From 8c722ed8f5d986e465b1e95f31faa2a733af4715 Mon Sep 17 00:00:00 2001 From: Michael Gugino Date: Thu, 21 Dec 2017 15:39:48 -0500 Subject: Create swapoff module Create custome ansible module 'swapoff' to idempotently disable swap in /etc/fstab and also run swapoff. --- roles/lib_utils/library/swapoff.py | 137 +++++++++++++++++++++ roles/openshift_node/tasks/main.yml | 32 +---- .../tasks/upgrade/config_changes.yml | 28 +---- roles/openshift_node/tasks/upgrade_pre.yml | 13 -- 4 files changed, 148 insertions(+), 62 deletions(-) create mode 100644 roles/lib_utils/library/swapoff.py diff --git a/roles/lib_utils/library/swapoff.py b/roles/lib_utils/library/swapoff.py new file mode 100644 index 000000000..925eeb17d --- /dev/null +++ b/roles/lib_utils/library/swapoff.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python +# pylint: disable=missing-docstring +# +# Copyright 2017 Red Hat, Inc. and/or its affiliates +# and other contributors as indicated by the @author tags. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import subprocess + +from ansible.module_utils.basic import AnsibleModule + + +DOCUMENTATION = ''' +--- +module: swapoff + +short_description: Disable swap and comment from /etc/fstab + +version_added: "2.4" + +description: + - This module disables swap and comments entries from /etc/fstab + +author: + - "Michael Gugino " +''' + +EXAMPLES = ''' +# Pass in a message +- name: Disable Swap + swapoff: {} +''' + + +def check_swap_in_fstab(module): + '''Check for uncommented swap entries in fstab''' + res = subprocess.call(['grep', '^[^#].*swap', '/etc/fstab']) + + if res == 2: + # rc 2 == cannot open file. + result = {'failed': True, + 'changed': False, + 'msg': 'unable to read /etc/fstab', + 'state': 'unknown'} + module.fail_json(**result) + elif res == 1: + # No grep match, fstab looks good. + return False + elif res == 0: + # There is an uncommented entry for fstab. + return True + else: + # Some other grep error code, we shouldn't get here. + result = {'failed': True, + 'changed': False, + 'msg': 'unknow problem with grep "^[^#].*swap" /etc/fstab ', + 'state': 'unknown'} + module.fail_json(**result) + + +def check_swapon_status(module): + '''Check if swap is actually in use.''' + try: + res = subprocess.check_output(['swapon', '--show']) + except subprocess.CalledProcessError: + # Some other grep error code, we shouldn't get here. + result = {'failed': True, + 'changed': False, + 'msg': 'unable to execute swapon --show', + 'state': 'unknown'} + module.fail_json(**result) + return 'NAME' in str(res) + + +def comment_swap_fstab(module): + '''Comment out swap lines in /etc/fstab''' + res = subprocess.call(['sed', '-i.bak', 's/^[^#].*swap.*/#&/', '/etc/fstab']) + if res: + result = {'failed': True, + 'changed': False, + 'msg': 'sed failed to comment swap in /etc/fstab', + 'state': 'unknown'} + module.fail_json(**result) + + +def run_swapoff(module, changed): + '''Run swapoff command''' + res = subprocess.call(['swapoff', '--all']) + if res: + result = {'failed': True, + 'changed': changed, + 'msg': 'swapoff --all returned {}'.format(str(res)), + 'state': 'unknown'} + module.fail_json(**result) + + +def run_module(): + '''Run this module''' + module = AnsibleModule( + supports_check_mode=False, + argument_spec={} + ) + changed = False + + swap_fstab_res = check_swap_in_fstab(module) + swap_is_inuse_res = check_swapon_status(module) + + if swap_fstab_res: + comment_swap_fstab(module) + changed = True + + if swap_is_inuse_res: + run_swapoff(module, changed) + changed = True + + result = {'changed': changed} + + module.exit_json(**result) + + +def main(): + run_module() + + +if __name__ == '__main__': + main() diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 754ecacaf..f56f24e12 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -14,33 +14,11 @@ #### Disable SWAP ##### # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory -- name: Check for swap usage - command: grep "^[^#].*swap" /etc/fstab - # grep: match any lines which don't begin with '#' and contain 'swap' - changed_when: false - failed_when: false - register: swap_result - -- when: - - swap_result.stdout_lines | length > 0 - - openshift_disable_swap | default(true) | bool - block: - - name: Disable swap - command: swapoff --all - - - name: Remove swap entries from /etc/fstab - replace: - dest: /etc/fstab - regexp: '(^[^#].*swap.*)' - replace: '# \1' - backup: yes - - - name: Add notice about disabling swap - lineinfile: - dest: /etc/fstab - line: '# OpenShift-Ansible Installer disabled swap per overcommit guidelines' - state: present -#### End Disable Swap Block #### +# swapoff is a custom module in lib_utils that comments out swap entries in +# /etc/fstab and runs swapoff -a, if necessary. +- name: Disable swap + swapoff: {} + when: openshift_disable_swap | default(true) | bool - name: include node installer include_tasks: install.yml diff --git a/roles/openshift_node/tasks/upgrade/config_changes.yml b/roles/openshift_node/tasks/upgrade/config_changes.yml index dd9183382..15ac76f7d 100644 --- a/roles/openshift_node/tasks/upgrade/config_changes.yml +++ b/roles/openshift_node/tasks/upgrade/config_changes.yml @@ -27,28 +27,12 @@ path: "/var/lib/cni/networks/openshift-sdn/" state: absent -# Disable Swap Block (pre) -- block: - - name: Remove swap entries from /etc/fstab - replace: - dest: /etc/fstab - regexp: '(^[^#].*swap.*)' - replace: '# \1' - backup: yes - - - name: Add notice about disabling swap - lineinfile: - dest: /etc/fstab - line: '# OpenShift-Ansible Installer disabled swap per overcommit guidelines' - state: present - - - name: Disable swap - command: swapoff --all - - when: - - openshift_node_upgrade_swap_result | default(False) | bool - - openshift_disable_swap | default(true) | bool -# End Disable Swap Block +# https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory +# swapoff is a custom module in lib_utils that comments out swap entries in +# /etc/fstab and runs swapoff -a, if necessary. +- name: Disable swap + swapoff: {} + when: openshift_disable_swap | default(true) | bool - name: Apply 3.6 dns config changes yedit: diff --git a/roles/openshift_node/tasks/upgrade_pre.yml b/roles/openshift_node/tasks/upgrade_pre.yml index 3ae7dc6b6..aa1a75100 100644 --- a/roles/openshift_node/tasks/upgrade_pre.yml +++ b/roles/openshift_node/tasks/upgrade_pre.yml @@ -41,16 +41,3 @@ vars: openshift_version: "{{ openshift_pkg_version | default('') }}" when: not openshift_is_containerized | bool - -# https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory -- name: Check for swap usage - command: grep "^[^#].*swap" /etc/fstab - # grep: match any lines which don't begin with '#' and contain 'swap' - changed_when: false - failed_when: false - register: swap_result - -# Set this fact here so we can use it during the next play, which is serial. -- name: set_fact swap_result - set_fact: - openshift_node_upgrade_swap_result: "{{ swap_result.stdout_lines | length > 0 | bool }}" -- cgit v1.2.3