openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
130c1339e7
openstack-ansible-os_keystone/tasks/main.yml
Jesse Pretorius 09ec0890a4 Allow tags to be used for MQ tasks 
The use of 'include_tasks' and a loop of variables creates
a situation where a user is unable to use tags to scope the
inclusion of only the MQ tasks when running the playbooks.

The use-case this is important for is when the rabbitmq
containers are destroyed and rebuilt in order to resolve
an issue with them, and the user wishes to quickly recreate
all the vhosts/users.

Ansible's 'include_tasks' is a dynamic inclusion, and dynamic
inclusions are not included when using tags. The nice thing
about dynamic inclusions is that they completely skip all
tasks when the condition does not apply, cutting down deploy
time. However, given the use-case, we should rather take on
the extra deployment time.

This patch changes the dynamic inclusion to a static one,
adds a 'common-mq' tag to cover all MQ implementations,
and re-implements the 'common-rabbitmq' tag for the tasks
that relate to RabbitMQ specifically.

It also implements conditionals for each task set so that
the rpc/notify tasks can be skipped if a vhost/user is not
required for that purpose (eg: swift does not use RPC, and
most roles will not use notifications by default).

Depends-On: https://review.openstack.org/588191
Change-Id: I559062788264ed54b0a21b678f420f8d33d2c663
2018-08-07 14:24:27 +01:00

197 lines
6.0 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Fail if our required secrets are not present
fail:
msg: "Please set the {{ item }} variable prior to applying this role."
when: (item is undefined) or (item is none)
with_items: "{{ keystone_required_secrets }}"
tags:
- always
- name: Handle deprecation of keystone_memcached_servers
set_fact:
keystone_cache_servers: "{{ keystone_cache_servers + (_ | deprecated(keystone_memcached_servers, 'keystone_memcached_servers', 'keystone_cache_servers', 'queens')).split(',') }}"
when: keystone_memcached_servers is defined
tags:
- always
- name: Handle deprecation of keystone_cache_backend_argument
set_fact:
keystone_cache_servers: "{{ keystone_cache_servers + (_ | deprecated(keystone_cache_backend_argument.replace('url:',''), 'keystone_cache_backend_argument', 'keystone_cache_servers', 'queens')).split(',') }}"
when: keystone_cache_backend_argument is defined
tags:
- always
- name: Fail if service was deployed using a different installation method
fail:
msg: "Switching installation methods for OpenStack services is not supported"
when:
- ansible_local is defined
- ansible_local.openstack_ansible is defined
- ansible_local.openstack_ansible.keystone is defined
- ansible_local.openstack_ansible.keystone.install_method is defined
- ansible_local.openstack_ansible.keystone.install_method != keystone_install_method
- name: Gather variables for each operating system
include_vars: "{{ item }}"
with_first_found:
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_version | lower }}.yml"
- "{{ ansible_distribution | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_major_version | lower }}.yml"
- "{{ ansible_distribution | lower }}.yml"
- "{{ ansible_os_family | lower }}-{{ ansible_distribution_version.split('.')[0] }}.yml"
- "{{ ansible_os_family | lower }}.yml"
tags:
- always
- name: Gather variables for installation method
include_vars: "{{ keystone_install_method }}_install.yml"
tags:
- always
- include_tasks: keystone_pre_install.yml
tags:
- keystone-install
- include_tasks: keystone_install.yml
tags:
- keystone-install
- name: refresh local facts
setup:
filter: ansible_local
gather_subset: "!all"
tags:
- keystone-config
- include_tasks: keystone_post_install.yml
tags:
- keystone-config
- include_tasks: keystone_key_setup.yml
tags:
- keystone-config
- include_tasks: keystone_fernet.yml
when:
- "'fernet' in keystone_token_provider"
- keystone_service_setup | bool
tags:
- keystone-config
- include_tasks: keystone_credential.yml
when: keystone_service_setup | bool
tags:
- keystone-config
- include_tasks: keystone_federation_sp_setup.yml
when: keystone_sp != {}
tags:
- keystone-config
- import_tasks: mq_setup.yml
run_once: yes
vars:
_oslomsg_rpc_setup_host: "{{ keystone_oslomsg_rpc_setup_host }}"
_oslomsg_rpc_userid: "{{ keystone_oslomsg_rpc_userid }}"
_oslomsg_rpc_password: "{{ keystone_oslomsg_rpc_password }}"
_oslomsg_rpc_vhost: "{{ keystone_oslomsg_rpc_vhost }}"
_oslomsg_rpc_transport: "{{ keystone_oslomsg_rpc_transport }}"
_oslomsg_configure_rpc: "{{ keystone_messaging_enabled | bool }}"
_oslomsg_notify_setup_host: "{{ keystone_oslomsg_notify_setup_host }}"
_oslomsg_notify_userid: "{{ keystone_oslomsg_notify_userid }}"
_oslomsg_notify_password: "{{ keystone_oslomsg_notify_password }}"
_oslomsg_notify_vhost: "{{ keystone_oslomsg_notify_vhost }}"
_oslomsg_notify_transport: "{{ keystone_oslomsg_notify_transport }}"
_oslomsg_configure_notify: "{{ keystone_ceilometer_enabled | bool }}"
tags:
- common-mq
- keystone-config
- include_tasks: keystone_db_setup.yml
when:
- "keystone_database_enabled | bool"
tags:
- keystone-config
- include_tasks: keystone_token_cleanup.yml
when:
- "'uuid' in keystone_token_provider"
run_once: yes
tags:
- keystone-install
- include_tasks: keystone_ssl.yml
tags:
- keystone-config
- include_tasks: "keystone_{{ keystone_web_server }}.yml"
tags:
- keystone-config
- include_tasks: keystone_uwsgi.yml
tags:
- keystone-config
- name: Flush handlers
meta: flush_handlers
- include_tasks: keystone_service_bootstrap.yml
when:
- "inventory_hostname == ((groups['keystone_all'] | intersect(ansible_play_hosts)) | list)[0]"
- "keystone_service_setup | bool"
tags:
- keystone-config
- include_tasks: keystone_service_update.yml
when:
- "inventory_hostname == ((groups['keystone_all'] | intersect(ansible_play_hosts)) | list)[-1]"
- "keystone_service_setup | bool"
tags:
- keystone-config
- include_tasks: keystone_ldap_setup.yml
when: keystone_service_setup | bool
tags:
- keystone-config
- include_tasks: keystone_federation_sp_idp_setup.yml
when:
- keystone_service_setup | bool
- keystone_sp != {}
run_once: yes
tags:
- keystone-config
- name: Flush handlers
meta: flush_handlers
- include_tasks: keystone_idp_setup.yml
when: keystone_idp != {}
tags:
- keystone-config
- name: Diagnose common problems with keystone deployments
command: "{{ keystone_bin }}/keystone-manage doctor"
become: yes
become_user: "{{ keystone_system_user_name }}"
register: keystone_doctor
failed_when: not debug and keystone_doctor.rc != 0
changed_when: false
run_once: yes
tags:
- keystone-config
View Git Blame Copy Permalink