Add support for using distribution packages for OpenStack services

Distributions provide packages for the OpenStack services so we add support for using these instead of the pip ones. Depends-On: I5a78e2120e596d36629b4ba978b2b5df76b149b0 Depends-On: Ib64dcbc960df7d369d202ce8cf7bdc29b3ee0e0a Depends-On: Id9dd2dea146709414ab9ce8d439f1587e6776fd4 Depends-On: I2ba89e25c0010c9a5b515a3d0c9c731b30876e74 Depends-On: I0442b0aa94c3d0882d1118ad0c824d123bd21c88 Change-Id: I26848678dd07a409ef3e159cffb4ba6f0a228ab4 Implements: blueprint openstack-distribution-packages
2018-04-10 10:19:26 +01:00 · 2018-04-10 10:19:26 +01:00 · 1460a23423
parent 473e2d3629
commit 1460a23423
14 changed files with 264 additions and 141 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -21,6 +21,9 @@ debug: False
 keystone_package_state: "latest"
 keystone_pip_package_state: "latest"

+# Set installation method.
+keystone_install_method: "source"
+
 # Role standard API override this option in the OS variable files
 keystone_shibboleth_repo: {}

@ -35,7 +38,7 @@ keystone_developer_constraints:

 # Name of the virtual env to deploy into
 keystone_venv_tag: untagged
-keystone_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin"
+keystone_bin: "{{ _keystone_bin }}"

 # venv_download, even when true, will use the fallback method of building the
 # venv from scratch if the venv download fails.
@ -467,11 +470,11 @@ keystone_services:
  keystone-wsgi-public:
    service_name: "keystone-wsgi-public"
    init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
-    execstarts: "{{ keystone_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-public.ini"
+    execstarts: "{{ keystone_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-public.ini"
  keystone-wsgi-admin:
    service_name: "keystone-wsgi-admin"
    init_config_overrides: "{{ keystone_uwsgi_init_overrides }}"
-    execstarts: "{{ keystone_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-admin.ini"
+    execstarts: "{{ keystone_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-admin.ini"

 ## Extra HTTP headers for Keystone
 # Add any additional headers here that Keystone should return.
--- a/releasenotes/notes/openstack-distribution-packages-d42a426bb57f76b1.yaml
+++ b/releasenotes/notes/openstack-distribution-packages-d42a426bb57f76b1.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    The role now supports using the distribution packages for the OpenStack
+    services instead of the pip ones. This feature is disabled by default
+    and can be enabled by simply setting the ``keystone_install_method``
+    variable to ``distro``.
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@ -81,114 +81,34 @@
    - Manage LB
    - Restart web server

- name: Create developer mode constraint file
-  copy:
-    dest: "/opt/developer-pip-constraints.txt"
-    content: |
-      {% for item in keystone_developer_constraints %}
-      {{ item }}
-      {% endfor %}
-  when: keystone_developer_mode | bool
+- name: Install keystone packages from PIP
+  include_tasks: keystone_install_source.yml
+  when: keystone_install_method == 'source'

