Add additional python scripts to provide mapping validation and automatic scripts for generate_mapping failover and failback #38
Conversation
I was asked to review this PR, but sorry, I can't understand its purpose, how it should be used, etc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Already discussed in private, some comments inline. Didn't review the indentation/style, not sure what this project uses.
files/dr.conf
Outdated
@@ -0,0 +1,6 @@ | |||
[generate_vars] | |||
site=http://10.35.0.140:8080/ovirt-engine/api |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably have two files:
Default - perhaps something like /usr/share/ovirt-ansible-disaster-recovery/dr-defaults.conf
User-controlled - perhaps /etc/ovirt-ansible-disaster-recovery/dr.conf
files/dr.conf
Outdated
[generate_vars] | ||
site=http://10.35.0.140:8080/ovirt-engine/api | ||
username=admin@internal | ||
#password= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The conf file should be protected, as it might contain a password. So make e.g. the directory holding it 0750, owned by root:ovirt, or something like that. Perhaps your own group.
files/dr.conf
Outdated
site=http://10.35.0.140:8080/ovirt-engine/api | ||
username=admin@internal | ||
#password= | ||
ca=/tmp/ca.pem |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can have default point at engine ca, /etc/pki/ovirt-engine/ca.pem
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
files/dr.conf
Outdated
username=admin@internal | ||
#password= | ||
ca=/tmp/ca.pem | ||
output_file=mapping_vars.yml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should probably default to /var/lib/ovirt-ansible-disaster-recovery/mapping.vars.yml, especially if you intend to mainly/only allow editing it using a tool/gui and not manually.
Should probably either refuse changing it if exists, or backup before changing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
files/generate_vars.py
Outdated
@@ -0,0 +1,115 @@ | |||
#!/usr/bin/python | |||
import configparser |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this work in both python2 and 3? 2 has ConfigParser. You can do e.g.:
try:
import configparser
except ImportError:
import ConfigParser as configparser
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will fix that but
Besides that, we have many issues regarding to python compatibility version (For example raw_input vs input)
I've discussed this with Ondra and currently we will support only python 2 and when we port all ansble cpde to python 3 we will support this python script as well.
files/generate_vars.py
Outdated
site, username, password, ca, output_file = self._init_vars() | ||
print("%ssite address: %s \n" | ||
"%susername: %s \n" | ||
"%spassword: %s \n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't output the password. You can output "password: " if you want.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
will do
files/generate_vars.py
Outdated
self.prefix, | ||
output_file)) | ||
|
||
ansible_play = "../examples/dr_generate_var.yml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this link work also from rpm install? Where do you put the examples then? Currently in doc. If you actually use them, perhaps move to /usr/share/ovirt-ansible-disaster-recovery/playbooks or something.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So what you are saying is that I will need to add a new folder containing this playbook? which will be located in playbooks?
files/generate_vars.py
Outdated
.format(site, username, password, ca, output_file) | ||
command = "ansible-playbook {} -t {} -e '{}'" \ | ||
.format(ansible_play, dr_tag, external_vars) | ||
process = subprocess.Popen('/bin/bash', stdin=subprocess.PIPE, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps better to run the command directly and not bash.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
files/generate_vars.py
Outdated
site, username, password, ca, output_file = '', '', '', '', '' | ||
settings = configparser.ConfigParser() | ||
settings._interpolation = configparser.ExtendedInterpolation() | ||
settings.read('dr.conf') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps don't hard-code conf file but make it parametric? Also, as commented above, read both defaults and custom.
files/generate_vars.py
Outdated
settings._interpolation = configparser.ExtendedInterpolation() | ||
settings.read('dr.conf') | ||
site = settings.get('generate_vars', 'site', | ||
vars=DefaultOption(settings, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not understand why you need DefaultOption. Isn't this enough: settings.get('generate_vars', 'site') ?
If you also supply a defaults file, your defaults should be there, not in the code.
80d3543
to
dc50bd3
Compare
dc50bd3
to
87d7573
Compare
files/dr.conf
Outdated
site=http://localhost:8080/ovirt-engine/api | ||
username=admin@internal | ||
password=12 | ||
ca=/etc/pki/ovirt-engine/ca.pem |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would use ca_file
instead of ca
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
files/generate-vars
Outdated
|
||
class GenerateMappingFile(): | ||
prefix = "[Generate Mapping File] " | ||
ansible_play = "../examples/dr_generate_var.yml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This won't work in RPM, becuase in RPM the examples are in:
/usr/share/doc/ovirt-ansible-disaster-recover/examples/..
