Create swapoff module

Create custome ansible module 'swapoff' to idempotently
disable swap in /etc/fstab and also run swapoff.

roles/lib_utils/library/swapoff.py

@@ -0,0 +1,137 @@
+#!/usr/bin/env python
+# pylint: disable=missing-docstring
+#
+# Copyright 2017 Red Hat, Inc. and/or its affiliates
+# and other contributors as indicated by the @author tags.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import subprocess
+
+from ansible.module_utils.basic import AnsibleModule
+
+
+DOCUMENTATION = '''
+---
+module: swapoff
+
+short_description: Disable swap and comment from /etc/fstab
+
+version_added: "2.4"
+
+description:
+    - This module disables swap and comments entries from /etc/fstab
+
+author:
+    - "Michael Gugino <mgugino@redhat.com>"
+'''
+
+EXAMPLES = '''
+# Pass in a message
+- name: Disable Swap
+  swapoff: {}
+'''
+
+
+def check_swap_in_fstab(module):
+    '''Check for uncommented swap entries in fstab'''
+    res = subprocess.call(['grep', '^[^#].*swap', '/etc/fstab'])
+
+    if res == 2:
+        # rc 2 == cannot open file.
+        result = {'failed': True,
+                  'changed': False,
+                  'msg': 'unable to read /etc/fstab',
+                  'state': 'unknown'}
+        module.fail_json(**result)
+    elif res == 1:
+        # No grep match, fstab looks good.
+        return False
+    elif res == 0:
+        # There is an uncommented entry for fstab.
+        return True
+    else:
+        # Some other grep error code, we shouldn't get here.
+        result = {'failed': True,
+                  'changed': False,
+                  'msg': 'unknow problem with grep "^[^#].*swap" /etc/fstab ',
+                  'state': 'unknown'}
+        module.fail_json(**result)
+
+
+def check_swapon_status(module):
+    '''Check if swap is actually in use.'''
+    try:
+        res = subprocess.check_output(['swapon', '--show'])
+    except subprocess.CalledProcessError:
+        # Some other grep error code, we shouldn't get here.
+        result = {'failed': True,
+                  'changed': False,
+                  'msg': 'unable to execute swapon --show',
+                  'state': 'unknown'}
+        module.fail_json(**result)
+    return 'NAME' in str(res)
+
+
+def comment_swap_fstab(module):
+    '''Comment out swap lines in /etc/fstab'''
+    res = subprocess.call(['sed', '-i.bak', 's/^[^#].*swap.*/#&/', '/etc/fstab'])
+    if res:
+        result = {'failed': True,
+                  'changed': False,
+                  'msg': 'sed failed to comment swap in /etc/fstab',
+                  'state': 'unknown'}
+        module.fail_json(**result)
+
+
+def run_swapoff(module, changed):
+    '''Run swapoff command'''
+    res = subprocess.call(['swapoff', '--all'])
+    if res:
+        result = {'failed': True,
+                  'changed': changed,
+                  'msg': 'swapoff --all returned {}'.format(str(res)),
+                  'state': 'unknown'}
+        module.fail_json(**result)
+
+
+def run_module():
+    '''Run this module'''
+    module = AnsibleModule(
+        supports_check_mode=False,
+        argument_spec={}
+    )
+    changed = False
+
+    swap_fstab_res = check_swap_in_fstab(module)
+    swap_is_inuse_res = check_swapon_status(module)
+
+    if swap_fstab_res:
+        comment_swap_fstab(module)
+        changed = True
+
+    if swap_is_inuse_res:
+        run_swapoff(module, changed)
+        changed = True
+
+    result = {'changed': changed}
+
+    module.exit_json(**result)
+
+
+def main():
+    run_module()
+
+
+if __name__ == '__main__':
+    main()

roles/openshift_node/tasks/main.yml

@@ -14,33 +14,11 @@
 
 #### Disable SWAP #####
 # https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory
-- name: Check for swap usage
-  command: grep "^[^#].*swap" /etc/fstab
-  # grep: match any lines which don't begin with '#' and contain 'swap'
-  changed_when: false
-  failed_when: false
-  register: swap_result
-
-- when:
-    - swap_result.stdout_lines | length > 0
-    - openshift_disable_swap | default(true) | bool
-  block:
-    - name: Disable swap
-      command: swapoff --all
-
-    - name: Remove swap entries from /etc/fstab
-      replace:
-        dest: /etc/fstab
-        regexp: '(^[^#].*swap.*)'
-        replace: '# \1'
-        backup: yes
-
-    - name: Add notice about disabling swap
-      lineinfile:
-        dest: /etc/fstab
-        line: '# OpenShift-Ansible Installer disabled swap per overcommit guidelines'
-        state: present
-#### End Disable Swap Block ####
+# swapoff is a custom module in lib_utils that comments out swap entries in
+# /etc/fstab and runs swapoff -a, if necessary.
+- name: Disable swap
+  swapoff: {}
+  when: openshift_disable_swap | default(true) | bool
 
 - name: include node installer
   include_tasks: install.yml

roles/openshift_node/tasks/upgrade/config_changes.yml

@@ -27,28 +27,12 @@
     path: "/var/lib/cni/networks/openshift-sdn/"
     state: absent
 
-# Disable Swap Block (pre)
-- block:
-  - name: Remove swap entries from /etc/fstab
-    replace:
-      dest: /etc/fstab
-      regexp: '(^[^#].*swap.*)'
-      replace: '# \1'
-      backup: yes
-
-  - name: Add notice about disabling swap
-    lineinfile:
-      dest: /etc/fstab
-      line: '# OpenShift-Ansible Installer disabled swap per overcommit guidelines'
-      state: present
-
-  - name: Disable swap
-    command: swapoff --all
-
-  when:
-  - openshift_node_upgrade_swap_result | default(False) | bool
-  - openshift_disable_swap | default(true) | bool
-# End Disable Swap Block
+# https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory
+# swapoff is a custom module in lib_utils that comments out swap entries in
+# /etc/fstab and runs swapoff -a, if necessary.
+- name: Disable swap
+  swapoff: {}
+  when: openshift_disable_swap | default(true) | bool
 
 - name: Apply 3.6 dns config changes
   yedit:

roles/openshift_node/tasks/upgrade_pre.yml

@@ -41,16 +41,3 @@
   vars:
     openshift_version: "{{ openshift_pkg_version | default('') }}"
   when: not openshift_is_containerized | bool
-
-# https://docs.openshift.com/container-platform/3.4/admin_guide/overcommit.html#disabling-swap-memory
-- name: Check for swap usage
-  command: grep "^[^#].*swap" /etc/fstab
-  # grep: match any lines which don't begin with '#' and contain 'swap'
-  changed_when: false
-  failed_when: false
-  register: swap_result
-
-# Set this fact here so we can use it during the next play, which is serial.
-- name: set_fact swap_result
-  set_fact:
-    openshift_node_upgrade_swap_result: "{{ swap_result.stdout_lines | length > 0 | bool }}"