Browse Source

Merge "Execute service setup against a delegated host using Ansible built-in modules"

Zuul 8 months ago
parent
commit
0b6ba2f119

+ 10
- 7
defaults/main.yml View File

@@ -16,6 +16,11 @@
16 16
 ## Verbosity Options
17 17
 debug: False
18 18
 
19
+# Set the host which will execute the shade modules
20
+# for the service setup. The host must already have
21
+# clouds.yaml properly configured.
22
+magnum_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
23
+
19 24
 # Set the package install state for distribution and pip packages
20 25
 # Options are 'present' and 'latest'
21 26
 magnum_package_state: "latest"
@@ -118,13 +123,11 @@ magnum_glance_images: []
118 123
 #    distro: fedora-atomic              #Value for the os_distro metadata
119 124
 #    checksum: "sha1:dab00359cfa5cd393f0a6044f77c4a78c6167a47"
120 125
 
121
-magnum_requires_pip_packages:
122
-  - httplib2
123
-  - python-glanceclient
124
-  - python-keystoneclient
125
-  - pyyaml
126
-  - shade
127
-  - virtualenv
126
+# Set the directory where the downloaded images will be stored
127
+# on the magnum_service_setup_host host. If the host is localhost,
128
+# then the user running the playbook must have access to it.
129
+magnum_image_path: "{{ lookup('env', 'HOME') }}/openstack-ansible/magnum"
130
+magnum_image_path_owner: "{{ lookup('env', 'USER') }}"
128 131
 
129 132
 magnum_pip_packages:
130 133
   - magnum

+ 22
- 0
releasenotes/notes/magnum-service-setup-host-ea285f161e625980.yaml View File

@@ -0,0 +1,22 @@
1
+---
2
+features:
3
+  - |
4
+    The service setup in keystone for magnum will now be executed
5
+    through delegation to the ``magnum_service_setup_host`` which,
6
+    by default, is ``localhost`` (the deploy host). Deployers can
7
+    opt to rather change this to the utility container by implementing
8
+    the following override in ``user_variables.yml``.
9
+
10
+    .. code-block:: yaml
11
+
12
+      magnum_service_setup_host: "{{ groups['utility_all'][0] }}"
13
+  - |
14
+    Instead of downloading images to the magnum API servers, the
15
+    images will now download to the ``magnum_service_setup_host`` to
16
+    the folder set in ``magnum_image_path`` owned by
17
+    ``magnum_image_path_owner``.
18
+
19
+deprecations:
20
+  - |
21
+    The variable ``magnum_requires_pip_packages`` is no longer required
22
+    and has therefore been removed.

+ 0
- 13
tasks/magnum_install.yml View File

@@ -33,19 +33,6 @@
33 33
       {% endfor %}
34 34
   when: magnum_developer_mode | bool
35 35
 
36
-- name: Install requires pip packages
37
-  pip:
38
-    name: "{{ magnum_requires_pip_packages }}"
39
-    state: "{{ magnum_pip_package_state }}"
40
-    extra_args: >-
41
-      {{ magnum_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
42
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
43
-      {{ pip_install_options | default('') }}
44
-  register: install_packages
45
-  until: install_packages is success
46
-  retries: 5
47
-  delay: 2
48
-
49 36
 - name: Retrieve checksum for venv download
50 37
   uri:
51 38
     url: "{{ magnum_venv_download_url | replace('tgz', 'checksum') }}"

+ 0
- 23
tasks/magnum_post_install.yml View File

@@ -37,26 +37,3 @@
37 37
       config_type: "ini"
38 38
   notify:
39 39
     - Restart magnum services
40
-
41
-- name: Download magnum images
42
-  get_url:
43
-    url: "{{ item.file }}"
44
-    dest: "/var/tmp/{{ item.file | basename }}"
45
-    checksum: "{{ item.checksum | default(omit) }}"
46
-  with_items: "{{ magnum_glance_images }}"
47
-  when: inventory_hostname == groups['magnum_all'][0]
48
-
49
-- name: Upload images to Glance
50
-  os_image:
51
-    cloud: default
52
-    endpoint_type: internal
53
-    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
54
-    name: "{{ item.name }}"
55
-    disk_format: "{{ item.disk_format }}"
56
-    container_format: "{{ item.image_format }}"
57
-    is_public: "{{ item.public }}"
58
-    filename: "/var/tmp/{{ item.file | basename }}"
59
-    properties:
60
-      os_distro: "{{ item.distro }}"
61
-  with_items: "{{ magnum_glance_images }}"
62
-  when: inventory_hostname == groups['magnum_all'][0]

