README.rst
+++ b/deployment/README.rst
@@ -67,7 +67,8 @@ are available for containerized services.
 
  * config_settings: This section contains service specific hiera data
    can be used to generate config files for each service. This data
-   is ultimately processed via the container-puppet.py tool which
+   is ultimately processed via the container-puppet.py tool (in new versions
+   it's handled by the container_puppet_config module in tripleo-ansible) which
    generates config files for each service according to the settings here.
 
  * kolla_config: Contains YAML that represents how to map config files
@@ -107,10 +108,10 @@ are available for containerized services.
        this container.
 
  * container_puppet_tasks: This section provides data to drive the
-   container-puppet.py tool directly. The task is executed for the
+   puppet containers tooling directly. The task is executed for the
    defined steps before the corresponding docker_config's step. Puppet
    always sees the step number overrided as the step #6. It might be useful
-   for initialization of things. See container-puppet.py for formatting.
+   for initialization of things.
    Note that the tasks are executed only once for the bootstrap node per a
    role in the cluster. Make sure the puppet manifest ensures the wanted
    "at most once" semantics. That may be achieved via the