Add external LB management handler hook interface

Based on conversation on an ansible issue[1], I implemented a LB orchestration role[2] similar to the POC here[3]. This will allow external loadbalancer management roles to hook into a universal notify listener "Manage LB" to perform before/ after endpoint management actions when the service is being restarted. [1]: https://github.com/ansible/ansible/issues/27813 [2]: https://github.com/Logan2211/ansible-haproxy-endpoints [3]: https://github.com/Logan2211/tmp-ansible-27813 Change-Id: Ide9efbc79e4fd2c761a3ee4f463f501181da1df2
2017-09-16 13:39:48 -05:00 · 2017-09-16 13:39:48 -05:00 · 5e23c765b3
parent a50924bd61
commit 5e23c765b3
17 changed files with 58 additions and 0 deletions
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -53,6 +53,19 @@ Example playbook
 .. literalinclude:: ../../examples/playbook.yml
   :language: yaml

+External Restart Hooks
+~~~~~~~~~~~~~~~~~~~~~~
+
+When the role performs a restart of the service, it will notify an Ansible
+handler named ``Manage LB``, which is a noop within this role. In the
+playbook, other roles may be loaded before and after this role which will
+implement Ansible handler listeners for ``Manage LB``, allowing external roles
+to manage the load balancer endpoints responsible for sending traffic to the
+servers being restarted by marking them in maintenance or active mode,
+draining sessions, etc. For an example implementation, please reference the
+`ansible-haproxy-endpoints role <https://github.com/Logan2211/ansible-haproxy-endpoints>`_
+used by the openstack-ansible project.
+
 Tags
 ~~~~

--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -103,3 +103,7 @@
  until: _restart | success
  retries: 5
  delay: 2
+
+- meta: noop
+  listen: Manage LB
+  when: false
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@ -42,6 +42,7 @@
  when:
    - ansible_pkg_mgr in ['apt', 'zypper']
  notify:
+    - Manage LB
    - Restart web server

 ## NOTE(andymccr):
@ -54,6 +55,7 @@
  when:
   - ansible_pkg_mgr in ['yum', 'dnf']
  notify:
+    - Manage LB
    - Restart web server

 - name: Drop apache2 config files
@ -64,6 +66,7 @@
    group: "root"
  with_items: "{{ keystone_apache_configs }}"
  notify:
+    - Manage LB
    - Restart web server

 - name: Disable default apache site
@ -72,6 +75,7 @@
    state: "absent"
  with_items: "{{ keystone_apache_default_sites }}"
  notify:
+    - Manage LB
    - Restart web server

 - name: Enabled keystone vhost
@ -83,6 +87,7 @@
    - keystone_apache_site_available is defined
    - keystone_apache_site_enabled is defined
  notify:
+    - Manage LB
    - Restart web server

 - name: Ensure Apache ServerName
@ -90,6 +95,7 @@
    dest: "{{ keystone_apache_conf }}"
    line: "ServerName {{ ansible_hostname }}"
  notify:
+    - Manage LB
    - Restart web server

 - name: Ensure Apache ServerTokens
@ -98,6 +104,7 @@
    regexp: '^ServerTokens'
    line: "ServerTokens {{ keystone_apache_servertokens }}"
  notify:
+    - Manage LB
    - Restart web server

 - name: Ensure Apache ServerSignature
@ -106,6 +113,7 @@
    regexp: '^ServerSignature'
    line: "ServerSignature {{ keystone_apache_serversignature }}"
  notify:
+    - Manage LB
    - Restart web server

 - name: Remove Listen from Apache config
@ -115,4 +123,5 @@
    backrefs: yes
    line: '#\1'
  notify:
+    - Manage LB
    - Restart web server
--- a/tasks/keystone_db_setup.yml
+++ b/tasks/keystone_db_setup.yml
@ -64,6 +64,7 @@
    - "'systemd could not find' not in _stop.msg"
    - "'Could not find the requested service' not in _stop.msg"
  notify:
+    - Manage LB
    - Restart uWSGI

 - name: Perform a Keystone DB sync expand
--- a/tasks/keystone_federation_sp_setup.yml
+++ b/tasks/keystone_federation_sp_setup.yml
@ -33,6 +33,7 @@
  changed_when: false
  when: inventory_hostname == groups['keystone_all'][0]
  notify:
+    - Manage LB
    - Restart web server
    - Restart Shibd

@ -65,6 +66,7 @@
    mode: "0640"
  when: inventory_hostname != groups['keystone_all'][0]
  notify:
+    - Manage LB
    - Restart web server
    - Restart Shibd

@ -77,6 +79,7 @@
    mode: "0640"
  when: inventory_hostname != groups['keystone_all'][0]
  notify:
+    - Manage LB
    - Restart web server
    - Restart Shibd

@ -90,5 +93,6 @@
    - "/etc/shibboleth/sp-key.pem"
  when: inventory_hostname != groups['keystone_all'][0]
  notify:
+    - Manage LB
    - Restart web server
    - Restart Shibd
--- a/tasks/keystone_idp_metadata.yml
+++ b/tasks/keystone_idp_metadata.yml
@ -20,4 +20,5 @@
  become_user: "{{ keystone_system_user_name }}"
  when: keystone_idp != {}
  notify:
+    - Manage LB
    - Restart uWSGI
--- a/tasks/keystone_idp_self_signed_create.yml
+++ b/tasks/keystone_idp_self_signed_create.yml
@ -33,6 +33,7 @@
  when: >
    inventory_hostname == groups['keystone_all'][0]
  notify:
