Add external LB management handler hook interface
Based on conversation on an ansible issue[1], I implemented a LB orchestration role[2] similar to the POC here[3]. This will allow external loadbalancer management roles to hook into a universal notify listener "Manage LB" to perform before/ after endpoint management actions when the service is being restarted. [1]: https://github.com/ansible/ansible/issues/27813 [2]: https://github.com/Logan2211/ansible-haproxy-endpoints [3]: https://github.com/Logan2211/tmp-ansible-27813 Change-Id: Ide9efbc79e4fd2c761a3ee4f463f501181da1df2
This commit is contained in:
Logan V
parent
a50924bd61
commit
5e23c765b3
|
|
@ -53,6 +53,19 @@ Example playbook
|
||||||
.. literalinclude:: ../../examples/playbook.yml
|
.. literalinclude:: ../../examples/playbook.yml
|
||||||
:language: yaml
|
:language: yaml
|
||||||
|
|
||||||
|
External Restart Hooks
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
When the role performs a restart of the service, it will notify an Ansible
|
||||||
|
handler named ``Manage LB``, which is a noop within this role. In the
|
||||||
|
playbook, other roles may be loaded before and after this role which will
|
||||||
|
implement Ansible handler listeners for ``Manage LB``, allowing external roles
|
||||||
|
to manage the load balancer endpoints responsible for sending traffic to the
|
||||||
|
servers being restarted by marking them in maintenance or active mode,
|
||||||
|
draining sessions, etc. For an example implementation, please reference the
|
||||||
|
`ansible-haproxy-endpoints role <https://github.com/Logan2211/ansible-haproxy-endpoints>`_
|
||||||
|
used by the openstack-ansible project.
|
||||||
|
|
||||||
Tags
|
Tags
|
||||||
~~~~
|
~~~~
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -103,3 +103,7 @@
|
||||||
until: _restart | success
|
until: _restart | success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
|
|
||||||
|
- meta: noop
|
||||||
|
listen: Manage LB
|
||||||
|
when: false
|
||||||
|
|
|
||||||
|
|
@ -42,6 +42,7 @@
|
||||||
when:
|
when:
|
||||||
- ansible_pkg_mgr in ['apt', 'zypper']
|
- ansible_pkg_mgr in ['apt', 'zypper']
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
## NOTE(andymccr):
|
## NOTE(andymccr):
|
||||||
|
|
@ -54,6 +55,7 @@
|
||||||
when:
|
when:
|
||||||
- ansible_pkg_mgr in ['yum', 'dnf']
|
- ansible_pkg_mgr in ['yum', 'dnf']
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Drop apache2 config files
|
- name: Drop apache2 config files
|
||||||
|
|
@ -64,6 +66,7 @@
|
||||||
group: "root"
|
group: "root"
|
||||||
with_items: "{{ keystone_apache_configs }}"
|
with_items: "{{ keystone_apache_configs }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Disable default apache site
|
- name: Disable default apache site
|
||||||
|
|
@ -72,6 +75,7 @@
|
||||||
state: "absent"
|
state: "absent"
|
||||||
with_items: "{{ keystone_apache_default_sites }}"
|
with_items: "{{ keystone_apache_default_sites }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Enabled keystone vhost
|
- name: Enabled keystone vhost
|
||||||
|
|
@ -83,6 +87,7 @@
|
||||||
- keystone_apache_site_available is defined
|
- keystone_apache_site_available is defined
|
||||||
- keystone_apache_site_enabled is defined
|
- keystone_apache_site_enabled is defined
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Ensure Apache ServerName
|
- name: Ensure Apache ServerName
|
||||||
|
|
@ -90,6 +95,7 @@
|
||||||
dest: "{{ keystone_apache_conf }}"
|
dest: "{{ keystone_apache_conf }}"
|
||||||
line: "ServerName {{ ansible_hostname }}"
|
line: "ServerName {{ ansible_hostname }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Ensure Apache ServerTokens
|
- name: Ensure Apache ServerTokens
|
||||||
|
|
@ -98,6 +104,7 @@
|
||||||
regexp: '^ServerTokens'
|
regexp: '^ServerTokens'
|
||||||
line: "ServerTokens {{ keystone_apache_servertokens }}"
|
line: "ServerTokens {{ keystone_apache_servertokens }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Ensure Apache ServerSignature
|
- name: Ensure Apache ServerSignature
|
||||||
|
|
@ -106,6 +113,7 @@
|
||||||
regexp: '^ServerSignature'
|
regexp: '^ServerSignature'
|
||||||
line: "ServerSignature {{ keystone_apache_serversignature }}"
|
line: "ServerSignature {{ keystone_apache_serversignature }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Remove Listen from Apache config