- name: Install required pip packages
-  pip:
-    name: "{{ keystone_requires_pip_packages }}"
-    state: "{{ keystone_pip_package_state }}"
-    extra_args: >-
-      {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-      {{ pip_install_options | default('') }}
-  register: install_packages
-  until: install_packages|success
-  retries: 5
-  delay: 2
-
- name: Retrieve checksum for venv download
-  uri:
-    url: "{{ keystone_venv_download_url | replace('tgz', 'checksum') }}"
-    return_content: yes
-  register: keystone_venv_checksum
-  when: keystone_venv_download | bool
-
- name: Attempt venv download
-  get_url:
-    url: "{{ keystone_venv_download_url }}"
-    dest: "/var/cache/{{ keystone_venv_download_url | basename }}"
-    checksum: "sha1:{{ keystone_venv_checksum.content | trim }}"
-  register: keystone_get_venv
-  when: keystone_venv_download | bool
-
- name: Remove existing venv
-  file:
-    path: "{{ keystone_bin | dirname }}"
-    state: absent
-  when: keystone_get_venv | changed
-
- name: Create keystone venv dir
-  file:
-    path: "{{ keystone_bin | dirname }}"
-    state: directory
-  register: keystone_venv_dir
-  when: keystone_get_venv | changed
-
- name: Unarchive pre-built venv
-  unarchive:
-    src: "/var/cache/{{ keystone_venv_download_url | basename }}"
-    dest: "{{ keystone_bin | dirname }}"
-    copy: "no"
-  when: keystone_get_venv | changed
-  notify:
-    - Manage LB
-    - Restart uWSGI
-    - Restart web server
-
- name: Install pip packages
-  pip:
-    name: "{{ keystone_pip_packages }}"
-    state: "{{ keystone_pip_package_state }}"
-    virtualenv: "{{ keystone_bin | dirname }}"
-    virtualenv_site_packages: "no"
-    extra_args: >-
-      {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-      {{ pip_install_options | default('') }}
-  register: install_packages
-  until: install_packages|success
-  retries: 5
-  delay: 2
-  when: keystone_get_venv | failed or keystone_get_venv | skipped
-  notify:
-    - Manage LB
-    - Restart uWSGI
-    - Restart web server
-
- name: Remove python from path first (CentOS, openSUSE)
-  file:
-    path:  "{{ keystone_bin | dirname }}/bin/python2.7"
-    state: "absent"
-  when:
-    - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
-    - keystone_get_venv | changed
-
-# NOTE(odyssey4me):
-# We reinitialize the venv to ensure that the right
-# version of python is in the venv, but we do not
-# want virtualenv to also replace pip, setuptools
-# and wheel so we tell it not to.
-# We do not use --always-copy for CentOS/SuSE due
-# to https://github.com/pypa/virtualenv/issues/565
- name: Reset virtualenv and update its paths
-  shell: |
-    find {{ keystone_bin }} -name \*.pyc -delete
-    sed -si '1s/^.*python.*$/#!{{ keystone_bin | replace ('/','\/') }}\/python/' {{ keystone_bin }}/*
-    virtualenv {{ keystone_bin | dirname }} \
-        {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \
-        --no-pip \
-        --no-setuptools \
-        --no-wheel
-  when: keystone_get_venv | changed
-  tags:
-    - skip_ansible_lint
+- name: Initialise the upgrade facts
+  ini_file:
+    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
+    section: keystone
+    option: "{{ item.name }}"
+    value: "{{ item.state }}"
+  with_items:
+    - name: "need_db_expand"
+      state: "True"
+    - name: "need_db_migrate"
+      state: "True"
+    - name: "need_db_contract"
+      state: "True"
+    - name: "install_method"
+      state: "{{ keystone_install_method }}"
+  when: (keystone_install_method == 'source' and
+        (keystone_get_venv | changed or keystone_venv_dir | changed)) or
+        (install_packages | changed) or
+        (ansible_local is not defined) or
+        ('openstack_ansible' not in ansible_local) or
+        ('keystone' not in ansible_local['openstack_ansible']) or
+        ('need_db_expand' not in ansible_local['openstack_ansible']['keystone']) or
+        ('need_db_migrate' not in ansible_local['openstack_ansible']['keystone']) or
+        ('need_db_contract' not in ansible_local['openstack_ansible']['keystone'])

