Add additional python scripts to provide mapping validation and automatic scripts for generate_mapping failover and failback #38
Conversation
|
I was asked to review this PR, but sorry, I can't understand its purpose, how it should be used, etc. |
files/dr.conf
Outdated
| @@ -0,0 +1,6 @@ | |||
| [generate_vars] | |||
| site=http://10.35.0.140:8080/ovirt-engine/api | |||
There was a problem hiding this comment.
We should probably have two files:
Default - perhaps something like /usr/share/ovirt-ansible-disaster-recovery/dr-defaults.conf
User-controlled - perhaps /etc/ovirt-ansible-disaster-recovery/dr.conf
files/dr.conf
Outdated
| [generate_vars] | ||
| site=http://10.35.0.140:8080/ovirt-engine/api | ||
| username=admin@internal | ||
| #password= |
There was a problem hiding this comment.
The conf file should be protected, as it might contain a password. So make e.g. the directory holding it 0750, owned by root:ovirt, or something like that. Perhaps your own group.
files/dr.conf
Outdated
| site=http://10.35.0.140:8080/ovirt-engine/api | ||
| username=admin@internal | ||
| #password= | ||
| ca=/tmp/ca.pem |
There was a problem hiding this comment.
Can have default point at engine ca, /etc/pki/ovirt-engine/ca.pem
files/dr.conf
Outdated
| username=admin@internal | ||
| #password= | ||
| ca=/tmp/ca.pem | ||
| output_file=mapping_vars.yml |
There was a problem hiding this comment.
Should probably default to /var/lib/ovirt-ansible-disaster-recovery/mapping.vars.yml, especially if you intend to mainly/only allow editing it using a tool/gui and not manually.
Should probably either refuse changing it if exists, or backup before changing.
files/generate_vars.py
Outdated
| @@ -0,0 +1,115 @@ | |||
| #!/usr/bin/python | |||
| import configparser | |||
There was a problem hiding this comment.
Does this work in both python2 and 3? 2 has ConfigParser. You can do e.g.:
try:
import configparser
except ImportError:
import ConfigParser as configparser
There was a problem hiding this comment.
I will fix that but
Besides that, we have many issues regarding to python compatibility version (For example raw_input vs input)
I've discussed this with Ondra and currently we will support only python 2 and when we port all ansble cpde to python 3 we will support this python script as well.
files/generate_vars.py
Outdated
| site, username, password, ca, output_file = self._init_vars() | ||
| print("%ssite address: %s \n" | ||
| "%susername: %s \n" | ||
| "%spassword: %s \n" |
There was a problem hiding this comment.
Please don't output the password. You can output "password: " if you want.
files/generate_vars.py
Outdated
| self.prefix, | ||
| output_file)) | ||
|
|
||
| ansible_play = "../examples/dr_generate_var.yml" |
There was a problem hiding this comment.
Will this link work also from rpm install? Where do you put the examples then? Currently in doc. If you actually use them, perhaps move to /usr/share/ovirt-ansible-disaster-recovery/playbooks or something.
There was a problem hiding this comment.
So what you are saying is that I will need to add a new folder containing this playbook? which will be located in playbooks?
files/generate_vars.py
Outdated
| .format(site, username, password, ca, output_file) | ||
| command = "ansible-playbook {} -t {} -e '{}'" \ | ||
| .format(ansible_play, dr_tag, external_vars) | ||
| process = subprocess.Popen('/bin/bash', stdin=subprocess.PIPE, |
There was a problem hiding this comment.
Perhaps better to run the command directly and not bash.
files/generate_vars.py
Outdated
| site, username, password, ca, output_file = '', '', '', '', '' | ||
| settings = configparser.ConfigParser() | ||
| settings._interpolation = configparser.ExtendedInterpolation() | ||
| settings.read('dr.conf') |
There was a problem hiding this comment.
Perhaps don't hard-code conf file but make it parametric? Also, as commented above, read both defaults and custom.
files/generate_vars.py
Outdated
| settings._interpolation = configparser.ExtendedInterpolation() | ||
| settings.read('dr.conf') | ||
| site = settings.get('generate_vars', 'site', | ||
| vars=DefaultOption(settings, |
There was a problem hiding this comment.
I do not understand why you need DefaultOption. Isn't this enough: settings.get('generate_vars', 'site') ?
If you also supply a defaults file, your defaults should be there, not in the code.
maorlipchuk
force-pushed
the
issue17_fix
branch
3 times, most recently
from
80d3543
to
dc50bd3
Compare
maorlipchuk
force-pushed
the
issue17_fix
branch
from
dc50bd3
to
87d7573
Compare
maorlipchuk
changed the title
maorlipchuk
changed the title
maorlipchuk
changed the title
files/dr.conf
Outdated
| site=http://localhost:8080/ovirt-engine/api | ||
| username=admin@internal | ||
| password=12 | ||
| ca=/etc/pki/ovirt-engine/ca.pem |
There was a problem hiding this comment.
I would use ca_file instead of ca
files/generate-vars
Outdated
|
|
||
| class GenerateMappingFile(): | ||
| prefix = "[Generate Mapping File] " | ||
| ansible_play = "../examples/dr_generate_var.yml" |
There was a problem hiding this comment.
This won't work in RPM, becuase in RPM the examples are in:
/usr/share/doc/ovirt-ansible-disaster-recover/examples/..
But the path of the role is:
/usr/share/ansible/roles/oVirt.disaster.recovery/tasks/main.yml
There was a problem hiding this comment.
Changed to be compatible to the role
files/generate-vars
Outdated
| 'generate_vars', | ||
| output_file=None)) | ||
| if (not site): | ||
| site = raw_input(self.prefix + "SITE address is not " |
There was a problem hiding this comment.
I would also fallback to environment variables variables.
