Adding changed_whens for role, rolebinding, and scc reconciliation ba… #3517
Conversation
| policy reconcile-cluster-roles --additive-only=true --confirm | ||
| policy reconcile-cluster-roles --additive-only=true --confirm -o name | ||
| register: reconcile_cluster_role_result | ||
| changed_when: reconcile_cluster_role_result.stdout.length > 0 |
There was a problem hiding this comment.
Missing part of the acceptance criteria
- The
changed_whenparameter is added to each task such that it is onlytruewhen there is output from the task and the return code is0
For example:
- name: Reconcile Cluster Roles
command: >
{{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-roles --additive-only=true --confirm
policy reconcile-cluster-roles --additive-only=true --confirm -o name
register: reconcile_cluster_role_result
changed_when:
- reconcile_cluster_role_result.stdout.length > 0
- reconcile_cluster_role_result.rc == 0would be more like what we're looking for
There was a problem hiding this comment.
I must have missed that in the AC, will update
There was a problem hiding this comment.
Shouldn't the return value impact failed_when not changed_when? I guess I'm not seeing the reasoning for comparing the rc for changed_when in this case.
There was a problem hiding this comment.
We want to also check the rc for the changed_when because -o name will tell us what objects need a change, not whether or not they did change (per IRC discussion with liggit).
I would agree that we would also want to have a failed_when that examined the rc != 0
| when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool | ||
| register: reconcile_bindings_result | ||
| change_when: reconcile_bindings_result.stdout.length > 0 |
| run_once: true | ||
| register: reconcile_jenkens_role_binding_result | ||
| changed_when: reconcile_jenkins_role_binding_result.stdout.length > 0 |
| {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true | ||
| {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true -o name | ||
| register: reconcile_scc_result | ||
| changed_when: reconcile_scc_result.stdout.length > 0 |
ewolinetz
force-pushed
the
idempotency_role_bindings
branch
from
218f299
to
6e8a061
Compare
|
@tbielawa updated |
|
aos-ci-test |
|
6e8a061 - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-1024/6e8a061e0fd9d597af4830f6bd97dd06e7b9cf62.txt |
|
6e8a061 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1028/6e8a061e0fd9d597af4830f6bd97dd06e7b9cf62.txt |
|
6e8a061 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1028/6e8a061e0fd9d597af4830f6bd97dd06e7b9cf62.txt |
|
6e8a061 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_NOT_containerized, aos-ci-jenkins/OS_3.5_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1028/6e8a061e0fd9d597af4830f6bd97dd06e7b9cf62.txt |
|
6e8a061 - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_containerized, aos-ci-jenkins/OS_3.5_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1028/6e8a061e0fd9d597af4830f6bd97dd06e7b9cf62.txt |
ewolinetz
force-pushed
the
idempotency_role_bindings
branch
from
de87f91
to
6e8a061
Compare
|
reverted |
…sed on output from oadm policy command
ewolinetz
force-pushed
the
idempotency_role_bindings
branch
from
6e8a061
to
6a0c52a
Compare
|
aos-ci-test |
|
6a0c52a - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-1031/6a0c52a0642b1e962246633bf6bb8a0cde3930ba.txt |
|
6a0c52a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1035/6a0c52a0642b1e962246633bf6bb8a0cde3930ba.txt |
|
6a0c52a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1035/6a0c52a0642b1e962246633bf6bb8a0cde3930ba.txt |
|
6a0c52a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_NOT_containerized, aos-ci-jenkins/OS_3.5_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1035/6a0c52a0642b1e962246633bf6bb8a0cde3930ba.txt |
|
6a0c52a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_containerized, aos-ci-jenkins/OS_3.5_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1035/6a0c52a0642b1e962246633bf6bb8a0cde3930ba.txt |
|
aos-ci-test |
|
f7c801f - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-1032/f7c801f77284da83ccc18aee771e11ce17f59dd2.txt |
|
f7c801f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1036/f7c801f77284da83ccc18aee771e11ce17f59dd2.txt |
|
f7c801f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1036/f7c801f77284da83ccc18aee771e11ce17f59dd2.txt |
|
f7c801f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_NOT_containerized, aos-ci-jenkins/OS_3.5_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1036/f7c801f77284da83ccc18aee771e11ce17f59dd2.txt |
|
f7c801f - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_containerized, aos-ci-jenkins/OS_3.5_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1036/f7c801f77284da83ccc18aee771e11ce17f59dd2.txt |
|
I'm running two tests from this branch. A first test to get a base-line for the timing and number of changes. A second test to verify the results from the first. Hopefully should be done in about 25-30 minutes once I examine the ARA report. |
|
Test run fails for me @ewolinetz Maybe try with EDIT removed |
| @@ -192,7 +192,7 @@ | |||
| when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool | |||
| register: reconcile_bindings_result | |||
| changed_when: | |||
| - reconcile_bindings_result.stdout.length > 0 | |||
| - reconcile_bindings_result.stdout != '' | |||
There was a problem hiding this comment.
