From f639ad0b3514c3a6a485b2e75082ac0b3b850454 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 13 May 2021 15:33:17 +0100 Subject: [PATCH] Use ansible_facts to reference facts By default, Ansible injects a variable for every fact, prefixed with ansible_. This can result in a large number of variables for each host, which at scale can incur a performance penalty. Ansible provides a configuration option [0] that can be set to False to prevent this injection of facts. In this case, facts should be referenced via ansible_facts.. This change updates all references to Ansible facts within Kayobe from using individual fact variables to using the items in the ansible_facts dictionary. This allows users to disable fact variable injection in their Ansible configuration, which may provide some performance improvement. This change disables fact variable injection in the ansible configuration used in CI, to catch any attempts to use the injected variables. [0] https://docs.ansible.com/ansible/latest/reference_appendices/config.html#inject-facts-as-vars Story: 2007993 Task: 42464 Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/791276 Change-Id: I14db53ed6e57d37bbd28dd5819e432e3fe6628b2 --- ansible/compute-node-discovery.yml | 4 +-- ansible/container-image-build.yml | 4 +-- ansible/disable-selinux.yml | 4 +-- ansible/dnf.yml | 2 +- ansible/group_vars/all/time | 2 +- ansible/host-package-update.yml | 2 +- ansible/idrac-bootstrap.yml | 4 +-- ansible/kayobe-target-venv.yml | 18 +++++------ ansible/kolla-target-venv.yml | 10 +++---- ansible/network.yml | 2 +- ansible/overcloud-etc-hosts-fixup.yml | 4 +-- ansible/overcloud-ipa-build.yml | 2 +- ansible/overcloud-ipa-images.yml | 4 +-- ansible/roles/bootstrap/tasks/main.yml | 8 ++--- ansible/roles/dev-tools/tasks/main.yml | 4 +-- ansible/roles/disable-selinux/tasks/main.yml | 6 ++-- .../roles/docker-registry/tasks/config.yml | 16 +++++----- ansible/roles/docker/tasks/main.yml | 2 +- .../roles/inspection-store/tasks/config.yml | 4 +-- ansible/roles/ipa-images/tasks/main.yml | 4 +-- .../templates/host-vars.j2 | 2 ++ ansible/roles/kolla-ansible/defaults/main.yml | 2 +- ansible/roles/kolla-ansible/tasks/config.yml | 4 +-- ansible/roles/kolla-ansible/tasks/install.yml | 16 +++++----- .../kolla-openstack/templates/ironic.conf.j2 | 2 +- ansible/roles/kolla/defaults/main.yml | 2 +- ansible/roles/kolla/tasks/config.yml | 4 +-- ansible/roles/kolla/tasks/install.yml | 18 +++++------ ansible/roles/ntp/tasks/prepare.yml | 4 +-- ansible/roles/pip/tasks/pip_conf.yml | 4 +-- ansible/roles/snat/tasks/main.yml | 4 +-- .../roles/swift-block-devices/tasks/main.yml | 4 +-- ansible/roles/veth/tasks/main.yml | 2 +- ansible/roles/wipe-disks/tasks/main.yml | 4 +-- ansible/seed-ipa-build.yml | 2 +- ansible/seed-service-upgrade-prep.yml | 2 +- ansible/seed-vm-provision.yml | 8 ++--- ansible/snat.yml | 4 +-- ansible/time.yml | 2 +- dev/tenks-deploy-config-compute.yml | 2 +- .../configuration/reference/ansible.rst | 2 +- kayobe/ansible.py | 1 + kayobe/tests/unit/test_ansible.py | 1 + playbooks/kayobe-base/pre.yml | 14 +++++++++ .../notes/ansible-facts-2b3389a2534d47a2.yaml | 10 +++++++ requirements.yml | 30 +++++++++---------- 46 files changed, 142 insertions(+), 114 deletions(-) create mode 100644 releasenotes/notes/ansible-facts-2b3389a2534d47a2.yaml diff --git a/ansible/compute-node-discovery.yml b/ansible/compute-node-discovery.yml index ee10488c6..539d6ae4a 100644 --- a/ansible/compute-node-discovery.yml +++ b/ansible/compute-node-discovery.yml @@ -11,8 +11,8 @@ package: name: ipmitool state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True run_once: True delegate_to: "{{ controller_host }}" diff --git a/ansible/container-image-build.yml b/ansible/container-image-build.yml index 6d462909f..f35a1c505 100644 --- a/ansible/container-image-build.yml +++ b/ansible/container-image-build.yml @@ -30,8 +30,8 @@ file: path: "{{ kolla_build_log_path }}" state: touch - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True - name: Login to docker registry diff --git a/ansible/disable-selinux.yml b/ansible/disable-selinux.yml index 760743435..3c3bed1b1 100644 --- a/ansible/disable-selinux.yml +++ b/ansible/disable-selinux.yml @@ -5,5 +5,5 @@ - disable-selinux roles: - role: disable-selinux - disable_selinux_reboot_timeout: "{{ 600 if ansible_virtualization_role == 'host' else 300 }}" - when: ansible_os_family == 'RedHat' + disable_selinux_reboot_timeout: "{{ 600 if ansible_facts.virtualization_role == 'host' else 300 }}" + when: ansible_facts.os_family == 'RedHat' diff --git a/ansible/dnf.yml b/ansible/dnf.yml index c1022d324..0c1e4279b 100644 --- a/ansible/dnf.yml +++ b/ansible/dnf.yml @@ -14,4 +14,4 @@ tags: - dnf-automatic when: - - ansible_os_family == 'RedHat' + - ansible_facts.os_family == 'RedHat' diff --git a/ansible/group_vars/all/time b/ansible/group_vars/all/time index d37a1a83e..dbf49927e 100644 --- a/ansible/group_vars/all/time +++ b/ansible/group_vars/all/time @@ -5,7 +5,7 @@ # Timezone. # Name of the local timezone. -timezone: "{{ ansible_date_time.tz }}" +timezone: "{{ ansible_facts.date_time.tz }}" ############################################################################### # Network Time Protocol (NTP). diff --git a/ansible/host-package-update.yml b/ansible/host-package-update.yml index 59e36f01d..3e68bb3c8 100644 --- a/ansible/host-package-update.yml +++ b/ansible/host-package-update.yml @@ -12,5 +12,5 @@ name: "{{ host_package_update_packages }}" security: "{{ host_package_update_security | bool }}" state: latest - when: ansible_os_family == 'RedHat' + when: ansible_facts.os_family == 'RedHat' become: true diff --git a/ansible/idrac-bootstrap.yml b/ansible/idrac-bootstrap.yml index 8c6b2eb89..dcf4e8b62 100644 --- a/ansible/idrac-bootstrap.yml +++ b/ansible/idrac-bootstrap.yml @@ -46,8 +46,8 @@ package: name: wget state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" - name: Ensure Dell srvadmin repository is installed shell: "wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash" diff --git a/ansible/kayobe-target-venv.yml b/ansible/kayobe-target-venv.yml index b464495ca..b18acf9c6 100644 --- a/ansible/kayobe-target-venv.yml +++ b/ansible/kayobe-target-venv.yml @@ -19,23 +19,23 @@ - block: - name: Gather facts setup: - when: not module_setup | default(false) + when: not ansible_facts.module_setup | default(false) register: gather_facts - name: Ensure the Python virtualenv package is installed package: name: python3-virtualenv state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True - name: Ensure global virtualenv directory exists file: path: "{{ virtualenv_path }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0755 # Check whether the virtualenv directory is a subdirectory of the # global virtualenv directory. @@ -46,8 +46,8 @@ file: path: "{{ virtualenv }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0700 become: True @@ -59,7 +59,7 @@ # Site packages are required for using the dnf module, which is not # available via PyPI. virtualenv_site_packages: True - virtualenv_python: "python3.{{ ansible_python.version.minor }}" + virtualenv_python: "python3.{{ ansible_facts.python.version.minor }}" - name: Ensure kayobe virtualenv has SELinux bindings installed pip: @@ -67,7 +67,7 @@ state: latest virtualenv: "{{ virtualenv }}" when: - - ansible_os_family == 'RedHat' + - ansible_facts.os_family == 'RedHat' vars: # Use the system python interpreter since the virtualenv might not # exist. diff --git a/ansible/kolla-target-venv.yml b/ansible/kolla-target-venv.yml index 8abb5d920..9a556b9a0 100644 --- a/ansible/kolla-target-venv.yml +++ b/ansible/kolla-target-venv.yml @@ -21,14 +21,14 @@ - block: - name: Gather facts setup: - when: not module_setup | default(false) + when: not ansible_facts.module_setup | default(false) - name: Ensure the Python virtualenv package is installed package: name: python3-virtualenv state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True - name: Ensure kolla-ansible virtualenv has the latest version of pip installed @@ -39,7 +39,7 @@ # Site packages are required for using the dnf python module, which # is not available via PyPI. virtualenv_site_packages: True - virtualenv_python: "python3.