Add check for swift_hash_path_ variables

We should never change the swift_hash_path_prefix/suffix variables on a
running cluster. This PR implements a check that will fail if the
variable is different to what is already on disk.

To ensure this is still possible this PR implements a
"swift_force_change_hashes" variable which can be set to "True" in order
to force change the swift_hash_path variables regardless of whether they
are different or not.

Change-Id: Idaedc125aede22c347668afd9e98ed1823eb142c
This commit is contained in:
Andy McCrae 2016-09-13 12:12:57 +01:00 committed by Andy McCrae
parent 11c9c3a019
commit 10d3ee9026
4 changed files with 80 additions and 0 deletions

View File

@ -154,6 +154,10 @@ swift_account_disable_fallocate: "{{ swift_disable_fallocate }}"
swift_container_disable_fallocate: "{{ swift_disable_fallocate }}" swift_container_disable_fallocate: "{{ swift_disable_fallocate }}"
swift_object_disable_fallocate: "{{ swift_disable_fallocate }}" swift_object_disable_fallocate: "{{ swift_disable_fallocate }}"
# This variable will protect against changing swift_hash_path_* variables unintentionally.
# If you wish to change them intentionally set the swift_force_change_hashes variable to True.
swift_force_change_hashes: False
## Swift ceilometer variables ## Swift ceilometer variables
swift_reselleradmin_role: ResellerAdmin swift_reselleradmin_role: ResellerAdmin

View File

@ -0,0 +1,14 @@
---
features:
- The ``openstack-ansible-os_swift`` role will now prevent
deployers from changing the ``swift_hash_path_prefix`` and
``swift_hash_path_suffix`` variables on clusters that already
have a value set in ``/etc/swift/swift.conf``.
You can set the new ``swift_force_change_hashes`` variable to
``True`` to force the ``swift_hash_path_`` variables to be
changed.
We recommend setting this by running the os-swift.yml playbook
with ``-e swift_force_change_hashes=True``, to avoid changing
the ``swift_hash_path_`` variables unintentionally.
Use with caution, changing the ``swift_hash_path_`` values
causes end-user impact.

View File

@ -37,6 +37,13 @@
tags: tags:
- always - always
# Check the swift_hash_path_* variables haven't changed
- include: swift_check_hashes.yml
when:
- not swift_force_change_hashes | bool
tags:
- swift-config
- include: swift_pre_install.yml - include: swift_pre_install.yml
when: when:
- swift_do_setup | bool - swift_do_setup | bool

View File

@ -0,0 +1,55 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Test if swift.conf exists
stat:
path: "/etc/swift/swift.conf"
register: swift_conf
- name: Get value of swift_hash_path_suffix from file
command: "awk '/swift_hash_path_suffix/{ print $3 }' /etc/swift/swift.conf"
register: swift_conf_hash_path_suffix
when:
- swift_conf.stat.exists | bool
- name: Fail if swift_hash_path_suffix doesnt match file value
fail:
msg: >
"The swift_hash_path_suffix variable does not match what is in the file.
Check your swift_hash_path_suffix setting in your user_*.yml files in /etc/openstack_deploy
and compare to the current value in /etc/swift/swift.conf on the host.
If you are sure you want to change this variable you can force change your
swift_hash_path_* variables by setting 'swift_force_change_hashes: True'"
when:
- swift_conf.stat.exists | bool
- swift_hash_path_suffix != swift_conf_hash_path_suffix.stdout
- name: Get value of swift_hash_path_prefix from file
command: "awk '/swift_hash_path_prefix/{ print $3 }' /etc/swift/swift.conf"
register: swift_conf_hash_path_prefix
when:
- swift_conf.stat.exists | bool
- name: Fail if swift_hash_path_prefix doesnt match file value
fail:
msg: >
"The swift_hash_path_prefix variable does not match what is in the file.
Check your swift_hash_path_prefix setting in your user_*.yml files in /etc/openstack_deploy
and compare to the current value in /etc/swift/swift.conf on the host.
If you are sure you want to change this variable you can force change your
swift_hash_path_* variables by setting 'swift_force_change_hashes: True'"
when:
- swift_conf.stat.exists | bool
- swift_hash_path_prefix != swift_conf_hash_path_prefix.stdout