Enable Gnocchi role lifecycle var for Identity

Because Gnocchi depends on Swift to exist in the service catalog
and be available when using Swift storage, the Gnocchi role must be
run after the Swift service is installed. However the Swift service
benefits from the existence of the Gnocchi roles' identity artifacts
in Keystone when it is configured.

To work around this circular dependency, a special role lifecycle
var is introduced to limit the scope of execution of the Gnocchi
role to only creating the identity artifacts so that this role can
be executed quickly and safely before Swift is installed to allow
Swift to be properly configured, and again without that variable
set after Swift is installed to perform the standard install of
Gnocchi.

No release note or special documentation is provided since this is
still targeting the first release cycle of OpenStack-Ansible with
this role and no special documentation exists for the lifecycle vars
in other services (such as galera_server).

Change-Id: If4fa5c1c4401911057f99488694d74f5d83330a8

defaults/main.yml

@@ -13,6 +13,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+#: Special role execution lifecycles
+# Only create Gnocchi's identity entities in Keystone
+gnocchi_identity_only: False
+
 #: Enable for debug logging level
 debug: false
 

tasks/gnocchi_identity_setup.yml

@@ -0,0 +1,66 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Create the project if needed, assumed to be in default domain.
+# In many cases this will be present but under some circumstances the project
+# may be unique to Gnocchi, esp. when Swift is used for storage.
+- name: Ensure Gnocchi project
+  keystone:
+    command: ensure_project
+    project_name: "{{ gnocchi_service_project_name }}"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    description: "{{ gnocchi_service_project_description }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_project
+  until: add_project|success
+  retries: 5
+  delay: 10
+
+# Create an admin user
+- name: Ensure Gnocchi user
+  keystone:
+    command: "ensure_user"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    user_name: "{{ gnocchi_service_user_name }}"
+    tenant_name: "{{ gnocchi_service_project_name }}"
+    password: "{{ gnocchi_service_password }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_user
+  until: add_user|success
+  retries: 5
+  delay: 10
+
+# Add a role to the user
+- name: Ensure Gnocchi user maps to admin role
+  keystone:
+    command: "ensure_user_role"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    user_name: "{{ gnocchi_service_user_name }}"
+    tenant_name: "{{ gnocchi_service_project_name }}"
+    role_name: "{{ gnocchi_role_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: add_admin_role
+  until: add_admin_role|success
+  retries: 5
+  delay: 10

tasks/gnocchi_service_setup.yml

@@ -30,58 +30,6 @@
   retries: 5
   delay: 2
 
-# Create the project if needed, assumed to be in default domain.
-# In many cases this will be present but under some circumstances the project
-# may be unique to Gnocchi, esp. when Swift is used for storage.
-- name: Ensure Gnocchi project
-  keystone:
-    command: ensure_project
-    project_name: "{{ gnocchi_service_project_name }}"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    description: "{{ gnocchi_service_project_description }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_project
-  until: add_project|success
-  retries: 5
-  delay: 10
-
-# Create an admin user
-- name: Ensure Gnocchi user
-  keystone:
-    command: "ensure_user"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    user_name: "{{ gnocchi_service_user_name }}"
-    tenant_name: "{{ gnocchi_service_project_name }}"
-    password: "{{ gnocchi_service_password }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_user
-  until: add_user|success
-  retries: 5
-  delay: 10
-
-# Add a role to the user
-- name: Ensure Gnocchi user maps to admin role
-  keystone:
-    command: "ensure_user_role"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    user_name: "{{ gnocchi_service_user_name }}"
-    tenant_name: "{{ gnocchi_service_project_name }}"
-    role_name: "{{ gnocchi_role_name }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_admin_role
-  until: add_admin_role|success
-  retries: 5
-  delay: 10
-
 # Create an endpoint
 - name: Ensure Gnocchi endpoint
   keystone:

tasks/main.yml

@@ -37,41 +37,63 @@
     - always
 
 - include: gnocchi_pre_install.yml
+  when:
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
 
 - include: gnocchi_install.yml
+  when:
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
 
 - include: gnocchi_post_install.yml
+  when:
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
     - gnocchi-config
 
 - include: gnocchi_init.yml
+  when:
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
 
 - include: gnocchi_service_setup.yml
-  when: inventory_hostname == groups['gnocchi_all'][0]
+  when:
+    - inventory_hostname == groups['gnocchi_all'][0]
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
 
-# N.B. Must occur after service setup, as this may perform calls to Swift
+- include: gnocchi_identity_setup.yml
+  when:
+    - inventory_hostname == groups['gnocchi_all'][0]
+  tags:
+    - gnocchi-install
+
+# N.B. Must occur after identity setup, as this may perform calls to Swift
 - include: gnocchi_db_setup.yml
-  when: inventory_hostname == groups['gnocchi_all'][0]
+  when:
+    - inventory_hostname == groups['gnocchi_all'][0]
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
 
 - include: gnocchi_apache.yml
-  when: gnocchi_use_mod_wsgi | bool
+  when:
+    - gnocchi_use_mod_wsgi | bool
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
     - gnocchi-config
 
 - include: gnocchi_policy_setup.yml
-  when: inventory_hostname == groups['gnocchi_all'][0]
+  when:
+    - inventory_hostname == groups['gnocchi_all'][0]
+    - not gnocchi_identity_only | bool
   tags:
     - gnocchi-install
     - gnocchi-config