{{ ansible_python.version.minor }}" + virtualenv_python: "python3.{{ ansible_facts.python.version.minor }}" become: True - name: Ensure kolla-ansible virtualenv has docker SDK for python installed @@ -57,7 +57,7 @@ virtualenv: "{{ kolla_ansible_target_venv }}" become: True when: - - ansible_os_family == 'RedHat' + - ansible_facts.os_family == 'RedHat' - name: Ensure kolla-ansible virtualenv has correct ownership file: diff --git a/ansible/network.yml b/ansible/network.yml index 54aa3d868..5ff0b69f1 100644 --- a/ansible/network.yml +++ b/ansible/network.yml @@ -38,4 +38,4 @@ - name: Configure the network include_role: - name: "network-{{ ansible_os_family | lower }}" + name: "network-{{ ansible_facts.os_family | lower }}" diff --git a/ansible/overcloud-etc-hosts-fixup.yml b/ansible/overcloud-etc-hosts-fixup.yml index 1d170383c..ec592a871 100644 --- a/ansible/overcloud-etc-hosts-fixup.yml +++ b/ansible/overcloud-etc-hosts-fixup.yml @@ -17,10 +17,10 @@ - name: Ensure overcloud hosts' /etc/hosts does not contain incorrect IPs lineinfile: dest: /etc/hosts - regexp: "^(?!{{ internal_net_name | net_ip | regex_escape }})[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+[ \t]*{{ ansible_hostname }}" + regexp: "^(?!{{ internal_net_name | net_ip | regex_escape }})[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+[ \t]*{{ ansible_facts.hostname }}" state: absent # Ensure that the correct entry is present. - validate: "grep -E '^({{ internal_net_name | net_ip | regex_escape }}).*{{ ansible_hostname }}' %s" + validate: "grep -E '^({{ internal_net_name | net_ip | regex_escape }}).*{{ ansible_facts.hostname }}' %s" become: True - name: Ensure rabbitmq containers' /etc/hosts does not contain incorrect IPs diff --git a/ansible/overcloud-ipa-build.yml b/ansible/overcloud-ipa-build.yml index f98f29785..bc8e9f68a 100644 --- a/ansible/overcloud-ipa-build.yml +++ b/ansible/overcloud-ipa-build.yml @@ -30,7 +30,7 @@ name: "libgcrypt" state: latest become: True - when: ansible_os_family == 'RedHat' + when: ansible_facts.os_family == 'RedHat' - name: Ensure Ironic Python Agent images are built include_role: diff --git a/ansible/overcloud-ipa-images.yml b/ansible/overcloud-ipa-images.yml index 97ddfff8f..7246faf90 100644 --- a/ansible/overcloud-ipa-images.yml +++ b/ansible/overcloud-ipa-images.yml @@ -78,8 +78,8 @@ file: path: "{{ image_cache_path }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True when: >- not image_cache_stat.stat.exists or diff --git a/ansible/roles/bootstrap/tasks/main.yml b/ansible/roles/bootstrap/tasks/main.yml index 9da0fd151..a212db943 100644 --- a/ansible/roles/bootstrap/tasks/main.yml +++ b/ansible/roles/bootstrap/tasks/main.yml @@ -1,13 +1,13 @@ --- - name: Include OS family-specific variables - include_vars: "{{ ansible_os_family }}.yml" + include_vars: "{{ ansible_facts.os_family }}.yml" - name: Ensure required packages are installed package: name: "{{ bootstrap_package_dependencies }}" state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True - name: Check whether an SSH key exists @@ -24,7 +24,7 @@ - name: Ensure SSH public key is in authorized keys authorized_key: - user: "{{ ansible_user_id }}" + user: "{{ ansible_facts.user_id }}" key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}" - name: Scan for SSH keys diff --git a/ansible/roles/dev-tools/tasks/main.yml b/ansible/roles/dev-tools/tasks/main.yml index e45b40318..180d3d006 100644 --- a/ansible/roles/dev-tools/tasks/main.yml +++ b/ansible/roles/dev-tools/tasks/main.yml @@ -3,6 +3,6 @@ package: name: "{{ dev_tools_packages }}" state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True diff --git a/ansible/roles/disable-selinux/tasks/main.yml b/ansible/roles/disable-selinux/tasks/main.yml index 588cbbd6f..5b777452b 100644 --- a/ansible/roles/disable-selinux/tasks/main.yml +++ b/ansible/roles/disable-selinux/tasks/main.yml @@ -3,8 +3,8 @@ package: name: python3-libselinux state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True - name: Check if SELinux configuration file exists @@ -22,7 +22,7 @@ - block: - name: Set a fact to determine whether we are running locally set_fact: - is_local: "{{ lookup('pipe', 'hostname') in [ansible_hostname, ansible_nodename] }}" + is_local: "{{ lookup('pipe', 'hostname') in [ansible_facts.hostname, ansible_facts.nodename] }}" - name: Reboot the system to apply SELinux changes (local) command: shutdown -r now "Applying SELinux changes" diff --git a/ansible/roles/docker-registry/tasks/config.yml b/ansible/roles/docker-registry/tasks/config.yml index bde4dbbdc..4e5b67554 100644 --- a/ansible/roles/docker-registry/tasks/config.yml +++ b/ansible/roles/docker-registry/tasks/config.yml @@ -3,8 +3,8 @@ file: path: "{{ docker_registry_config_path }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0750 become: True when: >- @@ -15,8 +15,8 @@ copy: src: "{{ docker_registry_cert_path }}" dest: "{{ docker_registry_config_path }}/cert.pem" - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0600 become: True when: docker_registry_enable_tls | bool @@ -27,8 +27,8 @@ copy: src: "{{ docker_registry_key_path }}" dest: "{{ docker_registry_config_path }}/key.pem" - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0600 become: True when: docker_registry_enable_tls | bool @@ -39,8 +39,8 @@ copy: src: "{{ docker_registry_basic_auth_htpasswd_path }}" dest: "{{ docker_registry_config_path }}/htpasswd" - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0600 become: True when: docker_registry_enable_basic_auth | bool diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml index 91726cea3..82477947f 100644 --- a/ansible/roles/docker/tasks/main.yml +++ b/ansible/roles/docker/tasks/main.yml @@ -17,7 +17,7 @@ - name: Ensure user is in the docker group user: - name: "{{ ansible_user_id }}" + name: "{{ ansible_facts.user_id }}" groups: docker append: yes register: group_result diff --git a/ansible/roles/inspection-store/tasks/config.yml b/ansible/roles/inspection-store/tasks/config.yml index 6297198ab..e798f0214 100644 --- a/ansible/roles/inspection-store/tasks/config.yml +++ b/ansible/roles/inspection-store/tasks/config.yml @@ -3,8 +3,8 @@ file: path: "{{ inspection_store_config_path }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0750 become: True diff --git a/ansible/roles/ipa-images/tasks/main.yml b/ansible/roles/ipa-images/tasks/main.yml index 6843a740d..a5bdb72da 100644 --- a/ansible/roles/ipa-images/tasks/main.yml +++ b/ansible/roles/ipa-images/tasks/main.yml @@ -3,8 +3,8 @@ file: path: "{{ ipa_images_cache_path }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True - name: Ensure Ironic Python Agent (IPA) images are present diff --git a/ansible/roles/kolla-ansible-host-vars/templates/host-vars.j2 b/ansible/roles/kolla-ansible-host-vars/templates/host-vars.j2 index 40edf00f5..e09b862e2 100644 --- a/ansible/roles/kolla-ansible-host-vars/templates/host-vars.j2 +++ b/ansible/roles/kolla-ansible-host-vars/templates/host-vars.j2 @@ -3,5 +3,7 @@ {% set host_hv=hostvars[inventory_hostname] %} {% if hv_name in host_hv %} {{ kolla_ansible_pass_through_host_vars_map.get(hv_name, hv_name) }}: {{ host_hv[hv_name] | to_json }} +{% elif hv_name in host_hv["ansible_facts"] %} +{{ kolla_ansible_pass_through_host_vars_map.get(hv_name, hv_name) }}: {{ host_hv["ansible_facts"][hv_name] | to_json }} {% endif %} {% endfor %} diff --git a/ansible/roles/kolla-ansible/defaults/main.yml b/ansible/roles/kolla-ansible/defaults/main.yml index 9dcc683fe..33b0d2def 100644 --- a/ansible/roles/kolla-ansible/defaults/main.yml +++ b/ansible/roles/kolla-ansible/defaults/main.yml @@ -13,7 +13,7 @@ kolla_ansible_source_url: kolla_ansible_source_version: # Virtualenv directory where Kolla-ansible will be installed. -kolla_ansible_venv: "{{ ansible_env['PWD'] }}/kolla-venv" +kolla_ansible_venv: "{{ ansible_facts.env['PWD'] }}/kolla-venv" # Python interpreter to use to create Kolla Ansible virtualenv. kolla_ansible_venv_python: python3 diff --git a/ansible/roles/kolla-ansible/tasks/config.yml b/ansible/roles/kolla-ansible/tasks/config.yml index 79f61c638..f74c148a1 100644 --- a/ansible/roles/kolla-ansible/tasks/config.yml +++ b/ansible/roles/kolla-ansible/tasks/config.yml @@ -30,8 +30,8 @@ file: path: "{{ item }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0750 become: True with_items: diff --git a/ansible/roles/kolla-ansible/tasks/install.yml b/ansible/roles/kolla-ansible/tasks/install.yml index c0d3f09e6..5c96170a3 100644 --- a/ansible/roles/kolla-ansible/tasks/install.yml +++ b/ansible/roles/kolla-ansible/tasks/install.yml @@ -1,6 +1,6 @@ --- - name: Include OS family-specific variables - include_vars: "{{ ansible_os_family }}.yml" + include_vars: "{{ ansible_facts.os_family }}.yml" - name: Ensure EPEL repo is installed package: @@ -8,7 +8,7 @@ state: present become: True when: - - ansible_os_family == 'RedHat' + - ansible_facts.os_family == 'RedHat' - kolla_ansible_install_epel | bool - name: Ensure required packages are installed @@ -16,16 +16,16 @@ # NOTE(mgoddard): select non-empty packages. name: "{{ kolla_ansible_package_dependencies | select | list }}" state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True - name: Ensure source code checkout parent directory exists file: path: "{{ kolla_ansible_source_path | dirname }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True when: kolla_ansible_ctl_install_type == 'source' @@ -40,8 +40,8 @@ file: path: "{{ kolla_ansible_venv | dirname }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True when: kolla_ansible_venv is not none diff --git a/ansible/roles/kolla-openstack/templates/ironic.conf.j2 b/ansible/roles/kolla-openstack/templates/ironic.conf.j2 index 17c869ed5..2e2b0a13f 100644 --- a/ansible/roles/kolla-openstack/templates/ironic.conf.j2 +++ b/ansible/roles/kolla-openstack/templates/ironic.conf.j2 @@ -33,7 +33,7 @@ pxe_append_params = {{ kolla_ironic_pxe_append_params | join(' ') }} {% endif %} {% raw %} -tftp_server = {{ hostvars[inventory_hostname]['ansible_' + api_interface | replace('-', '_')]['ipv4']['address'] }} +tftp_server = {{ hostvars[inventory_hostname].ansible_facts[api_interface | replace('-', '_')]['ipv4']['address'] }} {% endraw %} {% if kolla_extra_ironic %} diff --git a/ansible/roles/kolla/defaults/main.yml b/ansible/roles/kolla/defaults/main.yml index 175d22880..f0ca0c57e 100644 --- a/ansible/roles/kolla/defaults/main.yml +++ b/ansible/roles/kolla/defaults/main.yml @@ -13,7 +13,7 @@ kolla_source_url: kolla_source_version: # Virtualenv directory where Kolla will be installed. -kolla_venv: "{{ ansible_env['PWD'] }}/kolla-venv" +kolla_venv: "{{ ansible_facts.env['PWD'] }}/kolla-venv" # Upper constraints file which is passed to pip when installing packages # into the kolla venv. diff --git a/ansible/roles/kolla/tasks/config.yml b/ansible/roles/kolla/tasks/config.yml index 286e7d0d4..8554ae4fa 100644 --- a/ansible/roles/kolla/tasks/config.yml +++ b/ansible/roles/kolla/tasks/config.yml @@ -3,8 +3,8 @@ file: path: "{{ item }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" mode: 0750 become: True with_items: diff --git a/ansible/roles/kolla/tasks/install.yml b/ansible/roles/kolla/tasks/install.yml index 547f49de0..c28433bea 