openstack/kolla-ansible
Code Issues Proposed changes

Optimize reconfiguration for keystone

Browse Source 
Partically-implements: blueprint better-reconfigure
Change-Id: Ieab308ea1ec90300e319db4e1bcf8bd0cfef7619
This commit is contained in:
Jeffrey Zhang 2016-12-09 11:32:30 +08:00
parent d37da2cfa9
commit 155ec962e3
9 changed files with 212 additions and 183 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
ansible/roles/keystone/defaults/main.yml
View File

@ -1,6 +1,39 @@
---
project_name: "keystone"
keystone_services:
keystone:
container_name: "keystone"
group: "keystone"
enabled: true
image: "{{ keystone_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}"
keystone-ssh:
container_name: "keystone_ssh"
group: "keystone"
enabled: "{{ keystone_token_provider == 'fernet' }}"
image: "{{ keystone_ssh_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
keystone-fernet:
container_name: "keystone_fernet"
group: "keystone"
enabled: "{{ keystone_token_provider == 'fernet' }}"
image: "{{ keystone_fernet_image_full }}"
volumes:
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
####################
# Database
####################

67
ansible/roles/keystone/handlers/main.yml Normal file
View File

@ -0,0 +1,67 @@
---
- name: Restart keystone container
vars:
service_name: "keystone"
service: "{{ keystone_services[service_name] }}"
config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
keystone_conf: "{{ keystone_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ keystone_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
keystone_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
- config_json.changed | bool
or keystone_conf.changed | bool
or keystone_domains.changed | bool
or policy_json.changed | bool
or keystone_wsgi.changed | bool
or keystone_paste_ini.changed | bool
or keystone_container.changed | bool
- name: Restart keystone-fernet container
vars:
service_name: "keystone-fernet"
service: "{{ keystone_services[service_name] }}"
config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
keystone_conf: "{{ keystone_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ keystone_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
keystone_fernet_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
- config_json.changed | bool
or keystone_conf.changed | bool
or policy_json.changed | bool
or keystone_fernet_confs.changed | bool
or keystone_fernet_container.changed | bool
- name: Restart keystone-ssh container
vars:
service_name: "keystone-ssh"
service: "{{ keystone_services[service_name] }}"
config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
keystone_ssh_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
common_options: "{{ docker_common_options }}"
name: "{{ service.container_name }}"
image: "{{ service.image }}"
volumes: "{{ service.volumes|reject('equalto', '')|list }}"
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
- config_json.changed | bool
or keystone_ssh_confs.changed | bool
or keystone_ssh_container.changed | bool

9
ansible/roles/keystone/tasks/bootstrap_service.yml
View File

@ -1,5 +1,7 @@
---
- name: Running Keystone bootstrap container
vars:
keystone: "{{ keystone_services.keystone }}"
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
@ -7,14 +9,11 @@
environment:
KOLLA_BOOTSTRAP:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
image: "{{ keystone_image_full }}"
image: "{{ keystone.image }}"
labels:
BOOTSTRAP:
name: "bootstrap_keystone"
restart_policy: "never"
volumes:
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
volumes: "{{ keystone.volumes|reject('equalto', '')|list }}"
run_once: True
delegate_to: "{{ groups['keystone'][0] }}"

