-
Notifications
You must be signed in to change notification settings - Fork 896
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport methods from Automate to conversion_host - part2 #18064
Backport methods from Automate to conversion_host - part2 #18064
Conversation
@miq-bot add-label transformation, technical debt, wip |
Checked commit fabiendupont@7de90d6 with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0 app/models/conversion_host.rb
|
@miq-bot add-reviewer agrare |
@miq-bot remove-label wip |
@miq-bot add-label hammer/yes |
# - The number of concurrent tasks has not reached the limit | ||
def eligible? | ||
source_transport_method.present? && check_resource_credentials && check_concurrent_tasks | ||
source_transport_method.present? && check_ssh_connection && check_concurrent_tasks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is this method going to be called from and how often? Without storing or caching the result of the ssh_connection I'm worried this will be called a lot.
Could we use the existing authentication_check from the linked resource which stores the status in the authentication record?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be called by the throttler to identify if hosts are eligible for a specific task. We could limit it to check that credential is present for the resource, and not that the connection is valid. This would move this check to the time we actually interact with the conversion_host: run conversion, role check/enable/disable...
authentication_check
exists for Host but not for Vm. And in the case of Vm, the resource relies on credentials associated to the provider.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
authentication_check exists for Host but not for Vm
That is just one include AuthenticationMixin
away :)
And in the case of Vm, the resource relies on credentials associated to the provider.
So the ssh keys aren't actually associated to the Vm? I thought that is what we were doing for openstack conversion vms.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope. I guess it was also a UI challenge as today we don't have authentication for Vm and that would mean integrating a new tab or config dialog in the UI. And if we add authentication to Vm, how does it interact with Embedded Ansible ? IMO, it should be shared with Embedded Ansible, as user would be frustrated to create authentication tokens in 2 different places.
So, it was decided that the private key used for migration would be attached to the OpenStack provider and that somehow the associated public key would be injected in the VM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For that one, do you want to limit the check to credentials existence ?
app/models/conversion_host.rb
Outdated
end | ||
|
||
def source_transport_method | ||
return 'vddk' if vddk_transport_supported | ||
return 'ssh' if ssh_transport_supported | ||
end | ||
|
||
def ipaddress(family = nil) | ||
ips = ipaddresses | ||
return ips.first unless %w(ipv4 ipv6).include?(family) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about defaulting family = "ipv4"
so we don't have two ways of doing this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The idea was to filter out invalid family.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could always raise unless %w(ipv4 ipv6).include?(family)
if you're worried about it, but if someone passes in an invalid family then ipaddresses.detect { |ip| IPAddr.new(ip).send("#{family}?") }
will do that for you if someone from the future tries ip.ipv9?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But I don't want to raise, rather gracefully fallback to first IP address whatever its family.
What's the common approach in ManageIQ code ? raising or falling back ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Falling back to the first IP address when you asked for an invalid family is confusing, makes it seem like it succeeded.
We usually prefer to blow up on invalid input rather than hide potential bugs that could creep up later on.
app/models/conversion_host.rb
Outdated
def ipaddress(family = nil) | ||
ips = ipaddresses | ||
return ips.first unless %w(ipv4 ipv6).include?(family) | ||
ips.select { |ip| IPAddr.new(ip).send("#{family}?") }.first |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.detect
is a little bit cleaner than .select {}.first
app/models/conversion_host.rb
Outdated
private | ||
|
||
def ipaddresses | ||
resource.ipaddresses.unshift(address).unshift(resource.try(:ipaddress)).reject(&:blank?) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might get a bit cleaner if you did something like
def ipaddress
return address if address
above, then this is just resource.ipaddresses
...might not even need a method for it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't check the family of address
. But I agree it would be more readable on more lines, like:
ips = resource.ipaddresses
ips.unshift(address) if address
ips.unshift(resource.try(:ipaddress)) unless resource.try(:ipaddress).nil?
...and it doesn't really need a method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This wasn't checking the address family either. I mean instead of calling ips = ipaddresses
up here just do something like
def ipaddress(family = "ipv4")
return address if address && IPAddr.new(address).send("#{family}?")
resource.ipaddresses.detect { |ip| IPAddr.new(ip).send("#{family}?") }
end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, how do you account for resource.ipaddress
if the resource is a host ?
That would look like this, no ?
def ipaddress(family = "ipv4")
return address if address && IPAddr.new(address).send("#{family}?")
begin
return resource.ipaddress if resource.ipaddress && IPAddr.new(resource.ipaddress).send("#{family}?")
end
resource.ipaddresses.detect { |ip| IPAddr.new(ip).send("#{family}?") }
end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does it have to be different? They both expose resource.ipaddresses
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct. I had not read the ipaddress
method, so I thought the logic was different.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 cool cool
e0bf938
to
fc8cd75
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good to me, we should see about delegating the credential check to the providers authentication status to prevent the constant ssh checks
…t_from_automate_pt2 Backport methods from Automate to conversion_host - part2 (cherry picked from commit 7d140f5) https://bugzilla.redhat.com/show_bug.cgi?id=1634029
Hammer backport details:
|
This PR is the continuation of #18033 to backport Conversion Host related code to the ConversionHost model. In this PR, we handle the methods that execute through SSH.
Depends on:
Associated RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1634029