100644 --- a/ansible/roles/kolla/tasks/install.yml +++ b/ansible/roles/kolla/tasks/install.yml @@ -1,6 +1,6 @@ --- - name: Include OS family-specific variables - include_vars: "{{ ansible_os_family }}.yml" + include_vars: "{{ ansible_facts.os_family }}.yml" - name: Ensure EPEL repo is installed package: @@ -8,23 +8,23 @@ state: present become: True when: - - ansible_os_family == 'RedHat' + - ansible_facts.os_family == 'RedHat' - kolla_install_epel | bool - name: Ensure required packages are installed package: name: "{{ kolla_package_dependencies }}" state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True - name: Ensure source code checkout path exists file: path: "{{ kolla_source_path | dirname }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True when: kolla_ctl_install_type == 'source' @@ -39,8 +39,8 @@ file: path: "{{ kolla_venv | dirname }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True when: kolla_venv is not none @@ -49,7 +49,7 @@ name: "{{ item.name }}" state: latest virtualenv: "{{ kolla_venv }}" - virtualenv_python: "python3.{{ ansible_python.version.minor }}" + virtualenv_python: "python3.{{ ansible_facts.python.version.minor }}" with_items: - { name: pip } diff --git a/ansible/roles/ntp/tasks/prepare.yml b/ansible/roles/ntp/tasks/prepare.yml index 903df1785..d625411cb 100644 --- a/ansible/roles/ntp/tasks/prepare.yml +++ b/ansible/roles/ntp/tasks/prepare.yml @@ -4,7 +4,7 @@ - name: Mask alternative NTP clients to prevent conflicts vars: - service_exists: "{{ item in services }}" + service_exists: "{{ item in ansible_facts.services }}" systemd: name: "{{ item }}" enabled: "{{ 'false' if service_exists else omit }}" @@ -23,4 +23,4 @@ # can't possibly exist, but trying to execute this unconditionally will fail # with: No module named 'docker' as we have not yet added the docker package # to the kayobe target venv. - when: "'docker.service' in services" + when: "'docker.service' in ansible_facts.services" diff --git a/ansible/roles/pip/tasks/pip_conf.yml b/ansible/roles/pip/tasks/pip_conf.yml index 8b1301762..ce164f365 100644 --- a/ansible/roles/pip/tasks/pip_conf.yml +++ b/ansible/roles/pip/tasks/pip_conf.yml @@ -4,8 +4,8 @@ - name: Ensure acl package is installed package: name: acl - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: true - name: Create local .pip directory diff --git a/ansible/roles/snat/tasks/main.yml b/ansible/roles/snat/tasks/main.yml index 3d1796e51..6fc64aa5c 100644 --- a/ansible/roles/snat/tasks/main.yml +++ b/ansible/roles/snat/tasks/main.yml @@ -2,8 +2,8 @@ - name: Ensure iptables is installed package: name: iptables - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: true # iptables -t nat -A POSTROUTING -o {{ interface }} -j SNAT --to-source {{ source_ip }} diff --git a/ansible/roles/swift-block-devices/tasks/main.yml b/ansible/roles/swift-block-devices/tasks/main.yml index 8d21074f2..1da9979fa 100644 --- a/ansible/roles/swift-block-devices/tasks/main.yml +++ b/ansible/roles/swift-block-devices/tasks/main.yml @@ -15,8 +15,8 @@ - parted - xfsprogs state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True when: swift_block_devices | length > 0 diff --git a/ansible/roles/veth/tasks/main.yml b/ansible/roles/veth/tasks/main.yml index 2c28f1229..f6eb1dcb5 100644 --- a/ansible/roles/veth/tasks/main.yml +++ b/ansible/roles/veth/tasks/main.yml @@ -1,2 +1,2 @@ --- -- include_tasks: "{{ ansible_os_family }}.yml" +- include_tasks: "{{ ansible_facts.os_family }}.yml" diff --git a/ansible/roles/wipe-disks/tasks/main.yml b/ansible/roles/wipe-disks/tasks/main.yml index e1a26ef5b..e88177a7f 100644 --- a/ansible/roles/wipe-disks/tasks/main.yml +++ b/ansible/roles/wipe-disks/tasks/main.yml @@ -10,8 +10,8 @@ package: name: lvm2 state: present - cache_valid_time: "{{ apt_cache_valid_time if ansible_os_family == 'Debian' else omit }}" - update_cache: "{{ True if ansible_os_family == 'Debian' else omit }}" + cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}" + update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}" become: True - name: Check for unmounted block devices diff --git a/ansible/seed-ipa-build.yml b/ansible/seed-ipa-build.yml index 846ced213..05297f332 100644 --- a/ansible/seed-ipa-build.yml +++ b/ansible/seed-ipa-build.yml @@ -20,7 +20,7 @@ name: libgcrypt state: latest become: True - when: ansible_os_family == 'RedHat' + when: ansible_facts.os_family == 'RedHat' - name: Ensure Ironic Python Agent images are built include_role: diff --git a/ansible/seed-service-upgrade-prep.yml b/ansible/seed-service-upgrade-prep.yml index 213750726..1e300997a 100644 --- a/ansible/seed-service-upgrade-prep.yml +++ b/ansible/seed-service-upgrade-prep.yml @@ -20,7 +20,7 @@ - name: Set a fact about the current time set_fact: - ipa_extension: "{{ ansible_date_time.iso8601 }}" + ipa_extension: "{{ ansible_facts.date_time.iso8601 }}" - name: Move old IPA deployment images to make way for new ones command: mv {{ item.path }} {{ item.path }}.{{ ipa_extension }} diff --git a/ansible/seed-vm-provision.yml b/ansible/seed-vm-provision.yml index cc5e3839a..284479887 100644 --- a/ansible/seed-vm-provision.yml +++ b/ansible/seed-vm-provision.yml @@ -19,20 +19,20 @@ command: "dnf install coreutils -y --allowerasing" become: True when: - - ansible_os_family == 'RedHat' + - ansible_facts.os_family == 'RedHat' - name: Ensure the image cache directory exists file: path: "{{ image_cache_path }}" state: directory - owner: "{{ ansible_user_uid }}" - group: "{{ ansible_user_gid }}" + owner: "{{ ansible_facts.user_uid }}" + group: "{{ ansible_facts.user_gid }}" become: True roles: - role: jriguera.configdrive # For now assume the VM OS family is the same as the hypervisor's. - configdrive_os_family: "{{ ansible_os_family }}" + configdrive_os_family: "{{ ansible_facts.os_family }}" configdrive_uuid: "{{ seed_host | to_uuid }}" configdrive_fqdn: "{{ seed_host }}" configdrive_name: "{{ seed_host }}" diff --git a/ansible/snat.yml b/ansible/snat.yml index caa88843c..311f3c045 100644 --- a/ansible/snat.yml +++ b/ansible/snat.yml @@ -7,7 +7,7 @@ - snat vars: snat_rules: - - interface: "{{ ansible_default_ipv4.interface }}" - source_ip: "{{ ansible_default_ipv4.address }}" + - interface: "{{ ansible_facts.default_ipv4.interface }}" + source_ip: "{{ ansible_facts.default_ipv4.address }}" roles: - role: snat diff --git a/ansible/time.yml b/ansible/time.yml index 57a7cf150..3c88cfa2a 100644 --- a/ansible/time.yml +++ b/ansible/time.yml @@ -5,7 +5,7 @@ - timezone tasks: - import_role: - name: yatesr.timezone + name: stackhpc.timezone become: True - name: Ensure ntp group exists diff --git a/dev/tenks-deploy-config-compute.yml b/dev/tenks-deploy-config-compute.yml index eb2801ede..c4008377b 100644 --- a/dev/tenks-deploy-config-compute.yml +++ b/dev/tenks-deploy-config-compute.yml @@ -44,7 +44,7 @@ libvirt_vm_engine: "qemu" # QEMU may not be installed on the host, so set the path and avoid # autodetection. -libvirt_vm_emulator: "{% if ansible_os_family == 'RedHat' %}/usr/libexec/qemu-kvm{% else %}/usr/bin/qemu-system-x86_64{% endif %}" +libvirt_vm_emulator: "{% if ansible_facts.os_family == 'RedHat' %}/usr/libexec/qemu-kvm{% else %}/usr/bin/qemu-system-x86_64{% endif %}" # Specify a log path in the kolla_logs Docker volume. It is accessible on the # host at the same path. diff --git a/doc/source/configuration/reference/ansible.rst b/doc/source/configuration/reference/ansible.rst index e434ed68a..55f2688f1 100644 --- a/doc/source/configuration/reference/ansible.rst +++ b/doc/source/configuration/reference/ansible.rst @@ -57,7 +57,7 @@ In order to make this work with Kayobe, it is necessary to change Ansible's `__ configuration option to ``smart``. Additionally, it is necessary to use separate fact caches for Kayobe and