Just a bit, but I think the default filter might be better here.
There was a problem hiding this comment.
Or maybe even just dropping the == ''...
There was a problem hiding this comment.
we would need some way to verify whether or not the output is empty which means that there weren't any roles to update. I'm not sure using default or dropping the comparison would allow us to still accomplish this...
There was a problem hiding this comment.
@ewolinetz I meant something like this:
changed_when:
- reconcile_bindings_results.stdout
Then empty string would evaluate to False
or if it is possible that stdout is not present:
changed_when:
- reconcile_bindings_result.stdout | default(false, boolean=true)
There was a problem hiding this comment.
ack, that's pretty cool; i didn't realize that we could do that. So it would be something like
changed_when:
- not reconcile_bindings_results.stdout
However I think this makes the check non-obvious for people that don't realize you can do that. It would probably be better if we had a way to test like
changed_when:
- not reconcile_bindings_result.stdout | empty
There was a problem hiding this comment.
- There are many different ways to
shave this yackwrite thesewhenconditions - I don't care which one we use but we need to make a decision
- I personally prefer the last one @detiber posted, it handles a lot of edge cases
changed_when:
- reconcile_bindings_result.stdout | default(false, boolean=true)If stdout is empty for some reason then the default is false. Otherwise the result is true.
stdout == ''→ Nothing changed →defaultfilter says no input value, so this isfalsestdout != ''→ Something changed changed →defaultfilter says input value present, so this istrue
@detiber @ewolinetz if that translation is correct ^, let's just do that and move on with this the way @detiber wrote it up.
ewolinetz
force-pushed
the
idempotency_role_bindings
branch
from
af2dec0
to
352917a
Compare
|
We talked about this on IRC, just noting it here for transparency: |
|
Restesting w/ updates |
|
aos-ci-test |
|
Tests are quite satisfying.
Those 9 result rows were (in order) ran against the following branches
Examining the changed tasks in the PR vs. Master branch results side-by-side we can see that the tasks we fixed in this PR no longer appear as changing in the PR branch
Confirming this PR reduces 👍 |
|
352917a - State: success - All Test Contexts: aos-ci-jenkins/OS_unit_tests - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-2-unit-tests-1046/352917ae21424ba518d0fe4513dcc540c7698ae4.txt |
|
352917a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_NOT_containerized, aos-ci-jenkins/OS_3.4_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1050/352917ae21424ba518d0fe4513dcc540c7698ae4.txt |
|
352917a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.4_containerized, aos-ci-jenkins/OS_3.4_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.4,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1050/352917ae21424ba518d0fe4513dcc540c7698ae4.txt |
|
352917a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_NOT_containerized, aos-ci-jenkins/OS_3.5_NOT_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_NOT_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster,TargetBranch=master,nodes=openshift-ansible-slave-1050/352917ae21424ba518d0fe4513dcc540c7698ae4.txt |
|
352917a - State: success - All Test Contexts: "aos-ci-jenkins/OS_3.5_containerized, aos-ci-jenkins/OS_3.5_containerized_e2e_tests" - Logs: https://aos-ci.s3.amazonaws.com/openshift/openshift-ansible/jenkins-openshift-ansible-3-test-matrix-CONTAINERIZED=_containerized,OSE_VER=3.5,PYTHON=System-CPython-2.7,TOPOLOGY=openshift-cluster-containerized,TargetBranch=master,nodes=openshift-ansible-slave-1050/352917ae21424ba518d0fe4513dcc540c7698ae4.txt |
|
I didn't get a chance to work on a test plugin for checking std{out,err}; so we can merge this now and i'll take it on as tech debt/a nice to have |
…sed on output from oadm policy command
Encompasses https://trello.com/c/5Yb3cOk1/372-2-3-idempotency-reconcile-role-s-bindings
@tbielawa @detiber