+ 151
- 121
tasks/magnum_service_setup.yml View File

@@ -13,130 +13,160 @@
13 13
 # See the License for the specific language governing permissions and
14 14
 # limitations under the License.
15 15
 
16
-- name: Ensure the service for Magnum exists
17
-  keystone:
18
-    command: "ensure_service"
19
-    endpoint: "{{ keystone_service_adminurl }}"
20
-    login_user: "{{ keystone_admin_user_name }}"
21
-    login_password: "{{ keystone_auth_admin_password }}"
22
-    login_project_name: "{{ keystone_admin_tenant_name }}"
23
-    insecure: "{{ keystone_service_adminuri_insecure }}"
24
-    service_name: "{{ magnum_service_name }}"
25
-    service_type: "{{ magnum_service_type }}"
26
-    description: "{{ magnum_service_description }}"
27
-  register: add_magnum_service
28
-  until: add_magnum_service is success
29
-  retries: 5
30
-  delay: 2
31
-  no_log: True
16
+# We set the python interpreter to the ansible runtime venv if
17
+# the delegation is to localhost so that we get access to the
18
+# appropriate python libraries in that venv. If the delegation
19
+# is to another host, we assume that it is accessible by the
20
+# system python instead.
21
+- name: Setup the service
22
+  delegate_to: "{{ magnum_service_setup_host }}"
23
+  vars:
24
+    ansible_python_interpreter: >-
25
+      {{ (magnum_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
26
+  block:
27
+    - name: Add service to the keystone service catalog
28
+      os_keystone_service:
29
+        cloud: default
30
+        state: present
31
+        name: "{{ magnum_service_name }}"
32
+        service_type: "{{ magnum_service_type }}"
33
+        description: "{{ magnum_service_description }}"
34
+        endpoint_type: admin
35
+        verify: "{{ not keystone_service_adminuri_insecure }}"
36
+      register: add_service
37
+      until: add_service is success
38
+      retries: 5
39
+      delay: 10
32 40
 
33
-- name: Ensure the magnum user exists
34
-  keystone:
35
-    command: "ensure_user"
36
-    endpoint: "{{ keystone_service_adminurl }}"
37
-    login_user: "{{ keystone_admin_user_name }}"
38
-    login_password: "{{ keystone_auth_admin_password }}"
39
-    login_project_name: "{{ keystone_admin_tenant_name }}"
40
-    insecure: "{{ keystone_service_adminuri_insecure }}"
41
-    user_name: "{{ magnum_service_user_name }}"
42
-    tenant_name: "{{ magnum_service_project_name }}"
43
-    password: "{{ magnum_service_password |default('changeme') }}"
44
-  register: add_magnum_user
45
-  until: add_magnum_user is success
46
-  retries: 5
47
-  delay: 2
48
-  no_log: True
41
+    - name: Add service user
42
+      os_user:
43
+        cloud: default
44
+        state: present
45
+        name: "{{ magnum_service_user_name }}"
46
+        password: "{{ magnum_service_password }}"
47
+        domain: default
48
+        default_project: "{{ magnum_service_project_name }}"
49
+        endpoint_type: admin
50
+        verify: "{{ not keystone_service_adminuri_insecure }}"
51
+      register: add_service_user
52
+      until: add_service_user is success
53
+      retries: 5
54
+      delay: 10
55
+      no_log: True
49 56
 
50
-- name: Ensure the magnum user has the admin role
51
-  keystone:
52
-    command: "ensure_user_role"
53
-    endpoint: "{{ keystone_service_adminurl }}"
54
-    login_user: "{{ keystone_admin_user_name }}"
55
-    login_password: "{{ keystone_auth_admin_password }}"
56
-    login_project_name: "{{ keystone_admin_tenant_name }}"
57
-    user_name: "{{ magnum_service_user_name }}"
58
-    tenant_name: "{{ magnum_service_project_name }}"
59
-    role_name: "{{ item }}"
60
-    insecure: "{{ keystone_service_adminuri_insecure }}"
61
-  register: ensure_magnum_roles
62
-  until: ensure_magnum_roles is success
63
-  retries: 5
64
-  delay: 2
65
-  with_items: "{{ magnum_service_role_names }}"
66
-  no_log: True
57
+    - name: Add service user to admin roles
58
+      os_user_role:
59
+        cloud: default
60
+        state: present
61
+        user: "{{ magnum_service_user_name }}"
62
+        role: "{{ item }}"
63
+        project: "{{ magnum_service_project_name }}"
64
+        endpoint_type: admin
65
+        verify: "{{ not keystone_service_adminuri_insecure }}"
66
+      register: add_service_user_role
67
+      until: add_service_user_role is success
68
+      retries: 5
69
+      delay: 10
70
+      with_items: "{{ magnum_service_role_names }}"
67 71
 
