openstack/kolla-ansible
Code Issues Proposed changes

Add support for sha256 in ceph key distribution

Browse Source 
- add support for sha256 in bslurp module
- change sha1 to sha256 in ceph-mon ansible role

Depends-On: https://review.opendev.org/655623
Change-Id: I25e28d150f2a8d4a7f87bb119d9fb1c46cfe926f
Closes-Bug: #1826327
This commit is contained in:
Michal Nasiadka
2019-04-26 11:15:57 +02:00
committed by Michal Nasiadka
parent 3731da0b79
commit ad9e8786a3
2 changed files with 35 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
ansible/library/bslurp.py
View File

@@ -58,6 +58,11 @@ options:
- sha1 hash of the underlying data - sha1 hash of the underlying data
default: None default: None
type: bool type: bool
sha256:
description:
- sha256 hash of the underlying data
default: None
type: bool
author: Sam Yaple author: Sam Yaple
''' '''
@@ -131,10 +136,12 @@ def copy_from_host(module):
raw_data = f.read() raw_data = f.read()
sha1 = hashlib.sha1(raw_data).hexdigest() sha1 = hashlib.sha1(raw_data).hexdigest()
sha256 = hashlib.sha256(raw_data).hexdigest()
data = zlib.compress(raw_data) if compress else raw_data data = zlib.compress(raw_data) if compress else raw_data
module.exit_json(content=base64.b64encode(data), sha1=sha1, mode=mode, module.exit_json(content=base64.b64encode(data), sha1=sha1, sha256=sha256,
source=src) mode=mode, source=src)
def copy_to_host(module): def copy_to_host(module):
@@ -142,12 +149,26 @@ def copy_to_host(module):
dest = module.params.get('dest') dest = module.params.get('dest')
mode = int(module.params.get('mode'), 0) mode = int(module.params.get('mode'), 0)
sha1 = module.params.get('sha1') sha1 = module.params.get('sha1')
sha256 = module.params.get('sha256')
src = module.params.get('src') src = module.params.get('src')
data = base64.b64decode(src) data = base64.b64decode(src)
raw_data = zlib.decompress(data) if compress else data raw_data = zlib.decompress(data) if compress else data
if sha1: if sha256:
if os.path.exists(dest):
if os.access(dest, os.R_OK):
with open(dest, 'rb') as f:
if hashlib.sha256(f.read()).hexdigest() == sha256:
module.exit_json(changed=False)
else:
module.exit_json(failed=True, changed=False,
msg='file is not accessible: {}'.format(dest))
if sha256 != hashlib.sha256(raw_data).hexdigest():
module.exit_json(failed=True, changed=False,
msg='sha256 sum does not match data')
elif sha1:
if os.path.exists(dest): if os.path.exists(dest):
if os.access(dest, os.R_OK): if os.access(dest, os.R_OK):
with open(dest, 'rb') as f: with open(dest, 'rb') as f:
@@ -173,6 +194,7 @@ def main():
dest=dict(type='str'), dest=dict(type='str'),
mode=dict(default='0644', type='str'), mode=dict(default='0644', type='str'),
sha1=dict(default=None, type='str'), sha1=dict(default=None, type='str'),
sha256=dict(default=None, type='str'),
src=dict(required=True, type='str') src=dict(required=True, type='str')
) )
module = AnsibleModule(argument_spec) module = AnsibleModule(argument_spec)

15
ansible/roles/ceph/tasks/distribute_keyrings.yml
View File

@@ -17,7 +17,8 @@
bslurp: bslurp:
src: "{{ item.content }}" src: "{{ item.content }}"
dest: "{{ node_config_directory }}/ceph-osd/{{ item.filename }}" dest: "{{ node_config_directory }}/ceph-osd/{{ item.filename }}"
sha1: "{{ item.sha1 }}" sha1: "{{ item.sha1 | default('')}}"
sha256: "{{ item.sha256 | default('')}}"
mode: 0600 mode: 0600
with_items: with_items:
- "{{ ceph_files['ceph.client.admin.keyring'] }}" - "{{ ceph_files['ceph.client.admin.keyring'] }}"
@@ -28,7 +29,8 @@
bslurp: bslurp:
src: "{{ item.content }}" src: "{{ item.content }}"
dest: "{{ node_config_directory }}/ceph-mon/{{ item.filename }}" dest: "{{ node_config_directory }}/ceph-mon/{{ item.filename }}"
sha1: "{{ item.sha1 }}" sha1: "{{ item.sha1 | default('')}}"
sha256: "{{ item.sha256 | default('')}}"
mode: 0600 mode: 0600
with_items: with_items:
- "{{ ceph_files['ceph.client.admin.keyring'] }}" - "{{ ceph_files['ceph.client.admin.keyring'] }}"
@@ -42,7 +44,8 @@
bslurp: bslurp:
src: "{{ item.content }}" src: "{{ item.content }}"
dest: "{{ node_config_directory }}/ceph-mgr/{{ item.filename }}" dest: "{{ node_config_directory }}/ceph-mgr/{{ item.filename }}"
sha1: "{{ item.sha1 }}" sha1: "{{ item.sha1 | default('')}}"
sha256: "{{ item.sha256 | default('') }}"
mode: 0600 mode: 0600
with_items: with_items:
- "{{ ceph_files['ceph.client.admin.keyring'] }}" - "{{ ceph_files['ceph.client.admin.keyring'] }}"
@@ -53,7 +56,8 @@
bslurp: bslurp:
src: "{{ item.content }}" src: "{{ item.content }}"
dest: "{{ node_config_directory }}/ceph-rgw/{{ item.filename }}" dest: "{{ node_config_directory }}/ceph-rgw/{{ item.filename }}"
sha1: "{{ item.sha1 }}" sha1: "{{ item.sha1 | default('')}}"
sha256: "{{ item.sha256 | default('')}}"
mode: 0600 mode: 0600
with_items: with_items:
- "{{ ceph_files['ceph.client.admin.keyring'] }}" - "{{ ceph_files['ceph.client.admin.keyring'] }}"
@@ -65,7 +69,8 @@
bslurp: bslurp:
src: "{{ item.content }}" src: "{{ item.content }}"
dest: "{{ node_config_directory }}/ceph-nfs/{{ item.filename }}" dest: "{{ node_config_directory }}/ceph-nfs/{{ item.filename }}"
sha1: "{{ item.sha1 }}" sha1: "{{ item.sha1 | default('')}}"
sha256: "{{ item.sha256 | default('')}}"
mode: 0600 mode: 0600
with_items: with_items:
- "{{ ceph_files['ceph.client.admin.keyring'] }}" - "{{ ceph_files['ceph.client.admin.keyring'] }}"