|
- name: Remove Listen from Apache config
|
||||||
|
|
@ -115,4 +123,5 @@
|
||||||
backrefs: yes
|
backrefs: yes
|
||||||
line: '#\1'
|
line: '#\1'
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -64,6 +64,7 @@
|
||||||
- "'systemd could not find' not in _stop.msg"
|
- "'systemd could not find' not in _stop.msg"
|
||||||
- "'Could not find the requested service' not in _stop.msg"
|
- "'Could not find the requested service' not in _stop.msg"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
|
|
||||||
- name: Perform a Keystone DB sync expand
|
- name: Perform a Keystone DB sync expand
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,7 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
when: inventory_hostname == groups['keystone_all'][0]
|
when: inventory_hostname == groups['keystone_all'][0]
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
- Restart Shibd
|
- Restart Shibd
|
||||||
|
|
||||||
|
|
@ -65,6 +66,7 @@
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
when: inventory_hostname != groups['keystone_all'][0]
|
when: inventory_hostname != groups['keystone_all'][0]
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
- Restart Shibd
|
- Restart Shibd
|
||||||
|
|
||||||
|
|
@ -77,6 +79,7 @@
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
when: inventory_hostname != groups['keystone_all'][0]
|
when: inventory_hostname != groups['keystone_all'][0]
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
- Restart Shibd
|
- Restart Shibd
|
||||||
|
|
||||||
|
|
@ -90,5 +93,6 @@
|
||||||
- "/etc/shibboleth/sp-key.pem"
|
- "/etc/shibboleth/sp-key.pem"
|
||||||
when: inventory_hostname != groups['keystone_all'][0]
|
when: inventory_hostname != groups['keystone_all'][0]
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
- Restart Shibd
|
- Restart Shibd
|
||||||
|
|
|
||||||
|
|
@ -20,4 +20,5 @@
|
||||||
become_user: "{{ keystone_system_user_name }}"
|
become_user: "{{ keystone_system_user_name }}"
|
||||||
when: keystone_idp != {}
|
when: keystone_idp != {}
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
|
|
|
||||||
|
|
@ -33,6 +33,7 @@
|
||||||
when: >
|
when: >
|
||||||
inventory_hostname == groups['keystone_all'][0]
|
inventory_hostname == groups['keystone_all'][0]
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Set appropriate file ownership on the IdP self-signed cert
|
- name: Set appropriate file ownership on the IdP self-signed cert
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Set appropriate file ownership on the IdP self-signed cert
|
- name: Set appropriate file ownership on the IdP self-signed cert
|
||||||
|
|
|
||||||
|
|
@ -39,6 +39,7 @@
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
|
@ -53,5 +54,6 @@
|
||||||
config_type: "ini"
|
config_type: "ini"
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_wsgi_program_names }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -78,6 +78,7 @@
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Create developer mode constraint file
|
- name: Create developer mode constraint file
|
||||||
|
|
@ -137,6 +138,7 @@
|
||||||
copy: "no"
|
copy: "no"
|
||||||
when: keystone_get_venv | changed
|
when: keystone_get_venv | changed
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
|
@ -156,6 +158,7 @@
|
||||||
delay: 2
|
delay: 2
|
||||||
when: keystone_get_venv | failed or keystone_get_venv | skipped
|
when: keystone_get_venv | failed or keystone_get_venv | skipped
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
|
@ -184,6 +187,7 @@
|
||||||
- src: "{{ keystone_bin }}/keystone-wsgi-public"
|
- src: "{{ keystone_bin }}/keystone-wsgi-public"
|
||||||
dest: main
|
dest: main
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Initialise the upgrade facts
|
- name: Initialise the upgrade facts
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,7 @@
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
with_dict: "{{ keystone_ldap }}"
|
with_dict: "{{ keystone_ldap }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
|
@ -47,5 +48,6 @@
|
||||||
state: absent
|
state: absent
|
||||||
when: keystone_ldap.Default is not defined
|
when: keystone_ldap.Default is not defined
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@
|
||||||
path: /etc/nginx/sites-enabled/default
