Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add general content-view management role #1177

Closed
wants to merge 11 commits into from
Closed

add general content-view management role #1177

wants to merge 11 commits into from

Conversation

bmarlow
Copy link

@bmarlow bmarlow commented Mar 16, 2021

add role for promoting, publishing and rolling back content-views

@ehelms
Copy link
Member

ehelms commented Mar 16, 2021

We also have this content view role under development. I see a lot of overlap here for arriving at a role that allows users to manage content views.

@bmarlow
Copy link
Author

bmarlow commented Mar 16, 2021

We also have this content view role under development. I see a lot of overlap here for arriving at a role that allows users to manage content views.

That role looks like it is for creating content-views and related.

This one is specifically around managing them and their lifecycles, whether that be promotion, publishing a new one, or rolling back a version.

One key difference is that this role is more around operationalization of the content-views versus creating them. This view allows somebody to just set this on a schedule so that they can promote/publish (more than once) in an automated fashion, without having to keep editing their playbooks.

@ehelms
Copy link
Member

ehelms commented Mar 16, 2021

So, this is more of a content_view_version role? That could make sense to manage separately from the content view itself.

I'm not as clear on what rollback here means. Since all content view operations are simply promotions of some version to some environment. If for example I had version 10 in Test, and I wanted to version 8 instead. How would I go about that?

I would think, treating entities as code, I would update my yaml from 10 to 8 and let Ansible run and adjust things for me.

With the rollback, I assume I would have to run the playbook twice to go back two versions?

@ehelms
Copy link
Member

ehelms commented Mar 16, 2021

There are some variable naming updates that will be needed to ensure the role conforms to https://github.com/theforeman/foreman-ansible-modules#common-role-variables and attempts, where possible, to make use of existing variables defined for other roles such as lifecycle-environments (https://github.com/theforeman/foreman-ansible-modules/tree/develop/roles/lifecycle_environments).

@bmarlow
Copy link
Author

bmarlow commented Mar 16, 2021

So, this is more of a content_view_version role? That could make sense to manage separately from the content view itself.

I'm not as clear on what rollback here means. Since all content view operations are simply promotions of some version to some environment. If for example I had version 10 in Test, and I wanted to version 8 instead. How would I go about that?

I would think, treating entities as code, I would update my yaml from 10 to 8 and let Ansible run and adjust things for me.

With the rollback, I assume I would have to run the playbook twice to go back two versions?

content_view_version might be a more apt description of the role, truth be told I was struggling with what to name it.

The idea here is that the user doesn't need to know the content-view version, we will just loop over the dictionary and promote each of the lifecycle environments they want to N+1 of the content-view. If N+1 means that they need to publish a new version of the content-view first, it will do that automatically.

Rollback will give N-1 content-view version for each of the defined lifecycle environments. So yes, to roll back 2 versions you'd run it twice.

The number of versions to roll back could pretty easily get wrapped into a var in the main dictionary so that the roll back would do N-Y versions.

The main idea here is from customer experiences with patch management. They otherwise don't want to affect the content-view other than publishing new versions, or promoting lifecycle environments (or the occasional rollback).

The end state would be that the role gets called by AWX tower as a scheduled task that would align with a customers patching cadence/requirements (eg publish a new version every Tuesday, promote the dev LCE to the new version on Wednesday, so on and so forth).

This gives the customer the ability to do something of a 'set it and forget it' style, but at the same time getting the process to align with their business requirements.

resource: content_views
search: name = "{{ content_view }}"
validate_certs: false
register: content_view_data
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to have roles that utilize modules that aren't even in a main version yet? By using the existing format, this role will be backwards compatible with older versions of the collection.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Chiming in here, I think it does make sense. The primary way we expect users would consume this role would be to install the collection.

If they install the development branch from git they would have access to all of the latest modules. Of course it is more likely that they install one of the released versions from ansible galaxy, or a downstream RPM packaged version.... in each case still by the time this role is included in any of those releases, so too would be all modules currently present at development time.

Is this contrary to your expectation, @bmarlow ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wbclark I think its fair to assume people are going to get this by way of the collection so no need to worry there.

I guess my statement is more that I don't think it makes sense to build a role against a module that is in development as changes that happen to that module could potentially break the role.

As it sits (and based on the way that roles are consumed/delivered), I would think we wouldn't care which module got used as long as it worked (unless there was a significant performance benefit or depreciation issue) due to the fact that the user shouldn't really be modifying the role, but rather changing the variables that the role digests.

I haven't had a chance to use the new module yet, however my biggest concern would be that the data returned isn't structured the same way (maybe it is?) and it would require more significant refactoring (and lets face it, the data returned isn't the most easily parsable.

resource: content_view_versions
params:
content_view_id: "{{ content_view_data.resources[0].id }}"
register: version_information
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be a dedicated module for this as well in the next few days: #1169

Could be good feedback before merging it whether it handles your use case.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please see comment above.

with_dict: "{{ environments }}"


# only publish new view if necessary (when the current view is at or above library)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not fully understand this logic. Or the circumstances under which it may occur.

Copy link
Author

@bmarlow bmarlow Mar 16, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If your content-view's highest version number is 22, and that is also where your life-cycle environment is then we need to publish a new version prior to promoting- since you cannot promote to version 22+1 if version 23 doesn't exist.

@ehelms
Copy link
Member

ehelms commented Apr 28, 2021

content_view_version might be a more apt description of the role, truth be told I was struggling with what to name it.

The idea here is that the user doesn't need to know the content-view version, we will just loop over the dictionary and promote each of the lifecycle environments they want to N+1 of the content-view. If N+1 means that they need to publish a new version of the content-view first, it will do that automatically.

We discussed this PR during our triage this week (anybody is welcome to join btw) and arrived at the following thoughts on how to proceed.

There seems to be three primary functions contained in this that could be approached as independent roles:

  • a role to publish content views
  • a role to promote latest content views (perhaps a generic promote role with 'latest' as an option?)
  • a role to rollback content view versions (perhaps this could be a parameter to the promote)

We realize this creates additional work for additional roles but building re-usable roles would be beneficial to users and then also be consumed by this specific workflow. For example, #1209

I can also dedicate some time to help get these available.

Rollback will give N-1 content-view version for each of the defined lifecycle environments. So yes, to roll back 2 versions you'd run it twice.

The number of versions to roll back could pretty easily get wrapped into a var in the main dictionary so that the roll back would do N-Y versions.

The main idea here is from customer experiences with patch management. They otherwise don't want to affect the content-view other than publishing new versions, or promoting lifecycle environments (or the occasional rollback).

The end state would be that the role gets called by AWX tower as a scheduled task that would align with a customers patching cadence/requirements (eg publish a new version every Tuesday, promote the dev LCE to the new version on Wednesday, so on and so forth).

This gives the customer the ability to do something of a 'set it and forget it' style, but at the same time getting the process to align with their business requirements.

@bmarlow
Copy link
Author

bmarlow commented May 3, 2021

@ehelms

Just for clarification sake- is the intent here that a role should only have one purpose and be as singular as possible?

For the record, the currently proposed role can do all, or just one of the things listed in the three proposed new roles.

I can refactor if that is the desire of the team here, just looking for a little clarification with regards to role structures.

@bmarlow
Copy link
Author

bmarlow commented May 3, 2021

per maintainers request this has been replaced by PRs #1214 #1216 #1217

@bmarlow bmarlow closed this May 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants