From 155ec962e30cca1b67431665c664cedfcb151fc3 Mon Sep 17 00:00:00 2001 From: Jeffrey Zhang Date: Fri, 9 Dec 2016 11:32:30 +0800 Subject: [PATCH] Optimize reconfiguration for keystone Partically-implements: blueprint better-reconfigure Change-Id: Ieab308ea1ec90300e319db4e1bcf8bd0cfef7619 --- ansible/roles/keystone/defaults/main.yml | 33 +++++ ansible/roles/keystone/handlers/main.yml | 67 ++++++++++ .../keystone/tasks/bootstrap_service.yml | 9 +- ansible/roles/keystone/tasks/config.yml | 125 ++++++++++++++---- ansible/roles/keystone/tasks/deploy.yml | 4 +- ansible/roles/keystone/tasks/pull.yml | 25 +--- ansible/roles/keystone/tasks/reconfigure.yml | 80 +---------- ansible/roles/keystone/tasks/start.yml | 49 ------- ansible/roles/keystone/tasks/upgrade.yml | 3 +- 9 files changed, 212 insertions(+), 183 deletions(-) create mode 100644 ansible/roles/keystone/handlers/main.yml mode change 100644 => 120000 ansible/roles/keystone/tasks/reconfigure.yml delete mode 100644 ansible/roles/keystone/tasks/start.yml diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index 0fda77a9ae..703f9676fb 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -1,6 +1,39 @@ --- project_name: "keystone" +keystone_services: + keystone: + container_name: "keystone" + group: "keystone" + enabled: true + image: "{{ keystone_image_full }}" + volumes: + - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + - "{% if keystone_token_provider == 'fernet' %}keystone_fernet_tokens:/etc/keystone/fernet-keys{% endif %}" + keystone-ssh: + container_name: "keystone_ssh" + group: "keystone" + enabled: "{{ keystone_token_provider == 'fernet' }}" + image: "{{ keystone_ssh_image_full }}" + volumes: + - "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + - "keystone_fernet_tokens:/etc/keystone/fernet-keys" + keystone-fernet: + container_name: "keystone_fernet" + group: "keystone" + enabled: "{{ keystone_token_provider == 'fernet' }}" + image: "{{ keystone_fernet_image_full }}" + volumes: + - "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro" + - "/etc/localtime:/etc/localtime:ro" + - "kolla_logs:/var/log/kolla/" + - "keystone_fernet_tokens:/etc/keystone/fernet-keys" + + #################### # Database #################### diff --git a/ansible/roles/keystone/handlers/main.yml b/ansible/roles/keystone/handlers/main.yml new file mode 100644 index 0000000000..59b9168548 --- /dev/null +++ b/ansible/roles/keystone/handlers/main.yml @@ -0,0 +1,67 @@ +--- +- name: Restart keystone container + vars: + service_name: "keystone" + service: "{{ keystone_services[service_name] }}" + config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + keystone_conf: "{{ keystone_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_json: "{{ keystone_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + keystone_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes|reject('equalto', '')|list }}" + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or keystone_conf.changed | bool + or keystone_domains.changed | bool + or policy_json.changed | bool + or keystone_wsgi.changed | bool + or keystone_paste_ini.changed | bool + or keystone_container.changed | bool + +- name: Restart keystone-fernet container + vars: + service_name: "keystone-fernet" + service: "{{ keystone_services[service_name] }}" + config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + keystone_conf: "{{ keystone_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_json: "{{ keystone_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + keystone_fernet_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes|reject('equalto', '')|list }}" + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or keystone_conf.changed | bool + or policy_json.changed | bool + or keystone_fernet_confs.changed | bool + or keystone_fernet_container.changed | bool + +- name: Restart keystone-ssh container + vars: + service_name: "keystone-ssh" + service: "{{ keystone_services[service_name] }}" + config_json: "{{ keystone_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + keystone_ssh_container: "{{ check_keystone_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" + kolla_docker: + action: "recreate_or_restart_container" + common_options: "{{ docker_common_options }}" + name: "{{ service.container_name }}" + image: "{{ service.image }}" + volumes: "{{ service.volumes|reject('equalto', '')|list }}" + when: + - inventory_hostname in groups[service.group] + - service.enabled | bool + - config_json.changed | bool + or keystone_ssh_confs.changed | bool + or keystone_ssh_container.changed | bool diff --git a/ansible/roles/keystone/tasks/bootstrap_service.yml