Browse Source

Execute service setup against a delegated host using Ansible built-in modules

In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone/glance/cinder client libraries are not required any more
now that we're using the upstream modules. As there are no required packages
left, the task to install them is also removed.

Depends-On: https://review.openstack.org/582359
Depends-On: https://review.openstack.org/582579
Depends-On: https://review.openstack.org/582957
Depends-On: https://review.openstack.org/583430
Change-Id: Id3b9d57981006d3f7abbb94af5f72214db3da6cb
Jesse Pretorius 9 months ago
parent
commit
5678153fa9

+ 10
- 7
defaults/main.yml View File

@@ -16,6 +16,11 @@
16 16
 ## Verbosity Options
17 17
 debug: False
18 18
 
19
+# Set the host which will execute the shade modules
20
+# for the service setup. The host must already have
21
+# clouds.yaml properly configured.
22
+magnum_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
23
+
19 24
 # Set the package install state for distribution and pip packages
20 25
 # Options are 'present' and 'latest'
21 26
 magnum_package_state: "latest"
@@ -118,13 +123,11 @@ magnum_glance_images: []
118 123
 #    distro: fedora-atomic              #Value for the os_distro metadata
119 124
 #    checksum: "sha1:dab00359cfa5cd393f0a6044f77c4a78c6167a47"
120 125
 
121
-magnum_requires_pip_packages:
122
-  - httplib2
123
-  - python-glanceclient
124
-  - python-keystoneclient
125
-  - pyyaml
126
-  - shade
127
-  - virtualenv
126
+# Set the directory where the downloaded images will be stored
127
+# on the magnum_service_setup_host host. If the host is localhost,
128
+# then the user running the playbook must have access to it.
129
+magnum_image_path: "{{ lookup('env', 'HOME') }}/openstack-ansible/magnum"
130
+magnum_image_path_owner: "{{ lookup('env', 'USER') }}"
128 131
 
129 132
 magnum_pip_packages:
130 133
   - magnum

+ 22
- 0
releasenotes/notes/magnum-service-setup-host-ea285f161e625980.yaml View File

@@ -0,0 +1,22 @@
1
+---
2
+features:
3
+  - |
4
+    The service setup in keystone for magnum will now be executed
5
+    through delegation to the ``magnum_service_setup_host`` which,
6
+    by default, is ``localhost`` (the deploy host). Deployers can
7
+    opt to rather change this to the utility container by implementing
8
+    the following override in ``user_variables.yml``.
9
+
10
+    .. code-block:: yaml
11
+
12
+      magnum_service_setup_host: "{{ groups['utility_all'][0] }}"
13
+  - |
14
+    Instead of downloading images to the magnum API servers, the
15
+    images will now download to the ``magnum_service_setup_host`` to
16
+    the folder set in ``magnum_image_path`` owned by
17
+    ``magnum_image_path_owner``.
18
+
19
+deprecations:
20
+  - |
21
+    The variable ``magnum_requires_pip_packages`` is no longer required
22
+    and has therefore been removed.

+ 0
- 13
tasks/magnum_install.yml View File

@@ -33,19 +33,6 @@
33 33
       {% endfor %}
34 34
   when: magnum_developer_mode | bool
35 35
 
36
-- name: Install requires pip packages
37
-  pip:
38
-    name: "{{ magnum_requires_pip_packages }}"
39
-    state: "{{ magnum_pip_package_state }}"
40
-    extra_args: >-
41
-      {{ magnum_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
42
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
43
-      {{ pip_install_options | default('') }}
44
-  register: install_packages
45
-  until: install_packages is success
46
-  retries: 5
47
-  delay: 2
48
-
49 36
 - name: Retrieve checksum for venv download
50 37
   uri:
51 38
     url: "{{ magnum_venv_download_url | replace('tgz', 'checksum') }}"