There was a problem hiding this comment.
But as future feature not a must.
files/generate-vars
Outdated
| site, username, password, ca, output_file = self._init_vars() | ||
| print("\n%ssite address: %s \n" | ||
| "%susername: %s \n" | ||
| "%spassword: \n" |
There was a problem hiding this comment.
Maybe: ****** instead of empty would be nicer..
files/generate-vars
Outdated
| self.prefix, | ||
| output_file)) | ||
|
|
||
| external_vars = "site={} username={} password={} ca={} var_file={}" \ |
There was a problem hiding this comment.
password will be seen on command line, maybe you can create temporary file with extra variables
There was a problem hiding this comment.
Sure, although I don't think it is related to this log.
In this log I will simply write '******'
files/generate-vars
Outdated
| call(command, shell=True) | ||
| print("\n%sFinished generating variable mapping file " | ||
| "for oVirt ansible disaster recovery" % self.prefix) | ||
| print("\n%sVar file is: '%s'" % (self.prefix, output_file)) |
There was a problem hiding this comment.
Don't this contain any sensitive information?
There was a problem hiding this comment.
It contains all the members in the setup.
Basically the person which run this script should also have privilladges to view this file.
I guess that we better be safe then sorry so I will drop this print.
There was a problem hiding this comment.
Now I noticed that I only mention the location of the mapping file and not its content, so I think that this is relevant enough for the user.
I will change the variable name from output_file to var_file_location to make it more clear
files/generate-vars
Outdated
| ans = raw_input(self.prefix + "The output file '" + fname + | ||
| "' already exists, " | ||
| "would you like to override it (y,n)? ") | ||
| ans.lower |
There was a problem hiding this comment.
and move it under while True
files/dr.conf
Outdated
| @@ -0,0 +1,10 @@ | |||
| [generate_vars] | |||
| site=http://localhost:8080/ovirt-engine/api | |||
There was a problem hiding this comment.
I would use engine.example.com as an example
files/dr.conf
Outdated
| username=admin@internal | ||
| password=12 | ||
| ca_file=/etc/pki/ovirt-engine/ca.pem | ||
| output_file=/var/lib/ovirt-ansible-disaster-recovery/mapping_vars.yml |
There was a problem hiding this comment.
does this directory exists?
There was a problem hiding this comment.
As part of the generate script, I add this folder if it does not exists.
See in generate_vars.py file at GenerateMappingFile_validate_output_file_exists
files/validator.py
Outdated
| self.secondary_ca) | ||
|
|
||
| def _connect_sdk(self, url, username, password, ca): | ||
| connection = sdk.Connection( |
There was a problem hiding this comment.
You should somewhere close the connection.
|
I will add a new python script called ovirt_dr |
maorlipchuk
force-pushed
the
issue17_fix
branch
6 times, most recently
from
6c32613
to
21a4f05
Compare
maorlipchuk
force-pushed
the
issue17_fix
branch
5 times, most recently
from
6955d66
to
61e79f2
Compare
README.md
Outdated
| failover Start a failover process to the target setup | ||
| failback Start a failback process from the target setup to the source setup | ||
|
|
||
| Each of those actions is using a configuration file which its default location is files/dr.conf |
There was a problem hiding this comment.
files/dr.conf .. please put whole path.
| @@ -49,6 +49,29 @@ Example Playbook | |||
| Generate var file mapping [demo](https://youtu.be/s1-Hq_Mk1w8)<br/> | |||
| Fail over scenario [demo](https://youtu.be/mEOgH-Tk09c) | |||
|
|
|||
| Scripts | |||
| ------- | |||
| The ovirt-dr script should provide the user a more convinient way to run | |||
There was a problem hiding this comment.
ovirt-dr where is it installed in /usr/bin?
There was a problem hiding this comment.
It should be somewhere there..
There was a problem hiding this comment.
I'm not sure how to do that.
I prefer to do that on another patch so at least we will have this.
Meanwhile I've added a commit to this PR of spec file
There was a problem hiding this comment.
Ok, np, just that user must enter full path, which is different in galaxy and in RPM installation.
There was a problem hiding this comment.
Should I add this in the spec as well?
|
|
||
|
|
||
| if __name__ == "__main__": | ||
| FailOver().run('dr.conf', '/var/log/ovirt-dr/ovirt-dr.log') |
There was a problem hiding this comment.
/var/log/ovirt-dr/ is this directory created by RPM? I think it won't work from galaxy
There was a problem hiding this comment.
no it is a directory which I'm creating.
How I should do it then?
There was a problem hiding this comment.
In the build.sh create and then in spec file define. Check ovirt-engine.spec.in for example.
There was a problem hiding this comment.
I've found ovirt-engine.spec.in and add the log as mention inthere.
It can be reviewed in the new commit
maorlipchuk
force-pushed
the
issue17_fix
branch
2 times, most recently
from
8b2861f
to
dbfc1f2
Compare
maorlipchuk
force-pushed
the
issue17_fix
branch
from
dbfc1f2
to
64bef39
Compare
|
Any updates here? |
Also adding log
Rename from dr_generate_var.yml to dr_play.yml so it can be used for failover and failback
Add configuration values for failover and failback Add scripts for failover and failback
Through ovirt-dr the user should be able to execute generate mapping, validate mapping failover and failback
Introduce the ovirt-dr script to provide the user a more convinient way to run
disaster recovery actions as a way to avoid using ansible playbooks directly.
ovirt-dr should support several actions which the user can execute:
Each of those actions is using a configuration file which its default location is files/dr.conf
Here are few examples how the script can be run:
For mapping file generation:
./ovirt-dr generate
For mapping file validation:
./ovirt-dr validate
For fail-over operation:
./ovirt-dr failover
For fail-back operation:
./ovirt-dr failback