 - name: Create WSGI symlinks
  file:
@ -204,33 +124,3 @@
  notify:
    - Manage LB
    - Restart web server
-
- name: Initialise the upgrade facts
-  ini_file:
-    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
-    section: keystone
-    option: "{{ item.name }}"
-    value: "{{ item.state }}"
-  with_items:
-    - name: "need_db_expand"
-      state: "True"
-    - name: "need_db_migrate"
-      state: "True"
-    - name: "need_db_contract"
-      state: "True"
-  when: (keystone_get_venv | changed) or
-        (keystone_venv_dir | changed) or
-        (install_packages | changed) or
-        (ansible_local is not defined) or
-        ('openstack_ansible' not in ansible_local) or
-        ('keystone' not in ansible_local['openstack_ansible']) or
-        ('need_db_expand' not in ansible_local['openstack_ansible']['keystone']) or
-        ('need_db_migrate' not in ansible_local['openstack_ansible']['keystone']) or
-        ('need_db_contract' not in ansible_local['openstack_ansible']['keystone'])
-
- name: Record the venv tag deployed
-  ini_file:
-    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
-    section: keystone
-    option: venv_tag
-    value: "{{ keystone_venv_tag }}"
--- a/tasks/keystone_install_source.yml
+++ b/tasks/keystone_install_source.yml
@ -0,0 +1,130 @@
+---
+# Copyright 2014, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create developer mode constraint file
+  copy:
+    dest: "/opt/developer-pip-constraints.txt"
+    content: |
+      {% for item in keystone_developer_constraints %}
+      {{ item }}
+      {% endfor %}
+  when: keystone_developer_mode | bool
+
+- name: Install required pip packages
+  pip:
+    name: "{{ keystone_requires_pip_packages }}"
+    state: "{{ keystone_pip_package_state }}"
+    extra_args: >-
+      {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
+      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
+      {{ pip_install_options | default('') }}
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+
+- name: Retrieve checksum for venv download
+  uri:
+    url: "{{ keystone_venv_download_url | replace('tgz', 'checksum') }}"
+    return_content: yes
+  register: keystone_venv_checksum
+  when: keystone_venv_download | bool
+
+- name: Attempt venv download
+  get_url:
+    url: "{{ keystone_venv_download_url }}"
+    dest: "/var/cache/{{ keystone_venv_download_url | basename }}"
+    checksum: "sha1:{{ keystone_venv_checksum.content | trim }}"
+  register: keystone_get_venv
+  when: keystone_venv_download | bool
+
+- name: Remove existing venv
+  file:
+    path: "{{ keystone_bin | dirname }}"
+    state: absent
+  when: keystone_get_venv | changed
+
+- name: Create keystone venv dir
+  file:
+    path: "{{ keystone_bin | dirname }}"
+    state: directory
+  register: keystone_venv_dir
+  when: keystone_get_venv | changed
+
+- name: Unarchive pre-built venv
+  unarchive:
+    src: "/var/cache/{{ keystone_venv_download_url | basename }}"
+    dest: "{{ keystone_bin | dirname }}"
+    copy: "no"
+  when: keystone_get_venv | changed
+  notify:
+    - Manage LB
+    - Restart uWSGI
+    - Restart web server
+
+- name: Install pip packages
+  pip:
+    name: "{{ keystone_pip_packages }}"
+    state: "{{ keystone_pip_package_state }}"
+    virtualenv: "{{ keystone_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: >-
+      {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
+      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
+      {{ pip_install_options | default('') }}
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  when: keystone_get_venv | failed or keystone_get_venv | skipped
+  notify:
+    - Manage LB
+    - Restart uWSGI
+    - Restart web server
+
+- name: Remove python from path first (CentOS, openSUSE)
+  file:
+    path:  "{{ keystone_bin | dirname }}/bin/python2.7"
+    state: "absent"
+  when:
+    - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
+    - keystone_get_venv | changed
+
+# NOTE(odyssey4me):
+# # We reinitialize the venv to ensure that the right
+# # version of python is in the venv, but we do not
+# # want virtualenv to also replace pip, setuptools
+# # and wheel so we tell it not to.
+# # We do not use --always-copy for CentOS/SuSE due
+# # to https://github.com/pypa/virtualenv/issues/565
+- name: Reset virtualenv and update its paths
+  shell: |
+    find {{ keystone_bin }} -name \*.pyc -delete
+    sed -si '1s/^.*python.*$/#!{{ keystone_bin | replace ('/','\/') }}\/python/' {{ keystone_bin }}/*
+    virtualenv {{ keystone_bin | dirname }} \
+        {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \
+        --no-pip \
+        --no-setuptools \
+        --no-wheel
+  when: keystone_get_venv | changed
+  tags:
+    - skip_ansible_lint
+
+- name: Record the venv tag deployed
+  ini_file:
+    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
+    section: keystone
+    option: venv_tag
+    value: "{{ keystone_venv_tag }}"
--- a/tasks/keystone_post_install.yml
+++ b/tasks/keystone_post_install.yml
@ -41,7 +41,7 @@

 - name: Retrieve default configuration files from venv
  fetch:
-    src: "{{ keystone_bin | dirname }}/etc/keystone/{{ item }}"
+    src: "{{ _keystone_etc }}/keystone/{{ item }}"
    dest: "{{ keystone_config_cache_path }}/"
    flat: yes
  with_items:
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -35,6 +35,16 @@
  tags:
    - always

+- name: Fail if service was deployed using a different installation method
+  fail:
+    msg: "Switching installation methods for OpenStack services is not supported"
+  when:
+    - ansible_local is defined
+    - ansible_local.openstack_ansible is defined
+    - ansible_local.openstack_ansible.keystone is defined
+    - ansible_local.openstack_ansible.keystone.install_method is defined
+    - ansible_local.openstack_ansible.keystone.install_method != keystone_install_method
+
 - name: Gather variables for each operating system
  include_vars: "{{ item }}"
  with_first_found:
@ -47,6 +57,11 @@
  tags:
    - always

+- name: Gather variables for installation method
+  include_vars: "{{ keystone_install_method }}_install.yml"
+  tags:
+    - always
+
 - include_tasks: keystone_pre_install.yml
  tags:
    - keystone-install
--- a/templates/keystone-uwsgi.ini.j2
+++ b/templates/keystone-uwsgi.ini.j2
@ -3,7 +3,9 @@
 uid = {{ keystone_system_user_name }}
 gid = {{ keystone_system_group_name }}