+ 0
- 23
tasks/magnum_post_install.yml View File

@@ -37,26 +37,3 @@
37 37
       config_type: "ini"
38 38
   notify:
39 39
     - Restart magnum services
40
-
41
-- name: Download magnum images
42
-  get_url:
43
-    url: "{{ item.file }}"
44
-    dest: "/var/tmp/{{ item.file | basename }}"
45
-    checksum: "{{ item.checksum | default(omit) }}"
46
-  with_items: "{{ magnum_glance_images }}"
47
-  when: inventory_hostname == groups['magnum_all'][0]
48
-
49
-- name: Upload images to Glance
50
-  os_image:
51
-    cloud: default
52
-    endpoint_type: internal
53
-    validate_certs: "{{ keystone_service_internaluri_insecure | ternary(false, true) }}"
54
-    name: "{{ item.name }}"
55
-    disk_format: "{{ item.disk_format }}"
56
-    container_format: "{{ item.image_format }}"
57
-    is_public: "{{ item.public }}"
58
-    filename: "/var/tmp/{{ item.file | basename }}"
59
-    properties:
60
-      os_distro: "{{ item.distro }}"
61
-  with_items: "{{ magnum_glance_images }}"
62
-  when: inventory_hostname == groups['magnum_all'][0]

+ 151
- 121
tasks/magnum_service_setup.yml View File

@@ -13,130 +13,160 @@
13 13
 # See the License for the specific language governing permissions and
14 14
 # limitations under the License.
15 15
 
16
-- name: Ensure the service for Magnum exists
17
-  keystone:
18
-    command: "ensure_service"
19
-    endpoint: "{{ keystone_service_adminurl }}"
20
-    login_user: "{{ keystone_admin_user_name }}"
21
-    login_password: "{{ keystone_auth_admin_password }}"
22
-    login_project_name: "{{ keystone_admin_tenant_name }}"
23
-    insecure: "{{ keystone_service_adminuri_insecure }}"
24
-    service_name: "{{ magnum_service_name }}"
25
-    service_type: "{{ magnum_service_type }}"
26
-    description: "{{ magnum_service_description }}"
27
-  register: add_magnum_service
28
-  until: add_magnum_service is success
29
-  retries: 5
30
-  delay: 2
31
-  no_log: True
16
+# We set the python interpreter to the ansible runtime venv if
17
+# the delegation is to localhost so that we get access to the
18
+# appropriate python libraries in that venv. If the delegation
19
+# is to another host, we assume that it is accessible by the
20
+# system python instead.
21
+- name: Setup the service
22
+  delegate_to: "{{ magnum_service_setup_host }}"
23
+  vars:
24
+    ansible_python_interpreter: >-
25
+      {{ (magnum_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
26
+  block:
27
+    - name: Add service to the keystone service catalog
28
+      os_keystone_service:
29
+        cloud: default
30
+        state: present
31
+        name: "{{ magnum_service_name }}"
32
+        service_type: "{{ magnum_service_type }}"
33
+        description: "{{ magnum_service_description }}"
34
+        endpoint_type: admin
35
+        verify: "{{ not keystone_service_adminuri_insecure }}"
36
+      register: add_service
37
+      until: add_service is success
38
+      retries: 5
39
+      delay: 10
32 40
 
33
-- name: Ensure the magnum user exists
34
-  keystone:
35
-    command: "ensure_user"
36
-    endpoint: "{{ keystone_service_adminurl }}"
37
-    login_user: "{{ keystone_admin_user_name }}"
38
-    login_password: "{{ keystone_auth_admin_password }}"
39
-    login_project_name: "{{ keystone_admin_tenant_name }}"
40
-    insecure: "{{ keystone_service_adminuri_insecure }}"
41
-    user_name: "{{ magnum_service_user_name }}"
42
-    tenant_name: "{{ magnum_service_project_name }}"
43
-    password: "{{ magnum_service_password |default('changeme') }}"
44
-  register: add_magnum_user
45
-  until: add_magnum_user is success
46
-  retries: 5
47
-  delay: 2
48
-  no_log: True
41
+    - name: Add service user
42
+      os_user:
43
+        cloud: default
44
+        state: present
45
+        name: "{{ magnum_service_user_name }}"
46
+        password: "{{ magnum_service_password }}"
47
+        domain: default
48
+        default_project: "{{ magnum_service_project_name }}"
49
+        endpoint_type: admin
50
+        verify: "{{ not keystone_service_adminuri_insecure }}"
51
+      register: add_service_user
52
+      until: add_service_user is success
53
+      retries: 5
54
+      delay: 10
55
+      no_log: True
49 56
 