b/ansible/roles/keystone/tasks/bootstrap_service.yml index cce78e7ced..f04cb0e52a 100644 --- a/ansible/roles/keystone/tasks/bootstrap_service.yml +++ b/ansible/roles/keystone/tasks/bootstrap_service.yml @@ -1,5 +1,7 @@ --- - name: Running Keystone bootstrap container + vars: + keystone: "{{ keystone_services.keystone }}" kolla_docker: action: "start_container" common_options: "{{ docker_common_options }}" @@ -7,14 +9,11 @@ environment: KOLLA_BOOTSTRAP: KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" - image: "{{ keystone_image_full }}" + image: "{{ keystone.image }}" labels: BOOTSTRAP: name: "bootstrap_keystone" restart_policy: "never" - volumes: - - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "kolla_logs:/var/log/kolla/" + volumes: "{{ keystone.volumes|reject('equalto', '')|list }}" run_once: True delegate_to: "{{ groups['keystone'][0] }}" diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml index 204f1bbb56..b77f654e8a 100644 --- a/ansible/roles/keystone/tasks/config.yml +++ b/ansible/roles/keystone/tasks/config.yml @@ -9,36 +9,43 @@ - name: Ensuring config directories exist file: - path: "{{ node_config_directory }}/{{ item }}" + path: "{{ node_config_directory }}/{{ item.key }}" state: "directory" recurse: yes - with_items: - - "keystone" - - "keystone-fernet" - - "keystone-ssh" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled + with_dict: "{{ keystone_services }}" - name: Creating Keystone Domain directory + vars: + keystone: "{{ keystone_services.keystone }}" file: - dest: "{{ node_config_directory }}/{{ item }}/domains/" + dest: "{{ node_config_directory }}/keystone/domains/" state: "directory" when: - keystone_domain_cfg.stat.exists - with_items: - - "keystone" + - inventory_hostname in groups[keystone.group] + - keystone.enabled | bool + - keystone_domain_cfg.stat.exists - name: Copying over config.json files for services template: - src: "{{ item }}.json.j2" - dest: "{{ node_config_directory }}/{{ item }}/config.json" - with_items: - - "keystone" - - "keystone-fernet" - - "keystone-ssh" + src: "{{ item.key }}.json.j2" + dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + register: keystone_config_jsons + with_dict: "{{ keystone_services }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.enabled + notify: + - Restart keystone container + - Restart keystone-ssh container + - Restart keystone-fernet container - name: Copying over keystone.conf merge_configs: vars: - service_name: "{{ item }}" + service_name: "{{ item.key }}" sources: - "{{ role_path }}/templates/keystone.conf.j2" - "{{ node_custom_config }}/global.conf" @@ -47,45 +54,78 @@ - "{{ node_custom_config }}/keystone.conf" - "{{ node_custom_config }}/keystone/{{ item }}.conf" - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf" - dest: "{{ node_config_directory }}/{{ item }}/keystone.conf" - with_items: - - "keystone" - - "keystone-fernet" - - "keystone-ssh" + dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf" + register: keystone_confs + with_dict: "{{ keystone_services }}" + when: + - inventory_hostname in groups[item.value.group] + - item.key in [ "keystone", "keystone-fernet" ] + - item.value.enabled | bool + notify: + - Restart keystone container + - Restart keystone-fernet container - name: Copying Keystone Domain specific settings + vars: + keystone: "{{ keystone_services.keystone }}" copy: src: "{{ item }}" dest: "{{ node_config_directory }}/keystone/domains/" + register: keystone_domains + when: + - inventory_hostname in groups[keystone.group] + - keystone.enabled | bool with_fileglob: - "{{ node_custom_config }}/keystone/domains/*" + notify: + - Restart keystone container - name: Copying over existing policy.json template: src: "{{ node_custom_config }}/keystone/policy.json" dest: "{{ node_config_directory }}/{{ item }}/policy.json" - with_items: - - "keystone" - - "keystone-fernet" + register: keystone_policy_jsons when: - keystone_policy.stat.exists + - inventory_hostname in groups[item.value.group] + - item.key in [ "keystone", "keystone-fernet" ] + - item.value.enabled | bool + - keystone_policy.stat.exists + with_dict: "{{ keystone_services }}" + notify: + - Restart keystone containers - name: Copying over wsgi-keystone.conf + vars: + keystone: "{{ keystone_services.keystone }}" template: src: "{{ item }}" dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf" + register: keystone_wsgi + when: + - inventory_hostname in groups[keystone.group] + - keystone.enabled | bool with_first_found: - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf" - "{{ node_custom_config }}/keystone/wsgi-keystone.conf" - "wsgi-keystone.conf.j2" + notify: + - Restart keystone container - name: Copying over keystone-paste.ini + vars: + keystone: "{{ keystone_services.keystone }}" merge_configs: sources: - "{{ role_path }}/templates/keystone-paste.ini.j2" - "{{ node_custom_config }}/keystone/keystone-paste.ini" - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone-paste.ini" dest: "{{ node_config_directory }}/keystone/keystone-paste.ini" + register: keystone_paste_ini + when: + - inventory_hostname in groups[keystone.group] + - keystone.enabled | bool + notify: + - Restart keystone container - name: Generate the required cron jobs for the node local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}" @@ -98,22 +138,53 @@ when: keystone_token_provider == 'fernet' - name: Copying files for keystone-fernet + vars: + keystone_fernet: "{{ keystone_services['keystone-fernet'] }}" template: src: "{{ item.src }}" dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}" + register: keystone_fernet_confs with_items: - { src: "crontab.j2", dest: "crontab" } - { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" } - { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" } - { src: "id_rsa", dest: "id_rsa" } - { src: "ssh_config.j2", dest: "ssh_config" } - when: keystone_token_provider == 'fernet' + when: + - inventory_hostname in groups[keystone_fernet.group] + - keystone_fernet.enabled | bool + notify: + - Restart keystone-fernet container - name: Copying files for keystone-ssh + vars: + keystone_ssh: "{{ keystone_services['keystone-ssh'] }}" template: src: "{{ item.src }}" dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}" + register: keystone_ssh_confs with_items: - { src: "sshd_config.j2", dest: "sshd_config" } - { src: "id_rsa.pub", dest: "id_rsa.pub" } - when: keystone_token_provider == 'fernet' + when: + - inventory_hostname in groups[keystone_ssh.group] + - keystone_ssh.enabled | bool + notify: + - Restart keystone-ssh container + +- name: Check keystone containers + kolla_docker: + action: "compare_container" + name: "{{ item.value.container_name }}" + image: "{{ item.value.image }}" + volumes: "{{ item.value.volumes|reject('equalto', '')|list }}" + when: + - action != 'genconfig' + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + register: check_keystone_containers + with_dict: "{{ keystone_services }}" + notify: + - Restart keystone container + - Restart keystone-ssh container + - Restart keystone-fernet container diff --git a/ansible/roles/keystone/tasks/deploy.yml b/ansible/roles/keystone/tasks/deploy.yml index 9ccf17b9a7..95151c5dde 100644 --- a/ansible/roles/keystone/tasks/deploy.yml +++ b/ansible/roles/keystone/tasks/deploy.yml @@ -5,8 +5,8 @@ - include: bootstrap.yml when: inventory_hostname in groups['keystone'] -- include: start.yml - when: inventory_hostname in groups['keystone'] +- name: Flush handlers + meta: flush_handlers - include: init_fernet.yml when: diff --git a/ansible/roles/keystone/tasks/pull.yml b/ansible/roles/keystone/tasks/pull.yml index c9152b1486..3c6c232d71 100644 --- a/ansible/roles/keystone/tasks/pull.yml +++ b/ansible/roles/keystone/tasks/pull.yml @@ -1,25 +1,10 @@ --- -- name: Pulling keystone image +- name: Pulling keystone images kolla_docker: action: "pull_image" common_options: "{{ docker_common_options }}" - image: "{{ keystone_image_full }}" - when: inventory_hostname in groups['keystone'] - -- name: Pulling keystone_fernet image - kolla_docker: - action: "pull_image" - common_options: "{{ docker_common_options }}" - image: "{{ keystone_fernet_image_full }}" + image: "{{ item.image }}" when: - - inventory_hostname in groups['keystone'] - - keystone_token_provider == 'fernet' - -- name: Pulling keystone_ssh image - kolla_docker: - action: "pull_image" - common_options: "{{ docker_common_options }}" - image: "{{ keystone_ssh_image_full }}" - when: - - inventory_hostname in groups['keystone'] - - keystone_token_provider == 'fernet' + - inventory_hostname in groups[image.group] + - image.enabled | bool + with_dict: "{{ keystone_services }}" diff --git a/ansible/roles/keystone/tasks/reconfigure.yml b/ansible/roles/keystone/tasks/reconfigure.yml deleted file mode 100644 index 6ef22ad9ff..0000000000 --- a/ansible/roles/keystone/tasks/reconfigure.yml +++ /dev/null @@ -1,79 +0,0 @@ ---- -- name: Set variable for keystone components used in reconfigure - set_fact: - keystone_items: - - { name: keystone, group: keystone } - -- name: Create fernet related components for variable if fernet is enabled - set_fact: - keystone_fernet_items: - - { name: keystone_fernet, group: keystone } - - { name: keystone_ssh, group: keystone } - when: keystone_token_provider == 'fernet' - -- name: Merge fernet related components to variable if fernet is enabled - set_fact: - keystone_items: "{{ keystone_items + keystone_fernet_items }}" - when: keystone_token_provider == 'fernet' - -- name: Ensuring the containers up - kolla_docker: - name: "{{ item.name }}" - action: "get_container_state" - register: container_state - failed_when: container_state.Running == false - when: inventory_hostname in groups[item.group] - with_items: "{{ keystone_items }}" - -- include: config.yml - -- name: Check the configs - command: docker exec {{ item.name }} /usr/local/bin/kolla_set_configs --check - changed_when: false - failed_when: false - register: check_results - when: inventory_hostname in groups[item.group] - with_items: "{{ keystone_items }}" - -# NOTE(jeffrey4l): when config_strategy == 'COPY_ALWAYS' -# and container env['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE', -# just remove the container and start again -- name: Containers config strategy - kolla_docker: - name: "{{ item.name }}" - action: "get_container_env" - register: container_envs - when: inventory_hostname in groups[item.group] - with_items: "{{ keystone_items }}" - - -- name: Remove the containers - kolla_docker: - name: "{{ item[0]['name'] }}" - action: "remove_container" - register: remove_containers - when: - - config_strategy == "COPY_ONCE" or item[1]['KOLLA_CONFIG_STRATEGY'] == 'COPY_ONCE' - - item[2]['rc'] == 1 - - inventory_hostname in groups[item[0]['group']] - with_together: - - "{{ keystone_items }}" - - "{{ container_envs.results }}" - - "{{ check_results.results }}" - -- include: start.yml - when: remove_containers.changed - -- name: Restart containers - kolla_docker: - name: "{{ item[0]['name'] }}" - action: "restart_container" - when: - - config_strategy == 'COPY_ALWAYS' - - item[1]['KOLLA_CONFIG_STRATEGY'] != 'COPY_ONCE' - - item[2]['rc'] == 1 - - inventory_hostname in groups[item[0]['group']] - with_together: - - "{{ keystone_items }}" - - "{{ container_envs.results }}" - - "{{ check_results.results }}" diff --git a/ansible/roles/keystone/tasks/reconfigure.yml b/ansible/roles/keystone/tasks/reconfigure.yml new file mode 120000 index 0000000000..0412f92200 --- /dev/null +++ b/ansible/roles/keystone/tasks/reconfigure.yml @@ -0,0 +1 @@ +deploy.yml \ No newline at end of file diff --git a/ansible/roles/keystone/tasks/start.yml b/ansible/roles/keystone/tasks/start.yml deleted file mode 100644 index 382a0d1e69..0000000000 --- a/ansible/roles/keystone/tasks/start.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- name: Set variable for initial keystone volumes - set_fact: - keystone_volumes: - - "{{ node_config_directory }}/keystone/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "kolla_logs:/var/log/kolla/" - -- name: Add fernet volume to keystone volumes variable if fernet enabled - set_fact: - keystone_volumes: "{{ keystone_volumes + [\"keystone_fernet_tokens:/etc/keystone/fernet-keys\"] }}" - when: keystone_token_provider == 'fernet' - -- name: Starting keystone container - kolla_docker: - action: "start_container" - common_options: "{{ docker_common_options }}" - image: "{{ keystone_image_full }}" - name: "keystone" - volumes: "{{ keystone_volumes }}" - -- name: Wait for keystone startup - wait_for: host={{ kolla_internal_fqdn }} port={{ keystone_admin_port }} - -- name: Starting keystone-ssh container - kolla_docker: - action: "start_container" - common_options: "{{ docker_common_options }}" - image: "{{ keystone_ssh_image_full }}" - name: "keystone_ssh" - volumes: - - "{{ node_config_directory }}/keystone-ssh/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "kolla_logs:/var/log/kolla/" - - "keystone_fernet_tokens:/etc/keystone/fernet-keys" - when: keystone_token_provider == 'fernet' - -- name: Starting keystone-fernet container - kolla_docker: - action: "start_container" - common_options: "{{ docker_common_options }}" - image: "{{ keystone_fernet_image_full }}" - name: "keystone_fernet" - volumes: - - "{{ node_config_directory }}/keystone-fernet/:{{ container_config_directory }}/:ro" - - "/etc/localtime:/etc/localtime:ro" - - "kolla_logs:/var/log/kolla/" - - "keystone_fernet_tokens:/etc/keystone/fernet-keys" - when: keystone_token_provider == 'fernet' diff --git a/ansible/roles/keystone/tasks/upgrade.yml b/ansible/roles/keystone/tasks/upgrade.yml index 308053080c..c38db1adf4 100644 --- a/ansible/roles/keystone/tasks/upgrade.yml +++ b/ansible/roles/keystone/tasks/upgrade.yml @@ -3,4 +3,5 @@ - include: bootstrap_service.yml -- include: start.yml +- name: Flush handlers + meta: flush_handlers