From 6bf2e59ed2572fd4db4e0f4d59c77d6f9147d9c8 Mon Sep 17 00:00:00 2001
From: Matt Thompson <mattt@defunct.ca>
Date: Wed, 20 Jan 2016 14:43:27 +0000
Subject: [PATCH] Re-deploy the Glance venv if it mismatches the repo

We currently have two issues with venvs:

- if you update your venv on the repo server, it is not possible for
  that updated venv to land on the service's container as the get_url
  task always skips if the file exists (even if the file is different)
- if you have an updated venv on the repo server and forcefully delete
  the cached venv tarball on the service's container, the new tarball
  will get unarchived over top of the existing venv

This commit does the following:

- gets the checksum of the /var/cache tarball and downloads checksum
  file from repo server
- updates "Attempt venv download" to only download the venv if the
  cache doesn't exist or if the local and remote checksums differ
- adds a "force: true" to "Attempt venv download" task so that the venv
  tarball will get re-downloaded when the when condition is true (this
  is necessary otherwise the download will get skipped since the
  destination already exists)
- adds a new task "Remove existing venv" so we can first remove the
  venv before we unarchive the potentially new venv from the repo
  server
- updates "Create glance venv dir" and "Unarchive pre-built venv"
  tasks to only proceed if "glance_get_venv | changed", which
  prevents these tasks from running when they the venv tarball hasn't
  changed
- adds multiple service restarts to
  os_glance/tasks/glance_install.yml so that glance will restart
  correctly should the venv/packages update without any associated
  config changes

NOTE: The reason why we compare local and remote checksum is to avoid
      unnecessarily downloading the venv when the checksums are in fact
      the same.  On small deploys this is more or less a non-issue but
      if a deploy w/ thousands of compute nodes re-runs playbooks we
      want to limit the venv downloads when it's unnecessary.

Change-Id: Iea3c22ef1ffb87f10d5a11504ec6dbc87cb37346
---
 playbooks/roles/os_glance/defaults/main.yml   |  1 +
 .../roles/os_glance/tasks/glance_install.yml  | 52 +++++++++++++++++--
 2 files changed, 50 insertions(+), 3 deletions(-)

diff --git a/playbooks/roles/os_glance/defaults/main.yml b/playbooks/roles/os_glance/defaults/main.yml
index 50feda8931..3d36aa77e2 100644
--- a/playbooks/roles/os_glance/defaults/main.yml
+++ b/playbooks/roles/os_glance/defaults/main.yml
@@ -182,6 +182,7 @@ glance_requires_pip_packages:
   - virtualenv
   - virtualenv-tools
   - python-keystoneclient # Keystoneclient needed to OSA keystone lib
+  - httplib2
 
 # Common pip packages
 glance_pip_packages:
diff --git a/playbooks/roles/os_glance/tasks/glance_install.yml b/playbooks/roles/os_glance/tasks/glance_install.yml
index 0df0eaa1f0..ebf20f0209 100644
--- a/playbooks/roles/os_glance/tasks/glance_install.yml
+++ b/playbooks/roles/os_glance/tasks/glance_install.yml
@@ -52,13 +52,42 @@
     - glance-install
     - glance-pip-packages
 
+- name: Get local venv checksum
+  stat:
+    path: "/var/cache/{{ glance_venv_download_url | basename }}"
+    get_md5: False
+  when: glance_venv_enabled | bool
+  register: local_venv_stat
+  tags:
+    - glance-install
+    - glance-pip-packages
+
+- name: Get remote venv checksum
+  uri:
+    url: "{{ glance_venv_download_url | replace('tgz', 'checksum') }}"
+    return_content: True
+  when: glance_venv_enabled | bool
+  register: remote_venv_checksum
+  tags:
+    - glance-install
+    - glance-pip-packages
+
+# TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
+#       a) allow us to remove force: yes
+#       b) allow the module to calculate the checksum of dest file which would
+#          result in file being downloaded only if provided and dest sha256sum
+#          checksums differ
 - name: Attempt venv download
   get_url:
     url: "{{ glance_venv_download_url }}"
     dest: "/var/cache/{{ glance_venv_download_url | basename }}"
+    force: yes
   ignore_errors: true
   register: get_venv
-  when: glance_venv_enabled | bool
+  when:
+    - glance_venv_enabled | bool
+    - (local_venv_stat.stat.exists == False or
+        {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
   tags:
     - glance-install
     - glance-pip-packages
@@ -71,13 +100,24 @@
     - glance-install
     - glance-pip-packages
 
+- name: Remove existing venv
+  file:
+    path: "{{ glance_venv_bin | dirname }}"
+    state: absent
+  when:
+    - glance_venv_enabled | bool
+    - glance_get_venv | changed
+  tags:
+    - glance-install
+    - glance-pip-packages
+
 - name: Create glance venv dir
   file:
     path: "{{ glance_venv_bin | dirname }}"
     state: directory
   when:
     - glance_venv_enabled | bool
-    - glance_get_venv | success
+    - glance_get_venv | changed
   tags:
     - glance-install
     - glance-pip-packages
@@ -89,7 +129,9 @@
     copy: "no"
   when:
     - glance_venv_enabled | bool
-    - glance_get_venv | success
+    - glance_get_venv | changed
+  notify:
+    - Restart glance services
   tags:
     - glance-install
     - glance-pip-packages
@@ -120,6 +162,8 @@
   when:
     - glance_venv_enabled | bool
     - glance_get_venv | failed
+  notify:
+    - Restart glance services
   tags:
     - glance-install
     - glance-pip-packages
@@ -136,6 +180,8 @@
   with_items:
     - "{{ glance_pip_packages }}"
   when: not glance_venv_enabled | bool
+  notify:
+    - Restart glance services
   tags:
     - glance-install
     - glance-pip-packages