125
ansible/roles/keystone/tasks/config.yml
View File

@ -9,36 +9,43 @@
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled
with_dict: "{{ keystone_services }}"
- name: Creating Keystone Domain directory
vars:
keystone: "{{ keystone_services.keystone }}"
file:
dest: "{{ node_config_directory }}/{{ item }}/domains/"
dest: "{{ node_config_directory }}/keystone/domains/"
state: "directory"
when:
keystone_domain_cfg.stat.exists
with_items:
- "keystone"
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- keystone_domain_cfg.stat.exists
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
register: keystone_config_jsons
with_dict: "{{ keystone_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled
notify:
- Restart keystone container
- Restart keystone-ssh container
- Restart keystone-fernet container
- name: Copying over keystone.conf
merge_configs:
vars:
service_name: "{{ item }}"
service_name: "{{ item.key }}"
sources:
- "{{ role_path }}/templates/keystone.conf.j2"
- "{{ node_custom_config }}/global.conf"
@ -47,45 +54,78 @@
- "{{ node_custom_config }}/keystone.conf"
- "{{ node_custom_config }}/keystone/{{ item }}.conf"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
dest: "{{ node_config_directory }}/{{ item }}/keystone.conf"
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf"
register: keystone_confs
with_dict: "{{ keystone_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.key in [ "keystone", "keystone-fernet" ]
- item.value.enabled | bool
notify:
- Restart keystone container
- Restart keystone-fernet container
- name: Copying Keystone Domain specific settings
vars:
keystone: "{{ keystone_services.keystone }}"
copy:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/domains/"
register: keystone_domains
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
with_fileglob:
- "{{ node_custom_config }}/keystone/domains/*"
notify:
- Restart keystone container
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/keystone/policy.json"
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
with_items:
- "keystone"
- "keystone-fernet"
register: keystone_policy_jsons
when:
keystone_policy.stat.exists
- inventory_hostname in groups[item.value.group]
- item.key in [ "keystone", "keystone-fernet" ]
- item.value.enabled | bool
- keystone_policy.stat.exists
with_dict: "{{ keystone_services }}"
notify:
- Restart keystone containers
- name: Copying over wsgi-keystone.conf
vars:
keystone: "{{ keystone_services.keystone }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
register: keystone_wsgi
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
with_first_found:
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
- "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
- "wsgi-keystone.conf.j2"
notify:
- Restart keystone container
- name: Copying over keystone-paste.ini
vars:
keystone: "{{ keystone_services.keystone }}"
merge_configs:
sources:
- "{{ role_path }}/templates/keystone-paste.ini.j2"
- "{{ node_custom_config }}/keystone/keystone-paste.ini"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone-paste.ini"
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
register: keystone_paste_ini
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
notify:
- Restart keystone container
- name: Generate the required cron jobs for the node
local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}"
@ -98,22 +138,53 @@
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-fernet
vars:
keystone_fernet: "{{ keystone_services['keystone-fernet'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
register: keystone_fernet_confs
with_items:
- { src: "crontab.j2", dest: "crontab" }
- { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
- { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
- { src: "id_rsa", dest: "id_rsa" }
- { src: "ssh_config.j2", dest: "ssh_config" }
when: keystone_token_provider == 'fernet'
when:
- inventory_hostname in groups[keystone_fernet.group]
- keystone_fernet.enabled | bool
notify:
- Restart keystone-fernet container
- name: Copying files for keystone-ssh
vars:
keystone_ssh: "{{ keystone_services['keystone-ssh'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
register: keystone_ssh_confs
with_items:
- { src: "sshd_config.j2", dest: "sshd_config" }
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
when: keystone_token_provider == 'fernet'
when:
- inventory_hostname in groups[keystone_ssh.group]
- keystone_ssh.enabled | bool
notify:
- Restart keystone-ssh container
- name: Check keystone containers
kolla_docker:
action: "compare_container"
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
volumes: "{{ item.value.volumes|reject('equalto', '')|list }}"
when:
- action != 'genconfig'
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
register: check_keystone_containers
with_dict: "{{ keystone_services }}"
notify:
- Restart keystone container
- Restart keystone-ssh container
- Restart keystone-fernet container

4
ansible/roles/keystone/tasks/deploy.yml
View File

@ -5,8 +5,8 @@
- include: bootstrap.yml
when: inventory_hostname in groups['keystone']
- include: start.yml
when: inventory_hostname in groups['keystone']
- name: Flush handlers
meta: flush_handlers
- include: init_fernet.yml
when:

25
ansible/roles/keystone/tasks/pull.yml
View File

@ -1,25 +1,10 @@
---
- name: Pulling keystone image
- name: Pulling keystone images
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ keystone_image_full }}"
when: inventory_hostname in groups['keystone']
- name: Pulling keystone_fernet image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ keystone_fernet_image_full }}"
image: "{{ item.image }}"
when:
- inventory_hostname in groups['keystone']
- keystone_token_provider == 'fernet'
- name: Pulling keystone_ssh image
kolla_docker:
action: "pull_image"
common_options: "{{ docker_common_options }}"
image: "{{ keystone_ssh_image_full }}"
when:
- inventory_hostname in groups['keystone']
- keystone_token_provider == 'fernet'
- inventory_hostname in groups[image.group]
- image.enabled | bool
with_dict: "{{ keystone_services }}"

