Use kolla_toolbox to execute REST methods

Delegate executing uri REST methods to the current module containers using kolla_toolbox. This will allow self signed certificate that are already copied into the container to be automatically validated. This circumvents requiring Kolla Ansible to explicitly disable certificate validation in the ansible uri module. Partially-Implements: blueprint custom-cacerts Change-Id: I2625db7b8000af980e4745734c834c5d9292290b
2019-12-30 10:41:43 -08:00
parent 511ba9f6a2
commit 88418cbaa9
6 changed files with 175 additions and 113 deletions
--- a/ansible/roles/elasticsearch/tasks/upgrade.yml
+++ b/ansible/roles/elasticsearch/tasks/upgrade.yml
@@ -2,7 +2,10 @@
 # The official procedure for upgrade elasticsearch:
 # https://www.elastic.co/guide/en/elasticsearch/reference/5.6/restart-upgrade.html
 - name: Disable shard allocation
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/_cluster/settings"
      method: PUT
      status_code: 200
@@ -13,7 +16,10 @@
  run_once: true

 - name: Perform a synced flush
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/_flush/synced"
      method: POST
      status_code: 200
--- a/ansible/roles/grafana/tasks/post_config.yml
+++ b/ansible/roles/grafana/tasks/post_config.yml
@@ -1,6 +1,9 @@
 ---
 - name: Wait for grafana application ready
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/login"
      status_code: 200
  register: result
@@ -10,7 +13,10 @@
  run_once: true

 - name: Enable grafana datasources
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/datasources"
      method: POST
      user: "{{ grafana_admin_username }}"
@@ -28,7 +34,10 @@
  when: item.value.enabled | bool

 - name: Disable Getting Started panel
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/user/helpflags/1"
      method: PUT
      user: "{{ grafana_admin_username }}"
--- a/ansible/roles/ironic/handlers/main.yml
+++ b/ansible/roles/ironic/handlers/main.yml
@@ -35,7 +35,10 @@
 # TODO(mgoddard): remove this task when
 # https://storyboard.openstack.org/#!/story/2006393 has been fixed.
 - name: Wait for ironic-api to be accessible
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ ironic_internal_endpoint }}"
  register: result
  until: result is success
--- a/ansible/roles/kibana/tasks/post_config.yml
+++ b/ansible/roles/kibana/tasks/post_config.yml
@@ -6,7 +6,10 @@
  run_once: true

 - name: Register the kibana index in elasticsearch
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana"
      method: PUT
      body: "{{ kibana_default_index_options | to_json }}"
@@ -21,7 +24,10 @@
  run_once: true

 - name: Wait for kibana to register in elasticsearch
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana"
      status_code: 200
  register: result
@@ -31,7 +37,10 @@
  run_once: true

 - name: Change kibana config to set index as defaultIndex
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/config/*"
      method: PUT
      body:
@@ -41,7 +50,10 @@
  run_once: true

 - name: Get kibana default indexes
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      headers:
        Content-Type: application/json
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana"
@@ -59,8 +71,11 @@
  connection: local

 - name: Add index pattern to kibana
-  uri:
-    url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/index-pattern/{{ kibana_default_index_pattern }}"  # noqa 204
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
+      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/index-pattern/{{ kibana_default_index_pattern }}"
      method: PUT
      body: "{{ kibana_default_index | to_json }}"
      body_format: json
--- a/ansible/roles/monasca/tasks/post_config.yml
+++ b/ansible/roles/monasca/tasks/post_config.yml
@@ -1,6 +1,9 @@
 ---
 - name: Wait for Monasca Grafana to load
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/login"
      status_code: 200
  register: result
@@ -14,7 +17,10 @@
    monasca_grafana_control_plane_org: "{{ monasca_control_plane_project }}@{{ default_project_domain_id }}"

 - name: List Monasca Grafana organisations
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      method: GET
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs"
      user: '{{ monasca_grafana_admin_username }}'
@@ -25,7 +31,10 @@
  register: monasca_grafana_orgs

 - name: Create default control plane organisation if it doesn't exist
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      method: POST
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs"
      user: '{{ monasca_grafana_admin_username }}'
@@ -38,7 +47,10 @@
  when: monasca_grafana_control_plane_org not in monasca_grafana_orgs.json|map(attribute='name')|unique

 - name: Lookup Monasca Grafana control plane organisation ID
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      method: GET
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/name/{{ monasca_grafana_control_plane_org }}"
      user: '{{ monasca_grafana_admin_username }}'
@@ -49,7 +61,10 @@
  register: monasca_grafana_conf_org

 - name: Add {{ monasca_grafana_admin_username }} user to control plane organisation
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      method: POST
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/{{ monasca_grafana_conf_org.json.id }}/users"
      user: '{{ monasca_grafana_admin_username }}'
@@ -67,7 +82,10 @@
               monasca_grafana_add_user_response.status == 409 and ("User is already" not in  monasca_grafana_add_user_response.json.message|default(""))

 - name: Switch Monasca Grafana to the control plane organisation
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      method: POST
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/user/using/{{ monasca_grafana_conf_org.json.id }}"
      user: '{{ monasca_grafana_admin_username }}'
@@ -76,7 +94,10 @@
  run_once: True

 - name: Enable Monasca Grafana datasource for control plane organisation
-  uri:
+  become: true
+  kolla_toolbox:
+    module_name: uri
+    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/datasources"
      method: POST
      user: "{{ monasca_grafana_admin_username }}"
--- a/releasenotes/notes/execute-rest-methods-inside-containers-ce2a1410dbdc71f3.yaml
+++ b/releasenotes/notes/execute-rest-methods-inside-containers-ce2a1410dbdc71f3.yaml
@@ -0,0 +1,8 @@
+---
+features:
+  - |
+    Delegate executing ansible uri REST methods to service containers using
+    kolla_toolbox. This will enable any certificates that are already copied
+    and extracted into the service container to be automatically validated.
+    This is particularly useful in the case that the certificate is either
+    self-signed or signed by a local (private) CA.