|
path: /etc/nginx/sites-enabled/default
|
||||||
state: absent
|
state: absent
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Configure custom nginx log format
|
- name: Configure custom nginx log format
|
||||||
|
|
@ -34,6 +35,7 @@
|
||||||
dest: "/etc/nginx/nginx.conf"
|
dest: "/etc/nginx/nginx.conf"
|
||||||
line: "log_format custom '{{ keystone_nginx_access_log_format_combined }} {{ keystone_nginx_access_log_format_extras }}';"
|
line: "log_format custom '{{ keystone_nginx_access_log_format_combined }} {{ keystone_nginx_access_log_format_extras }}';"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Ensure configuration directory exists
|
- name: Ensure configuration directory exists
|
||||||
|
|
@ -48,6 +50,7 @@
|
||||||
dest: "/etc/nginx/{{ keystone_nginx_conf_path }}/{{ item }}.conf"
|
dest: "/etc/nginx/{{ keystone_nginx_conf_path }}/{{ item }}.conf"
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_wsgi_program_names }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Link to enable virtual hosts
|
- name: Link to enable virtual hosts
|
||||||
|
|
@ -58,4 +61,5 @@
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_wsgi_program_names }}"
|
||||||
when: ansible_os_family == "Debian"
|
when: ansible_os_family == "Debian"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -54,6 +54,7 @@
|
||||||
config_type: "json"
|
config_type: "json"
|
||||||
content: "{{ keystone_policy_user_content | default('{}', true) }}"
|
content: "{{ keystone_policy_user_content | default('{}', true) }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
|
@ -67,6 +68,7 @@
|
||||||
when:
|
when:
|
||||||
- keystone_idp != {}
|
- keystone_idp != {}
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
|
@ -77,5 +79,6 @@
|
||||||
when:
|
when:
|
||||||
- keystone_idp == {}
|
- keystone_idp == {}
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -29,6 +29,7 @@
|
||||||
-extensions v3_ca
|
-extensions v3_ca
|
||||||
creates={{ keystone_ssl_cert }}
|
creates={{ keystone_ssl_cert }}
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Ensure keystone user owns the self-signed key and certificate
|
- name: Ensure keystone user owns the self-signed key and certificate
|
||||||
|
|
@ -41,4 +42,5 @@
|
||||||
- "{{ keystone_ssl_key }}"
|
- "{{ keystone_ssl_key }}"
|
||||||
- "{{ keystone_ssl_cert }}"
|
- "{{ keystone_ssl_cert }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@
|
||||||
group: "{{ keystone_system_group_name }}"
|
group: "{{ keystone_system_group_name }}"
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Distribute self signed ssl cert
|
- name: Distribute self signed ssl cert
|
||||||
|
|
@ -31,6 +32,7 @@
|
||||||
group: "{{ keystone_system_group_name }}"
|
group: "{{ keystone_system_group_name }}"
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Ensure keystone user owns the self-signed key and certificate
|
- name: Ensure keystone user owns the self-signed key and certificate
|
||||||
|
|
@ -42,4 +44,5 @@
|
||||||
- "{{ keystone_ssl_key }}"
|
- "{{ keystone_ssl_key }}"
|
||||||
- "{{ keystone_ssl_cert }}"
|
- "{{ keystone_ssl_cert }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
when: keystone_user_ssl_cert is defined
|
when: keystone_user_ssl_cert is defined
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Drop user provided ssl key
|
- name: Drop user provided ssl key
|
||||||
|
|
@ -33,6 +34,7 @@
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
when: keystone_user_ssl_key is defined
|
when: keystone_user_ssl_key is defined
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
- name: Drop user provided ssl CA cert
|
- name: Drop user provided ssl CA cert
|
||||||
|
|
@ -44,4 +46,5 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
when: keystone_user_ssl_ca_cert is defined
|
when: keystone_user_ssl_ca_cert is defined
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@
|
||||||
config_type: ini
|
config_type: ini
|
||||||
with_items: "{{ keystone_wsgi_program_names }}"
|
with_items: "{{ keystone_wsgi_program_names }}"
|
||||||
notify:
|
notify:
|
||||||
|
- Manage LB
|
||||||
- Restart uWSGI
|
- Restart uWSGI
|
||||||
|
|
||||||
- include: "keystone_init_{{ ansible_service_mgr }}.yml"
|
- include: "keystone_init_{{ ansible_service_mgr }}.yml"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue