Squid error handling (#137)

* squid error handling * error handling added for login task * update
UKCloud · Jun 27, 2019 · 0b4654b · 0b4654b
1 parent 2ca94cf
commit 0b4654b
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/roles/openshiftpostdeployment/tasks/squid-whitelist.yml b/roles/openshiftpostdeployment/tasks/squid-whitelist.yml
@@ -18,7 +18,7 @@
   command: /usr/local/bin/oc create sa whitelist-reader -n whitelist
 
 - name: Create read-whitelist role
-  command: /usr/local/bin/oc create role read-whitelist --verb=get,list --resource=configmaps --resource-name=proxy-whitelist -n whitelist
+  command: /usr/local/bin/oc create role read-whitelist --verb=get,list,patch --resource=configmaps --resource-name=proxy-whitelist -n whitelist
 
 - name: Apply read-whitelist role to whitelist-reader serviceaccount
   command: /usr/local/bin/oc policy add-role-to-user read-whitelist -z whitelist-reader -n whitelist --role-namespace='whitelist'

diff --git a/roles/squid/templates/whitelist.j2 b/roles/squid/templates/whitelist.j2
@@ -6,4 +6,6 @@ idp.ukcloud.com
 # Squid does not support having subdomains of existing domains added
 # if you add any the proxy will not reconfigure correctly and any
 # further domains added will not be whitelisted until the offending
-# entries are removed
+# entries are removed. If a whitelist update fails due to duplicate
+# domains a new key "whitelist-error" will be added to this configmap
+# containing details on the offending entry
diff --git a/tools/playbooks/squid-whitelist.yaml b/tools/playbooks/squid-whitelist.yaml
@@ -1,6 +1,5 @@
 ---
 - hosts: localhost, loadbalancers_controlplane
-  any_errors_fatal: true
   tasks:
   - name: Retrieve whitelist from config-map
     shell: |
@@ -9,6 +8,11 @@
     when: inventory_hostname == 'localhost' and multinetwork
     register: proxy_whitelist
 
+  - name: Fail play if task to retrieve whitelist fails
+    fail:
+      msg: "Failing to avoid blank whitelist update"
+    when: hostvars['localhost'].proxy_whitelist.rc != 0
+
   - name: Insert changed block to /etc/squid/sites.whitelist.txt
     blockinfile:
       block: "{{ hostvars['localhost']['proxy_whitelist']['stdout'] }}"
@@ -20,8 +24,17 @@
     notify:
       - reconfigure squid
 
+  - meta: flush_handlers
+
+  - name: Create error configmap if necessary
+    shell: /usr/bin/oc patch cm proxy-whitelist -p '{"data":{"whitelist-error":"{{ reconfigure_status.stderr_lines[0]}}  {{ reconfigure_status.stderr_lines[1]}}"}}' -n whitelist
+    when: reconfigure_status.rc == 1
+    delegate_to: 127.0.0.1
+
   handlers:
     - name: reconfigure squid
       command: /usr/sbin/squid -k reconfigure
       become: yes
+      ignore_errors: true
       when: inventory_hostname in groups.loadbalancers_controlplane
+      register: reconfigure_status