But the path of the role is:
/usr/share/ansible/roles/oVirt.disaster.recovery/tasks/main.yml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed to be compatible to the role
files/generate-vars
Outdated
'generate_vars', | ||
output_file=None)) | ||
if (not site): | ||
site = raw_input(self.prefix + "SITE address is not " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would also fallback to environment variables variables.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But as future feature not a must.
files/generate-vars
Outdated
site, username, password, ca, output_file = self._init_vars() | ||
print("\n%ssite address: %s \n" | ||
"%susername: %s \n" | ||
"%spassword: \n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe: ****** instead of empty would be nicer..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
indeed, done
files/generate-vars
Outdated
self.prefix, | ||
output_file)) | ||
|
||
external_vars = "site={} username={} password={} ca={} var_file={}" \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
password will be seen on command line, maybe you can create temporary file with extra variables
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, although I don't think it is related to this log.
In this log I will simply write '******'
files/generate-vars
Outdated
call(command, shell=True) | ||
print("\n%sFinished generating variable mapping file " | ||
"for oVirt ansible disaster recovery" % self.prefix) | ||
print("\n%sVar file is: '%s'" % (self.prefix, output_file)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't this contain any sensitive information?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It contains all the members in the setup.
Basically the person which run this script should also have privilladges to view this file.
I guess that we better be safe then sorry so I will drop this print.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now I noticed that I only mention the location of the mapping file and not its content, so I think that this is relevant enough for the user.
I will change the variable name from output_file to var_file_location to make it more clear
files/generate-vars
Outdated
ans = raw_input(self.prefix + "The output file '" + fname + | ||
"' already exists, " | ||
"would you like to override it (y,n)? ") | ||
ans.lower |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ans.lower()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and move it under while True
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done, thanks
files/dr.conf
Outdated
@@ -0,0 +1,10 @@ | |||
[generate_vars] | |||
site=http://localhost:8080/ovirt-engine/api |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would use engine.example.com as an example
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
files/dr.conf
Outdated
username=admin@internal | ||
password=12 | ||
ca_file=/etc/pki/ovirt-engine/ca.pem | ||
output_file=/var/lib/ovirt-ansible-disaster-recovery/mapping_vars.yml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
does this directory exists?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As part of the generate script, I add this folder if it does not exists.
See in generate_vars.py file at GenerateMappingFile_validate_output_file_exists
files/validator.py
Outdated
self.secondary_ca) | ||
|
||
def _connect_sdk(self, url, username, password, ca): | ||
connection = sdk.Connection( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should somewhere close the connection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please add somewhere to documentation how the user should use this?
I will add a new python script called ovirt_dr |
6c32613
to
21a4f05
Compare
6955d66
to
61e79f2
Compare
README.md
Outdated
failover Start a failover process to the target setup | ||
failback Start a failback process from the target setup to the source setup | ||
|
||
Each of those actions is using a configuration file which its default location is files/dr.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
files/dr.conf
.. please put whole path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -49,6 +49,29 @@ Example Playbook | |||
Generate var file mapping [demo](https://youtu.be/s1-Hq_Mk1w8)<br/> | |||
Fail over scenario [demo](https://youtu.be/mEOgH-Tk09c) | |||
|
|||
Scripts | |||
------- | |||
The ovirt-dr script should provide the user a more convinient way to run |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ovirt-dr
where is it installed in /usr/bin?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be somewhere there..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure how to do that.
I prefer to do that on another patch so at least we will have this.
Meanwhile I've added a commit to this PR of spec file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, np, just that user must enter full path, which is different in galaxy and in RPM installation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should I add this in the spec as well?
|
||
|
||
if __name__ == "__main__": | ||
FailOver().run('dr.conf', '/var/log/ovirt-dr/ovirt-dr.log') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/var/log/ovirt-dr/ is this directory created by RPM? I think it won't work from galaxy
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no it is a directory which I'm creating.
How I should do it then?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the build.sh create and then in spec file define. Check ovirt-engine.spec.in for example.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've found ovirt-engine.spec.in and add the log as mention inthere.
It can be reviewed in the new commit
8b2861f
to
dbfc1f2
Compare
dbfc1f2
to
64bef39
Compare
Any updates here? |
Also adding log
Rename from dr_generate_var.yml to dr_play.yml so it can be used for failover and failback
Add configuration values for failover and failback Add scripts for failover and failback
Through ovirt-dr the user should be able to execute generate mapping, validate mapping failover and failback
Introduce the ovirt-dr script to provide the user a more convinient way to run
disaster recovery actions as a way to avoid using ansible playbooks directly.
ovirt-dr should support several actions which the user can execute:
Each of those actions is using a configuration file which its default location is files/dr.conf
Here are few examples how the script can be run:
For mapping file generation:
./ovirt-dr generate
For mapping file validation:
./ovirt-dr validate
For fail-over operation:
./ovirt-dr failover
For fail-back operation:
./ovirt-dr failback