diff --git a/defaults/main.yml b/defaults/main.yml index 5ee919de..8cfa86c1 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -21,6 +21,9 @@ debug: False keystone_package_state: "latest" keystone_pip_package_state: "latest" +# Set installation method. +keystone_install_method: "source" + # Role standard API override this option in the OS variable files keystone_shibboleth_repo: {} @@ -35,7 +38,7 @@ keystone_developer_constraints: # Name of the virtual env to deploy into keystone_venv_tag: untagged -keystone_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin" +keystone_bin: "{{ _keystone_bin }}" # venv_download, even when true, will use the fallback method of building the # venv from scratch if the venv download fails. @@ -467,11 +470,11 @@ keystone_services: keystone-wsgi-public: service_name: "keystone-wsgi-public" init_config_overrides: "{{ keystone_uwsgi_init_overrides }}" - execstarts: "{{ keystone_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-public.ini" + execstarts: "{{ keystone_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-public.ini" keystone-wsgi-admin: service_name: "keystone-wsgi-admin" init_config_overrides: "{{ keystone_uwsgi_init_overrides }}" - execstarts: "{{ keystone_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-admin.ini" + execstarts: "{{ keystone_uwsgi_bin }}/uwsgi --autoload --ini /etc/uwsgi/keystone-wsgi-admin.ini" ## Extra HTTP headers for Keystone # Add any additional headers here that Keystone should return. diff --git a/releasenotes/notes/openstack-distribution-packages-d42a426bb57f76b1.yaml b/releasenotes/notes/openstack-distribution-packages-d42a426bb57f76b1.yaml new file mode 100644 index 00000000..26573895 --- /dev/null +++ b/releasenotes/notes/openstack-distribution-packages-d42a426bb57f76b1.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + The role now supports using the distribution packages for the OpenStack + services instead of the pip ones. This feature is disabled by default + and can be enabled by simply setting the ``keystone_install_method`` + variable to ``distro``. diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml index fe07ef59..a32b658f 100644 --- a/tasks/keystone_install.yml +++ b/tasks/keystone_install.yml @@ -81,114 +81,34 @@ - Manage LB - Restart web server -- name: Create developer mode constraint file - copy: - dest: "/opt/developer-pip-constraints.txt" - content: | - {% for item in keystone_developer_constraints %} - {{ item }} - {% endfor %} - when: keystone_developer_mode | bool +- name: Install keystone packages from PIP + include_tasks: keystone_install_source.yml + when: keystone_install_method == 'source' -- name: Install required pip packages - pip: - name: "{{ keystone_requires_pip_packages }}" - state: "{{ keystone_pip_package_state }}" - extra_args: >- - {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} - {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} - {{ pip_install_options | default('') }} - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - -- name: Retrieve checksum for venv download - uri: - url: "{{ keystone_venv_download_url | replace('tgz', 'checksum') }}" - return_content: yes - register: keystone_venv_checksum - when: keystone_venv_download | bool - -- name: Attempt venv download - get_url: - url: "{{ keystone_venv_download_url }}" - dest: "/var/cache/{{ keystone_venv_download_url | basename }}" - checksum: "sha1:{{ keystone_venv_checksum.content | trim }}" - register: keystone_get_venv - when: keystone_venv_download | bool - -- name: Remove existing venv - file: - path: "{{ keystone_bin | dirname }}" - state: absent - when: keystone_get_venv | changed - -- name: Create keystone venv dir - file: - path: "{{ keystone_bin | dirname }}" - state: directory - register: keystone_venv_dir - when: keystone_get_venv | changed - -- name: Unarchive pre-built venv - unarchive: - src: "/var/cache/{{ keystone_venv_download_url | basename }}" - dest: "{{ keystone_bin | dirname }}" - copy: "no" - when: keystone_get_venv | changed - notify: - - Manage LB - - Restart uWSGI - - Restart web server - -- name: Install pip packages - pip: - name: "{{ keystone_pip_packages }}" - state: "{{ keystone_pip_package_state }}" - virtualenv: "{{ keystone_bin | dirname }}" - virtualenv_site_packages: "no" - extra_args: >- - {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} - {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} - {{ pip_install_options | default('') }} - register: install_packages - until: install_packages|success - retries: 5 - delay: 2 - when: keystone_get_venv | failed or keystone_get_venv | skipped - notify: - - Manage LB - - Restart uWSGI - - Restart web server - -- name: Remove python from path first (CentOS, openSUSE) - file: - path: "{{ keystone_bin | dirname }}/bin/python2.7" - state: "absent" - when: - - ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] - - keystone_get_venv | changed - -# NOTE(odyssey4me): -# We reinitialize the venv to ensure that the right -# version of python is in the venv, but we do not -# want virtualenv to also replace pip, setuptools -# and wheel so we tell it not to. -# We do not use --always-copy for CentOS/SuSE due -# to https://github.com/pypa/virtualenv/issues/565 -- name: Reset virtualenv and update its paths - shell: | - find {{ keystone_bin }} -name \*.pyc -delete - sed -si '1s/^.*python.*$/#!{{ keystone_bin | replace ('/','\/') }}\/python/' {{ keystone_bin }}/* - virtualenv {{ keystone_bin | dirname }} \ - {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \ - --no-pip \ - --no-setuptools \ - --no-wheel - when: keystone_get_venv | changed - tags: - - skip_ansible_lint +- name: Initialise the upgrade facts + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: keystone + option: "{{ item.name }}" + value: "{{ item.state }}" + with_items: + - name: "need_db_expand" + state: "True" + - name: "need_db_migrate" + state: "True" + - name: "need_db_contract" + state: "True" + - name: "install_method" + state: "{{ keystone_install_method }}" + when: (keystone_install_method == 'source' and + (keystone_get_venv | changed or keystone_venv_dir | changed)) or + (install_packages | changed) or + (ansible_local is not defined) or + ('openstack_ansible' not in ansible_local) or + ('keystone' not in ansible_local['openstack_ansible']) or + ('need_db_expand' not in ansible_local['openstack_ansible']['keystone']) or + ('need_db_migrate' not in ansible_local['openstack_ansible']['keystone']) or + ('need_db_contract' not in ansible_local['openstack_ansible']['keystone']) - name: Create WSGI symlinks file: @@ -204,33 +124,3 @@ notify: - Manage LB - Restart web server - -- name: Initialise the upgrade facts - ini_file: - dest: "/etc/ansible/facts.d/openstack_ansible.fact" - section: keystone - option: "{{ item.name }}" - value: "{{ item.state }}" - with_items: - - name: "need_db_expand" - state: "True" - - name: "need_db_migrate" - state: "True" - - name: "need_db_contract" - state: "True" - when: (keystone_get_venv | changed) or - (keystone_venv_dir | changed) or - (install_packages | changed) or - (ansible_local is not defined) or - ('openstack_ansible' not in ansible_local) or - ('keystone' not in ansible_local['openstack_ansible']) or - ('need_db_expand' not in ansible_local['openstack_ansible']['keystone']) or - ('need_db_migrate' not in ansible_local['openstack_ansible']['keystone']) or - ('need_db_contract' not in ansible_local['openstack_ansible']['keystone']) - -- name: Record the venv tag deployed - ini_file: - dest: "/etc/ansible/facts.d/openstack_ansible.fact" - section: keystone - option: venv_tag - value: "{{ keystone_venv_tag }}" diff --git a/tasks/keystone_install_source.yml b/tasks/keystone_install_source.yml new file mode 100644 index 00000000..770c1508 --- /dev/null +++ b/tasks/keystone_install_source.yml @@ -0,0 +1,130 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Create developer mode constraint file + copy: + dest: "/opt/developer-pip-constraints.txt" + content: | + {% for item in keystone_developer_constraints %} + {{ item }} + {% endfor %} + when: keystone_developer_mode | bool + +- name: Install required pip packages + pip: + name: "{{ keystone_requires_pip_packages }}" + state: "{{ keystone_pip_package_state }}" + extra_args: >- + {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + +- name: Retrieve checksum for venv download + uri: + url: "{{ keystone_venv_download_url | replace('tgz', 'checksum') }}" + return_content: yes + register: keystone_venv_checksum + when: keystone_venv_download | bool + +- name: Attempt venv download + get_url: + url: "{{ keystone_venv_download_url }}" + dest: "/var/cache/{{ keystone_venv_download_url | basename }}" + checksum: "sha1:{{ keystone_venv_checksum.content | trim }}" + register: keystone_get_venv + when: keystone_venv_download | bool + +- name: Remove existing venv + file: + path: "{{ keystone_bin | dirname }}" + state: absent + when: keystone_get_venv | changed + +- name: Create keystone venv dir + file: + path: "{{ keystone_bin | dirname }}" + state: directory + register: keystone_venv_dir + when: keystone_get_venv | changed + +- name: Unarchive pre-built venv + unarchive: + src: "/var/cache/{{ keystone_venv_download_url | basename }}" + dest: "{{ keystone_bin | dirname }}" + copy: "no" + when: keystone_get_venv | changed + notify: + - Manage LB + - Restart uWSGI + - Restart web server + +- name: Install pip packages + pip: + name: "{{ keystone_pip_packages }}" + state: "{{ keystone_pip_package_state }}" + virtualenv: "{{ keystone_bin | dirname }}" + virtualenv_site_packages: "no" + extra_args: >- + {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }} + {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }} + {{ pip_install_options | default('') }} + register: install_packages + until: install_packages|success + retries: 5 + delay: 2 + when: keystone_get_venv | failed or keystone_get_venv | skipped + notify: + - Manage LB + - Restart uWSGI + - Restart web server + +- name: Remove python from path first (CentOS, openSUSE) + file: + path: "{{ keystone_bin | dirname }}/bin/python2.7" + state: "absent" + when: + - ansible_pkg_mgr in ['yum', 'dnf', 'zypper'] + - keystone_get_venv | changed + +# NOTE(odyssey4me): +# # We reinitialize the venv to ensure that the right +# # version of python is in the venv, but we do not +# # want virtualenv to also replace pip, setuptools +# # and wheel so we tell it not to. +# # We do not use --always-copy for CentOS/SuSE due +# # to https://github.com/pypa/virtualenv/issues/565 +- name: Reset virtualenv and update its paths + shell: | + find {{ keystone_bin }} -name \*.pyc -delete + sed -si '1s/^.*python.*$/#!{{ keystone_bin | replace ('/','\/') }}\/python/' {{ keystone_bin }}/* + virtualenv {{ keystone_bin | dirname }} \ + {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \ + --no-pip \ + --no-setuptools \ + --no-wheel + when: keystone_get_venv | changed + tags: + - skip_ansible_lint + +- name: Record the venv tag deployed + ini_file: + dest: "/etc/ansible/facts.d/openstack_ansible.fact" + section: keystone + option: venv_tag + value: "{{ keystone_venv_tag }}" diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml index eeb46617..cdcee7cf 100644 --- a/tasks/keystone_post_install.yml +++ b/tasks/keystone_post_install.yml @@ -41,7 +41,7 @@ - name: Retrieve default configuration files from venv fetch: - src: "{{ keystone_bin | dirname }}/etc/keystone/{{ item }}" + src: "{{ _keystone_etc }}/keystone/{{ item }}" dest: "{{ keystone_config_cache_path }}/" flat: yes with_items: diff --git a/tasks/main.yml b/tasks/main.yml index c021be4a..d9eb25a1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -35,6 +35,16 @@ tags: - always +- name: Fail if service was deployed using a different installation method + fail: + msg: "Switching installation methods for OpenStack services is not supported" + when: + - ansible_local is defined + - ansible_local.openstack_ansible is defined + - ansible_local.openstack_ansible.keystone is defined + - ansible_local.openstack_ansible.keystone.install_method is defined + - ansible_local.openstack_ansible.keystone.install_method != keystone_install_method + - name: Gather variables for each operating system include_vars: "{{ item }}" with_first_found: @@ -47,6 +57,11 @@ tags: - always +- name: Gather variables for installation method + include_vars: "{{ keystone_install_method }}_install.yml" + tags: + - always + - include_tasks: keystone_pre_install.yml tags: - keystone-install diff --git a/templates/keystone-uwsgi.ini.j2 b/templates/keystone-uwsgi.ini.j2 index bd2c61b5..9825a23a 100644 --- a/templates/keystone-uwsgi.ini.j2 +++ b/templates/keystone-uwsgi.ini.j2 @@ -3,7 +3,9 @@ uid = {{ keystone_system_user_name }} gid = {{ keystone_system_group_name }} +{% if keystone_install_method == 'source' %} virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }} +{% endif %} wsgi-file = {{ keystone_bin }}/{{ item }} http = :{{ keystone_uwsgi_ports[item]['http'] }} socket = 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }} diff --git a/tox.ini b/tox.ini index ec24cc18..789152fd 100644 --- a/tox.ini +++ b/tox.ini @@ -100,6 +100,14 @@ deps = commands = bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" +[testenv:distro_install] +deps = + {[testenv:ansible]deps} +setenv = + {[testenv]setenv} + ANSIBLE_PARAMETERS=-e keystone_install_method=distro +commands = + bash -c "{toxinidir}/tests/common/test-ansible-functional.sh" [testenv:upgrade] deps = diff --git a/vars/distro_install.yml b/vars/distro_install.yml new file mode 100644 index 00000000..c8ee81ad --- /dev/null +++ b/vars/distro_install.yml @@ -0,0 +1,38 @@ +--- +# Copyright 2018, SUSE LINUX GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# Compile a list of the distro packages to install based on +# whether the host is in the host group and the service is +# enabled. +# +keystone_package_list: |- + {% set packages = keystone_distro_packages %} + {% if keystone_web_server == 'apache' %} + {% set _ = packages.extend(keystone_apache_distro_packages) %} + {% if keystone_idp != {} %} + {% set _ = packages.extend(keystone_idp_distro_packages) %} + {% endif %} + {% if keystone_sp != {} %} + {% set _ = packages.extend(keystone_sp_distro_packages) %} + {% endif %} + {% else %} + {% set _ = packages.extend(keystone_nginx_distro_packages) %} + {% endif %} + {% set _ = packages.extend(keystone_service_distro_packages) %} + {{ packages }} + +_keystone_bin: "/usr/bin" +_keystone_etc: "/etc" diff --git a/vars/redhat-7.yml b/vars/redhat-7.yml index db9357fd..21ad9e77 100644 --- a/vars/redhat-7.yml +++ b/vars/redhat-7.yml @@ -30,6 +30,11 @@ keystone_distro_packages: - rsync - which +keystone_service_distro_packages: + - openstack-keystone + - uwsgi + - uwsgi-plugin-python + keystone_apache_distro_packages: - httpd - httpd-tools @@ -74,3 +79,5 @@ keystone_apache_configs: keystone_nginx_conf_path: "conf.d" keystone_system_service_name: httpd + +keystone_uwsgi_bin: '/usr/sbin' diff --git a/vars/main.yml b/vars/source_install.yml similarity index 88% rename from vars/main.yml rename to vars/source_install.yml index bcb4705d..77c6ca0e 100644 --- a/vars/main.yml +++ b/vars/source_install.yml @@ -35,3 +35,7 @@ keystone_package_list: |- {% set _ = packages.extend(keystone_developer_mode_distro_packages) %} {% endif %} {{ packages }} + +_keystone_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin" +_keystone_etc: "{{ _keystone_bin | dirname + '/etc' }}" +keystone_uwsgi_bin: "{{ _keystone_bin }}" diff --git a/vars/suse-42.yml b/vars/suse-42.yml index db706aac..84ac2212 100644 --- a/vars/suse-42.yml +++ b/vars/suse-42.yml @@ -30,6 +30,11 @@ keystone_distro_packages: - rsync - which +keystone_service_distro_packages: + - openstack-keystone + - uwsgi + - uwsgi-python + keystone_apache_distro_packages: - apache2 - apache2-utils @@ -94,3 +99,5 @@ keystone_apache_modules: keystone_nginx_conf_path: 'conf.d' keystone_system_service_name: apache2 + +keystone_uwsgi_bin: '/usr/sbin' diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml index fb1ece21..e995c45b 100644 --- a/vars/ubuntu-16.04.yml +++ b/vars/ubuntu-16.04.yml @@ -28,6 +28,11 @@ keystone_distro_packages: - python-keystoneclient # Keystoneclient needed to OSA keystone lib - rsync +keystone_service_distro_packages: + - keystone + - uwsgi + - uwsgi-plugin-python + keystone_apache_distro_packages: - apache2 - apache2-utils @@ -82,3 +87,5 @@ keystone_apache_modules: keystone_nginx_conf_path: "sites-available" keystone_system_service_name: apache2 + +keystone_uwsgi_bin: '/usr/bin' diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index 18c7d071..79554a6b 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -24,6 +24,11 @@ - openstack-ansible-uw_apache-centos-7-nv - openstack-ansible-uw_apache-ubuntu-xenial - openstack-ansible-keystone-ssl-nv + - openstack-ansible-functional-distro_install-ubuntu-xenial + # NOTE(hwoarang) Centos7 is having some troubles with repo dependencies + # so disabling until it's investigated. + - openstack-ansible-functional-distro_install-centos-7-nv + - openstack-ansible-functional-distro_install-opensuse-423 experimental: jobs: - openstack-ansible-integrated-deploy-aio