68
-- name: Ensure the magnum endpoint is registered
69
-  keystone:
70
-    command: "ensure_endpoint"
71
-    endpoint: "{{ keystone_service_adminurl }}"
72
-    login_user: "{{ keystone_admin_user_name }}"
73
-    login_password: "{{ keystone_auth_admin_password }}"
74
-    login_project_name: "{{ keystone_admin_tenant_name }}"
75
-    insecure: "{{ keystone_service_adminuri_insecure }}"
76
-    region_name: "{{ magnum_service_region }}"
77
-    service_name: "{{ magnum_service_name }}"
78
-    service_type: "{{ magnum_service_type }}"
79
-    endpoint_list:
80
-      - url: "{{ magnum_service_publicurl }}"
81
-        interface: "public"
82
-      - url: "{{ magnum_service_internalurl }}"
83
-        interface: "internal"
84
-      - url: "{{ magnum_service_adminurl }}"
85
-        interface: "admin"
86
-  register: add_magnum_endpoints
87
-  until: add_magnum_endpoints is success
88
-  retries: 5
89
-  delay: 2
90
-  no_log: True
72
+    - name: Add endpoints to keystone endpoint catalog
73
+      os_keystone_endpoint:
74
+        cloud: default
75
+        state: present
76
+        service: "{{ magnum_service_name }}"
77
+        endpoint_interface: "{{ item.interface }}"
78
+        url: "{{ item.url }}"
79
+        region: "{{ magnum_service_region }}"
80
+        endpoint_type: admin
81
+        verify: "{{ not keystone_service_adminuri_insecure }}"
82
+      register: add_service_endpoints
83
+      until: add_service_endpoints is success
84
+      retries: 5
85
+      delay: 10
86
+      with_items:
87
+        - interface: "public"
88
+          url: "{{ magnum_service_publicurl }}"
89
+        - interface: "internal"
90
+          url: "{{ magnum_service_internalurl }}"
91
+        - interface: "admin"
92
+          url: "{{ magnum_service_adminurl }}"
91 93
 
92
-- name: Ensure the magnum trustee domain exists
93
-  keystone:
94
-    command: "ensure_domain"
95
-    endpoint: "{{ keystone_service_adminurl }}"
96
-    login_user: "{{ keystone_admin_user_name }}"
97
-    login_password: "{{ keystone_auth_admin_password }}"
98
-    login_project_name: "{{ keystone_admin_tenant_name }}"
99
-    insecure: "{{ keystone_service_adminuri_insecure }}"
100
-    domain_name: "{{ magnum_trustee_domain_name }}"
101
-    domain_enabled: true
102
-  register: add_magnum_trustee_user
103
-  until: add_magnum_trustee_user is success
104
-  retries: 5
105
-  delay: 2
106
-  no_log: True
94
+    - name: Add trustee domain
95
+      os_keystone_domain:
96
+        cloud: default
97
+        state: present
98
+        name: "{{ magnum_trustee_domain_name }}"
99
+        endpoint_type: admin
100
+        verify: "{{ not keystone_service_adminuri_insecure }}"
101
+      register: add_trustee_domain
102
+      until: add_trustee_domain is success
103
+      retries: 5
104
+      delay: 10
107 105
 