+    - Manage LB
    - Restart web server

 - name: Set appropriate file ownership on the IdP self-signed cert
--- a/tasks/keystone_idp_self_signed_distribute.yml
+++ b/tasks/keystone_idp_self_signed_distribute.yml
@ -30,6 +30,7 @@
  retries: 5
  delay: 2
  notify:
+    - Manage LB
    - Restart web server

 - name: Set appropriate file ownership on the IdP self-signed cert
--- a/tasks/keystone_init_systemd.yml
+++ b/tasks/keystone_init_systemd.yml
@ -39,6 +39,7 @@
    owner: "root"
    group: "root"
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server

@ -53,5 +54,6 @@
    config_type: "ini"
  with_items: "{{ keystone_wsgi_program_names }}"
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@ -78,6 +78,7 @@
  retries: 5
  delay: 2
  notify:
+    - Manage LB
    - Restart web server

 - name: Create developer mode constraint file
@ -137,6 +138,7 @@
    copy: "no"
  when: keystone_get_venv | changed
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server

@ -156,6 +158,7 @@
  delay: 2
  when: keystone_get_venv | failed or keystone_get_venv | skipped
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server

@ -184,6 +187,7 @@
    - src: "{{ keystone_bin }}/keystone-wsgi-public"
      dest: main
  notify:
+    - Manage LB
    - Restart web server

 - name: Initialise the upgrade facts
--- a/tasks/keystone_ldap_setup.yml
+++ b/tasks/keystone_ldap_setup.yml
@ -35,6 +35,7 @@
    mode: "0640"
  with_dict: "{{ keystone_ldap }}"
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server

@ -47,5 +48,6 @@
    state: absent
  when: keystone_ldap.Default is not defined
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server
--- a/tasks/keystone_nginx.yml
+++ b/tasks/keystone_nginx.yml
@ -24,6 +24,7 @@
    path: /etc/nginx/sites-enabled/default
    state: absent
  notify:
+    - Manage LB
    - Restart web server

 - name: Configure custom nginx log format
@ -34,6 +35,7 @@
    dest: "/etc/nginx/nginx.conf"
    line: "log_format custom '{{ keystone_nginx_access_log_format_combined }} {{ keystone_nginx_access_log_format_extras }}';"
  notify:
+    - Manage LB
    - Restart web server

 - name: Ensure configuration directory exists
@ -48,6 +50,7 @@
    dest: "/etc/nginx/{{ keystone_nginx_conf_path }}/{{ item }}.conf"
  with_items: "{{ keystone_wsgi_program_names }}"
  notify:
+    - Manage LB
    - Restart web server

 - name: Link to enable virtual hosts
@ -58,4 +61,5 @@
  with_items: "{{ keystone_wsgi_program_names }}"
  when: ansible_os_family == "Debian"
  notify:
+    - Manage LB
    - Restart web server
--- a/tasks/keystone_post_install.yml
+++ b/tasks/keystone_post_install.yml
@ -54,6 +54,7 @@
      config_type: "json"
      content: "{{ keystone_policy_user_content | default('{}', true) }}"
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server

@ -67,6 +68,7 @@
  when:
    - keystone_idp != {}
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server

@ -77,5 +79,6 @@
  when:
    - keystone_idp == {}
  notify:
+    - Manage LB
    - Restart uWSGI
    - Restart web server
--- a/tasks/keystone_ssl_key_create.yml
+++ b/tasks/keystone_ssl_key_create.yml
@ -29,6 +29,7 @@
    -extensions v3_ca
    creates={{ keystone_ssl_cert }}
  notify:
+    - Manage LB
    - Restart web server

 - name: Ensure keystone user owns the self-signed key and certificate
@ -41,4 +42,5 @@
    - "{{ keystone_ssl_key }}"
    - "{{ keystone_ssl_cert }}"
  notify:
+    - Manage LB
    - Restart web server
--- a/tasks/keystone_ssl_key_distribute.yml
+++ b/tasks/keystone_ssl_key_distribute.yml
@ -21,6 +21,7 @@
    group: "{{ keystone_system_group_name }}"
    mode: "0640"
  notify:
+    - Manage LB
    - Restart web server

 - name: Distribute self signed ssl cert
@ -31,6 +32,7 @@
    group: "{{ keystone_system_group_name }}"
    mode: "0640"
  notify:
+    - Manage LB
    - Restart web server

 - name: Ensure keystone user owns the self-signed key and certificate
@ -42,4 +44,5 @@
    - "{{ keystone_ssl_key }}"
    - "{{ keystone_ssl_cert }}"
  notify:
+    - Manage LB
    - Restart web server
--- a/tasks/keystone_ssl_user_provided.yml
+++ b/tasks/keystone_ssl_user_provided.yml
@ -22,6 +22,7 @@
    mode: "0644"
  when: keystone_user_ssl_cert is defined
  notify:
+    - Manage LB
    - Restart web server

 - name: Drop user provided ssl key
@ -33,6 +34,7 @@
    mode: "0640"
  when: keystone_user_ssl_key is defined
  notify:
+    - Manage LB
    - Restart web server

 - name: Drop user provided ssl CA cert
@ -44,4 +46,5 @@
    mode: "0644"
  when: keystone_user_ssl_ca_cert is defined
  notify:
+    - Manage LB
    - Restart web server
--- a/tasks/keystone_uwsgi.yml
+++ b/tasks/keystone_uwsgi.yml
@ -27,6 +27,7 @@
    config_type: ini
  with_items: "{{ keystone_wsgi_program_names }}"
  notify:
+    - Manage LB
    - Restart uWSGI

 - include: "keystone_init_{{ ansible_service_mgr }}.yml"