79
ansible/roles/keystone/tasks/reconfigure.yml
View File

@ -1,79 +0,0 @@
---
- name: Set variable for keystone components used in reconfigure
set_fact:
keystone_items:
- { name: keystone, group: keystone }
- name: Create fernet related components for variable if fernet is enabled
set_fact:
keystone_fernet_items:
- { name: keystone_fernet, group: keystone }
- { name: keystone_ssh, group: keystone }
when: keystone_token_provider == 'fernet'
- name: Merge fernet related components to variable if fernet is enabled
set_fact:
keystone_items: "{{ keystone_items + keystone_fernet_items }}"
when: keystone_token_provider == 'fernet'
- name: Ensuring the containers up
kolla_docker:
name: "{{ item.name }}"
action: "get_container_state"
register: container_state
failed_when: container_state.Running == false
when: inventory_hostname in groups[item.group]
with_items: "{{ keystone_items }}"
- include: config.yml
- name: Check the configs
command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check
changed_when: false
failed_when: false
register: check_results
when: inventory_hostname in groups[item.group]
with_items: "{{ keystone_items }}"
# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS'
# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE',
# just remove the container and start again
- name: Containers config strategy
kolla_docker:
name: "{{ item.name }}"
action: "get_container_env"
register: container_envs
when: inventory_hostname in groups[item.group]
with_items: "{{ keystone_items }}"
- name: Remove the containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "remove_container"
register: remove_containers
when:
- config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE'
- item[2]['rc'] == 1
- inventory_hostname in groups[item[0]['group']]
with_together:
- "{{ keystone_items }}"
- "{{ container_envs.results }}"
- "{{ check_results.results }}"
- include: start.yml
when: remove_containers.changed
- name: Restart containers
kolla_docker:
name: "{{ item[0]['name'] }}"
action: "restart_container"
when:
- config_strategy == 'COPY_ALWAYS'
- item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE'
- item[2]['rc'] == 1
- inventory_hostname in groups[item[0]['group']]
with_together:
- "{{ keystone_items }}"
- "{{ container_envs.results }}"
- "{{ check_results.results }}"

1
ansible/roles/keystone/tasks/reconfigure.yml Symbolic link
View File

@ -0,0 +1 @@
deploy.yml

49
ansible/roles/keystone/tasks/start.yml
View File

@ -1,49 +0,0 @@
---
- name: Set variable for initial keystone volumes
set_fact:
keystone_volumes:
- "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- name: Add fernet volume to keystone volumes variable if fernet enabled
set_fact:
keystone_volumes: "{{ keystone_volumes + [\"keystone_fernet_tokens:/etc/keystone/fernet-keys\"] }}"
when: keystone_token_provider == 'fernet'
- name: Starting keystone container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ keystone_image_full }}"
name: "keystone"
volumes: "{{ keystone_volumes }}"
- name: Wait for keystone startup
wait_for: host={{ kolla_internal_fqdn }} port={{ keystone_admin_port }}
- name: Starting keystone-ssh container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ keystone_ssh_image_full }}"
name: "keystone_ssh"
volumes:
- "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
when: keystone_token_provider == 'fernet'
- name: Starting keystone-fernet container
kolla_docker:
action: "start_container"
common_options: "{{ docker_common_options }}"
image: "{{ keystone_fernet_image_full }}"
name: "keystone_fernet"
volumes:
- "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro"
- "/etc/localtime:/etc/localtime:ro"
- "kolla_logs:/var/log/kolla/"
- "keystone_fernet_tokens:/etc/keystone/fernet-keys"
when: keystone_token_provider == 'fernet'

3
ansible/roles/keystone/tasks/upgrade.yml
View File

@ -3,4 +3,5 @@
- include: bootstrap_service.yml
- include: start.yml
- name: Flush handlers
meta: flush_handlers