108
-- name: Ensure the magnum trustee user exists
109
-  keystone:
110
-    command: "ensure_user"
111
-    endpoint: "{{ keystone_service_adminurl }}"
112
-    login_user: "{{ keystone_admin_user_name }}"
113
-    login_password: "{{ keystone_auth_admin_password }}"
114
-    login_project_name: "{{ keystone_admin_tenant_name }}"
115
-    insecure: "{{ keystone_service_adminuri_insecure }}"
116
-    user_name: "{{ magnum_trustee_domain_admin_name }}"
117
-    domain_name: "{{ magnum_trustee_domain_name }}"
118
-    project_name: "{{ magnum_service_project_name }}"
119
-    password: "{{ magnum_trustee_password |default('changeme') }}"
120
-  register: add_magnum_trustee_user
121
-  until: add_magnum_trustee_user is success
122
-  retries: 5
123
-  delay: 2
124
-  no_log: True
106
+    - name: Add trustee user
107
+      os_user:
108
+        cloud: default
109
+        state: present
110
+        name: "{{ magnum_trustee_domain_admin_name }}"
111
+        password: "{{ magnum_trustee_password }}"
112
+        domain: "{{ magnum_trustee_domain_name }}"
113
+        default_project: "{{ magnum_service_project_name }}"
114
+        endpoint_type: admin
115
+        verify: "{{ not keystone_service_adminuri_insecure }}"
116
+      register: add_trustee_user
117
+      until: add_trustee_user is success
118
+      retries: 5
119
+      delay: 10
120
+      no_log: True
125 121
 
126
-- name: Ensure the magnum user has the admin role
127
-  keystone:
128
-    command: "ensure_user_role"
129
-    endpoint: "{{ keystone_service_adminurl }}"
130
-    login_user: "{{ keystone_admin_user_name }}"
131
-    login_password: "{{ keystone_auth_admin_password }}"
132
-    login_project_name: "{{ keystone_admin_tenant_name }}"
133
-    user_name: "{{ magnum_trustee_domain_admin_name }}"
134
-    role_name: "{{ item }}"
135
-    domain_name: "{{ magnum_trustee_domain_name }}"
136
-    insecure: "{{ keystone_service_adminuri_insecure }}"
137
-  register: ensure_magnum_trustee_roles
138
-  until: ensure_magnum_trustee_roles is success
139
-  retries: 5
140
-  delay: 2
141
-  with_items: "{{ magnum_trustee_domain_admin_roles }}"
142
-  no_log: True
122
+    - name: Add trustee user to trustee domain admin roles
123
+      os_user_role:
124
+        cloud: default
125
+        state: present
126
+        user: "{{ magnum_trustee_domain_admin_name }}"
127
+        role: "{{ item }}"
128
+        domain: "{{ add_trustee_domain.id }}"
129
+        endpoint_type: admin
130
+        verify: "{{ not keystone_service_adminuri_insecure }}"
131
+      register: add_trustee_role
132
+      until: add_trustee_role is success
133
+      retries: 5
134
+      delay: 10
135
+      with_items: "{{ magnum_trustee_domain_admin_roles }}"
136
+
137
+    - name: Create image download directory
138
+      file:
139
+        path: "{{ magnum_image_path }}"
140
+        state: directory
141
+        mode: "0750"
142
+        owner: "{{ magnum_image_path_owner }}"
143
+
144
+    - name: Download images
145
+      get_url:
146
+        url: "{{ item.file }}"
147
+        dest: "{{ magnum_image_path }}/{{ item.file | basename }}"
148
+        checksum: "{{ item.checksum | default(omit) }}"
149
+      register: download_image
150
+      until: download_image is success
151
+      retries: 5
152
+      delay: 10
153
+      with_items: "{{ magnum_glance_images }}"
154
+
155
+    - name: Upload images to Glance
156
+      os_image:
157
+        cloud: default
158
+        state: present
159
+        endpoint_type: admin
160
+        verify: "{{ not keystone_service_adminuri_insecure }}"
161
+        name: "{{ item.name }}"
162
+        disk_format: "{{ item.disk_format }}"
163
+        container_format: "{{ item.image_format }}"
164
+        is_public: "{{ item.public }}"
165
+        filename: "{{ magnum_image_path }}/{{ item.file | basename }}"
166
+        properties:
167
+          os_distro: "{{ item.distro }}"
168
+      register: upload_image
169
+      until: upload_image is success
170
+      retries: 5
171
+      delay: 10
172
+      with_items: "{{ magnum_glance_images }}"

+ 1
- 0
tests/test-install-haproxy.yml View File

@@ -15,6 +15,7 @@
15 15
 
16 16
 - name: Install haproxy
17 17
   hosts: localhost
18
+  connection: local
18 19
   become: true
19 20
   roles:
20 21
     - role: "haproxy_server"

+ 1
- 1
tests/test-install-magnum.yml View File

@@ -15,7 +15,7 @@
15 15
 
16 16
 - name: Install magnum server
17 17
   hosts: magnum_all
18
-  user: root
18
+  remote_user: root
19 19
   vars_files:
20 20
     - common/test-vars.yml
21 21
   roles:

Loading…
Cancel
Save