Kolla Ansible due to some of the facts -(e.g. ``ansible_user_uid`` and ``ansible_python``) differing. +(e.g. ``ansible_facts.user_uid`` and ``ansible_facts.python``) differing. Example ------- diff --git a/kayobe/ansible.py b/kayobe/ansible.py index 788c8a901..6dbc1eb86 100644 --- a/kayobe/ansible.py +++ b/kayobe/ansible.py @@ -336,6 +336,7 @@ def prune_galaxy_roles(parsed_args): 'resmo.ntp', 'stackhpc.ntp', 'stackhpc.os-shade', + 'yatesr.timezone', ] LOG.debug("Removing roles: %s", ",".join(roles_to_remove)) utils.galaxy_remove(roles_to_remove, "ansible/roles") diff --git a/kayobe/tests/unit/test_ansible.py b/kayobe/tests/unit/test_ansible.py index de4324297..4f9d8945f 100644 --- a/kayobe/tests/unit/test_ansible.py +++ b/kayobe/tests/unit/test_ansible.py @@ -532,6 +532,7 @@ class TestCase(unittest.TestCase): 'resmo.ntp', 'stackhpc.ntp', 'stackhpc.os-shade', + 'yatesr.timezone', ] mock_remove.assert_called_once_with(expected_roles, "ansible/roles") diff --git a/playbooks/kayobe-base/pre.yml b/playbooks/kayobe-base/pre.yml index 2b22f4d43..01314b693 100644 --- a/playbooks/kayobe-base/pre.yml +++ b/playbooks/kayobe-base/pre.yml @@ -1,5 +1,14 @@ --- - hosts: primary + vars: + ansible_cfg: | + [defaults] + # Ensure that facts are referenced via ansible_facts.. + inject_facts_as_vars = False + + [ssh_connection] + pipelining = True + retries = 3 roles: - role: kayobe-diagnostics kayobe_diagnostics_phase: "pre" @@ -22,6 +31,11 @@ line: "export KAYOBE_EXTRA_ARGS=-vvv" regexp: "^#export KAYOBE_EXTRA_ARGS=$" + - name: Ensure ansible.cfg exists + copy: + content: "{{ ansible_cfg }}" + dest: "{{ kayobe_config_src_dir }}/etc/kayobe/ansible.cfg" + - block: - name: Ensure previous kayobe directory exists file: diff --git a/releasenotes/notes/ansible-facts-2b3389a2534d47a2.yaml b/releasenotes/notes/ansible-facts-2b3389a2534d47a2.yaml new file mode 100644 index 000000000..c07e1b10f --- /dev/null +++ b/releasenotes/notes/ansible-facts-2b3389a2534d47a2.yaml @@ -0,0 +1,10 @@ +--- +upgrade: + - | + Updates all references to Ansible facts within Kayobe from using + individual fact variables to using the items in the ``ansible_facts`` + dictionary. This allows users to disable `fact variable injection + `__ + in their Ansible configuration, which may provide some performance + improvement. Check for facts referenced in local configuration files, and + update to use ``ansible_facts`` before disabling fact variable injection. diff --git a/requirements.yml b/requirements.yml index 67d71410c..de29f1049 100644 --- a/requirements.yml +++ b/requirements.yml @@ -5,15 +5,15 @@ version: v1.0.1 - src: jriguera.configdrive # There are no versioned releases of this role. - version: 8438592c84585c86e62ae07e526d3da53629b377 + version: e12d38378ae127c9c61d170fa4ba4729f2c5f2ad - src: MichaelRigart.interfaces - version: v1.11.1 + version: v1.12.0 - src: mrlesmithjr.chrony - version: v0.1.0 + version: v0.1.1 - src: mrlesmithjr.manage-lvm - version: v0.1.4 + version: v0.2.2 - src: mrlesmithjr.mdadm - version: v0.1.0 + version: v0.1.1 - src: singleplatform-eng.users version: v1.2.5 - src: stackhpc.dell-powerconnect-switch @@ -23,24 +23,24 @@ - src: stackhpc.drac-facts version: 1.0.0 - src: stackhpc.grafana-conf - version: 1.1.0 + version: 1.1.1 - src: stackhpc.libvirt-host - version: v1.8.2 + version: v1.8.3 - src: stackhpc.libvirt-vm - version: v1.14.1 + version: v1.14.2 - src: stackhpc.luks - version: 0.4.0 + version: 0.4.1 - src: stackhpc.mellanox-switch version: v1.0.0 - src: stackhpc.os-images - version: v1.10.6 + version: v1.10.7 - src: stackhpc.os-ironic-state version: v1.3.1 - src: stackhpc.os-networks - version: v1.5.1 + version: v1.5.3 - src: stackhpc.os-openstackclient - version: v1.4.0 + version: v1.4.1 - src: stackhpc.os_openstacksdk - version: v1.0.0 -- src: yatesr.timezone - version: 1.2.0 + version: v1.0.1 +- src: stackhpc.timezone + version: 1.2.1