roles/openshift_health_checker/openshift_checks/docker_image_availability.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

# pylint: disable=missing-docstring
from openshift_checks import OpenShiftCheck, get_var


class DockerImageAvailability(OpenShiftCheck):
    """Check that required Docker images are available.

    This check attempts to ensure that required docker images are
    either present locally, or able to be pulled down from available
    registries defined in a host machine.
    """

    name = "docker_image_availability"
    tags = ["preflight"]

    dependencies = ["skopeo", "python-docker-py"]

    deployment_image_info = {
        "origin": {
            "namespace": "openshift",
            "name": "origin",
        },
        "openshift-enterprise": {
            "namespace": "openshift3",
            "name": "ose",
        },
    }

    @classmethod
    def is_active(cls, task_vars):
        """Skip hosts with unsupported deployment types."""
        deployment_type = get_var(task_vars, "openshift_deployment_type")
        has_valid_deployment_type = deployment_type in cls.deployment_image_info

        return super(DockerImageAvailability, cls).is_active(task_vars) and has_valid_deployment_type

    def run(self, tmp, task_vars):
        msg, failed, changed = self.ensure_dependencies(task_vars)

        # exit early if Skopeo update fails
        if failed:
            if "No package matching" in msg:
                msg = "Ensure that all required dependencies can be installed via `yum`.\n"
            return {
                "failed": True,
                "changed": changed,
                "msg": (
                    "Unable to update or install required dependency packages on this host;\n"
                    "These are required in order to check Docker image availability:"
                    "\n    {deps}\n{msg}"
                ).format(deps=',\n    '.join(self.dependencies), msg=msg),
            }

        required_images = self.required_images(task_vars)
        missing_images = set(required_images) - set(self.local_images(required_images, task_vars))

        # exit early if all images were found locally
        if not missing_images:
            return {"changed": changed}

        registries = self.known_docker_registries(task_vars)
        if not registries:
            return {"failed": True, "msg": "Unable to retrieve any docker registries.", "changed": changed}

        available_images = self.available_images(missing_images, registries, task_vars)
        unavailable_images = set(missing_images) - set(available_images)

        if unavailable_images:
            return {
                "failed": True,
                "msg": (
                    "One or more required Docker images are not available:\n    {}\n"
                    "Configured registries: {}"
                ).format(",\n    ".join(sorted(unavailable_images)), ", ".join(registries)),
                "changed": changed,
            }

        return {"changed": changed}

    def required_images(self, task_vars):
        deployment_type = get_var(task_vars, "openshift_deployment_type")
        image_info = self.deployment_image_info[deployment_type]

        openshift_release = get_var(task_vars, "openshift_release", default="latest")
        openshift_image_tag = get_var(task_vars, "openshift_image_tag")
        is_containerized = get_var(task_vars, "openshift", "common", "is_containerized")

        images = set(self.required_docker_images(
            image_info["namespace"],
            image_info["name"],
            ["registry-console"] if "enterprise" in deployment_type else [],  # include enterprise-only image names
            openshift_release,
            is_containerized,
        ))

        # append images with qualified image tags to our list of required images.
        # these are images with a (v0.0.0.0) tag, rather than a standard release
        # format tag (v0.0). We want to check this set in both containerized and
        # non-containerized installations.
        images.update(
            self.required_qualified_docker_images(
                image_info["namespace"],
                image_info["name"],
                openshift_image_tag,
            ),
        )

        return images

    @staticmethod
    def required_docker_images(namespace, name, additional_image_names, version, is_containerized):
        if is_containerized:
            return ["{}/{}:{}".format(namespace, name, version)] if name else []

        # include additional non-containerized images specific to the current deployment type
        return ["{}/{}:{}".format(namespace, img_name, version) for img_name in additional_image_names]

    @staticmethod
    def required_qualified_docker_images(namespace, name, version):
        # pylint: disable=invalid-name
        return [
            "{}/{}-{}:{}".format(namespace, name, suffix, version)
            for suffix in ["haproxy-router", "docker-registry", "deployer", "pod"]
        ]

    def local_images(self, images, task_vars):
        """Filter a list of images and return those available locally."""
        return [
            image for image in images
            if self.is_image_local(image, task_vars)
        ]

    def is_image_local(self, image, task_vars):
        result = self.module_executor("docker_image_facts", {"name": image}, task_vars)
        if result.get("failed", False):
            return False

        return bool(result.get("images", []))

    @staticmethod
    def known_docker_registries(task_vars):
        docker_facts = get_var(task_vars, "openshift", "docker")
        regs = set(docker_facts["additional_registries"])

        deployment_type = get_var(task_vars, "openshift_deployment_type")
        if deployment_type == "origin":
            regs.update(["docker.io"])
        elif "enterprise" in deployment_type:
            regs.update(["registry.access.redhat.com"])

        return list(regs)

    def available_images(self, images, registries, task_vars):
        """Inspect existing images using Skopeo and return all images successfully inspected."""
        return [
            image for image in images
            if any(self.is_available_skopeo_image(image, registry, task_vars) for registry in registries)
        ]

    def is_available_skopeo_image(self, image, registry, task_vars):
        """Uses Skopeo to determine if required image exists in a given registry."""

        cmd_str = "skopeo inspect docker://{registry}/{image}".format(
            registry=registry,
            image=image,
        )

        args = {"_raw_params": cmd_str}
        result = self.module_executor("command", args, task_vars)
        return not result.get("failed", False) and result.get("rc", 0) == 0

    # ensures that the skopeo and python-docker-py packages exist
    # check is skipped on atomic installations
    def ensure_dependencies(self, task_vars):
        if get_var(task_vars, "openshift", "common", "is_atomic"):
            return "", False, False

        result = self.module_executor("yum", {"name": self.dependencies, "state": "latest"}, task_vars)
        return result.get("msg", ""), result.get("failed", False) or result.get("rc", 0) != 0, result.get("changed")