+{% if keystone_install_method == 'source' %}
 virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }}
+{% endif %}
 wsgi-file = {{ keystone_bin }}/{{ item }}
 http = :{{ keystone_uwsgi_ports[item]['http'] }}
 socket = 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }}
--- a/tox.ini
+++ b/tox.ini
@ -100,6 +100,14 @@ deps =
 commands =
    bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"

+[testenv:distro_install]
+deps =
+    {[testenv:ansible]deps}
+setenv =
+    {[testenv]setenv}
+    ANSIBLE_PARAMETERS=-e keystone_install_method=distro
+commands =
+    bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"

 [testenv:upgrade]
 deps =
--- a/vars/distro_install.yml
+++ b/vars/distro_install.yml
@ -0,0 +1,38 @@
+---
+# Copyright 2018, SUSE LINUX GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# Compile a list of the distro packages to install based on
+# whether the host is in the host group and the service is
+# enabled.
+#
+keystone_package_list: |-
+  {% set packages = keystone_distro_packages %}
+  {% if keystone_web_server == 'apache' %}
+  {%   set _ = packages.extend(keystone_apache_distro_packages) %}
+  {%   if keystone_idp != {} %}
+  {%     set _ = packages.extend(keystone_idp_distro_packages) %}
+  {%   endif %}
+  {%   if keystone_sp != {} %}
+  {%     set _ = packages.extend(keystone_sp_distro_packages) %}
+  {%   endif %}
+  {% else %}
+  {%   set _ = packages.extend(keystone_nginx_distro_packages) %}
+  {% endif %}
+  {% set _ = packages.extend(keystone_service_distro_packages) %}
+  {{ packages }}
+
+_keystone_bin: "/usr/bin"
+_keystone_etc: "/etc"
--- a/vars/redhat-7.yml
+++ b/vars/redhat-7.yml
@ -30,6 +30,11 @@ keystone_distro_packages:
  - rsync
  - which

+keystone_service_distro_packages:
+  - openstack-keystone
+  - uwsgi
+  - uwsgi-plugin-python
+
 keystone_apache_distro_packages:
  - httpd
  - httpd-tools
@ -74,3 +79,5 @@ keystone_apache_configs:
 keystone_nginx_conf_path: "conf.d"

 keystone_system_service_name: httpd
+
+keystone_uwsgi_bin: '/usr/sbin'
--- a/vars/source_install.yml
+++ b/vars/source_install.yml
@ -35,3 +35,7 @@ keystone_package_list: |-
  {%   set _ = packages.extend(keystone_developer_mode_distro_packages) %}
  {% endif %}
  {{ packages }}
+
+_keystone_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin"
+_keystone_etc: "{{ _keystone_bin | dirname + '/etc' }}"
+keystone_uwsgi_bin: "{{ _keystone_bin }}"
--- a/vars/suse-42.yml
+++ b/vars/suse-42.yml
@ -30,6 +30,11 @@ keystone_distro_packages:
  - rsync
  - which

+keystone_service_distro_packages:
+  - openstack-keystone
+  - uwsgi
+  - uwsgi-python
+
 keystone_apache_distro_packages:
  - apache2
  - apache2-utils
@ -94,3 +99,5 @@ keystone_apache_modules:
 keystone_nginx_conf_path: 'conf.d'

 keystone_system_service_name: apache2
+
+keystone_uwsgi_bin: '/usr/sbin'
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@ -28,6 +28,11 @@ keystone_distro_packages:
  - python-keystoneclient # Keystoneclient needed to OSA keystone lib
  - rsync

+keystone_service_distro_packages:
+  - keystone
+  - uwsgi
+  - uwsgi-plugin-python
+
 keystone_apache_distro_packages:
  - apache2
  - apache2-utils
@ -82,3 +87,5 @@ keystone_apache_modules:
 keystone_nginx_conf_path: "sites-available"

 keystone_system_service_name: apache2
+
+keystone_uwsgi_bin: '/usr/bin'
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -24,6 +24,11 @@
        - openstack-ansible-uw_apache-centos-7-nv
        - openstack-ansible-uw_apache-ubuntu-xenial
        - openstack-ansible-keystone-ssl-nv
+        - openstack-ansible-functional-distro_install-ubuntu-xenial
+          # NOTE(hwoarang) Centos7 is having some troubles with repo dependencies
+          # so disabling until it's investigated.
+        - openstack-ansible-functional-distro_install-centos-7-nv
+        - openstack-ansible-functional-distro_install-opensuse-423
    experimental:
      jobs:
        - openstack-ansible-integrated-deploy-aio