50
-- name: Ensure the magnum user has the admin role
51
-  keystone:
52
-    command: "ensure_user_role"
53
-    endpoint: "{{ keystone_service_adminurl }}"
54
-    login_user: "{{ keystone_admin_user_name }}"
55
-    login_password: "{{ keystone_auth_admin_password }}"
56
-    login_project_name: "{{ keystone_admin_tenant_name }}"
57
-    user_name: "{{ magnum_service_user_name }}"
58
-    tenant_name: "{{ magnum_service_project_name }}"
59
-    role_name: "{{ item }}"
60
-    insecure: "{{ keystone_service_adminuri_insecure }}"
61
-  register: ensure_magnum_roles
62
-  until: ensure_magnum_roles is success
63
-  retries: 5
64
-  delay: 2
65
-  with_items: "{{ magnum_service_role_names }}"
66
-  no_log: True
57
+    - name: Add service user to admin roles
58
+      os_user_role:
59
+        cloud: default
60
+        state: present
61
+        user: "{{ magnum_service_user_name }}"
62
+        role: "{{ item }}"
63
+        project: "{{ magnum_service_project_name }}"
64
+        endpoint_type: admin
65
+        verify: "{{ not keystone_service_adminuri_insecure }}"
66
+      register: add_service_user_role
67
+      until: add_service_user_role is success
68
+      retries: 5
69
+      delay: 10
70
+      with_items: "{{ magnum_service_role_names }}"
67 71
 
68
-- name: Ensure the magnum endpoint is registered
69
-  keystone:
70
-    command: "ensure_endpoint"
71
-    endpoint: "{{ keystone_service_adminurl }}"
72
-    login_user: "{{ keystone_admin_user_name }}"
73
-    login_password: "{{ keystone_auth_admin_password }}"
74
-    login_project_name: "{{ keystone_admin_tenant_name }}"
75
-    insecure: "{{ keystone_service_adminuri_insecure }}"
76
-    region_name: "{{ magnum_service_region }}"
77
-    service_name: "{{ magnum_service_name }}"
78
-    service_type: "{{ magnum_service_type }}"
79
-    endpoint_list:
80
-      - url: "{{ magnum_service_publicurl }}"
81
-        interface: "public"
82
-      - url: "{{ magnum_service_internalurl }}"
83
-        interface: "internal"
84
-      - url: "{{ magnum_service_adminurl }}"
85
-        interface: "admin"
86
-  register: add_magnum_endpoints
87
-  until: add_magnum_endpoints is success
88
-  retries: 5
89
-  delay: 2
90
-  no_log: True
72
+    - name: Add endpoints to keystone endpoint catalog
73
+      os_keystone_endpoint:
74
+        cloud: default
75
+        state: present
76
+        service: "{{ magnum_service_name }}"
77
+        endpoint_interface: "{{ item.interface }}"
78
+        url: "{{ item.url }}"
79
+        region: "{{ magnum_service_region }}"
80
+        endpoint_type: admin
81
+        verify: "{{ not keystone_service_adminuri_insecure }}"
82
+      register: add_service_endpoints
83
+      until: add_service_endpoints is success
84
+      retries: 5
85
+      delay: 10
86
+      with_items:
87
+        - interface: "public"
88
+          url: "{{ magnum_service_publicurl }}"
89
+        - interface: "internal"
90
+          url: "{{ magnum_service_internalurl }}"
91
+        - interface: "admin"
92
+          url: "{{ magnum_service_adminurl }}"
91 93
 
92
-- name: Ensure the magnum trustee domain exists
93
-  keystone:
94
-    command: "ensure_domain"
95
-    endpoint: "{{ keystone_service_adminurl }}"
96
-    login_user: "{{ keystone_admin_user_name }}"
97
-    login_password: "{{ keystone_auth_admin_password }}"
98
-    login_project_name: "{{ keystone_admin_tenant_name }}"
99
-    insecure: "{{ keystone_service_adminuri_insecure }}"
100
-    domain_name: "{{ magnum_trustee_domain_name }}"
101
-    domain_enabled: true
102
-  register: add_magnum_trustee_user
103
-  until: add_magnum_trustee_user is success
104
-  retries: 5
105
-  delay: 2
106
-  no_log: True
94
+    - name: Add trustee domain
95
+      os_keystone_domain:
96
+        cloud: default
97
+        state: present
98
+        name: "{{ magnum_trustee_domain_name }}"
99
+        endpoint_type: admin
100
+        verify: "{{ not keystone_service_adminuri_insecure }}"
101
+      register: add_trustee_domain
102
+      until: add_trustee_domain is success
103
+      retries: 5
104
+      delay: 10
107 105
 
108
-- name: Ensure the magnum trustee user exists
109
-  keystone:
110
-    command: "ensure_user"
111
-    endpoint: "{{ keystone_service_adminurl }}"
112
-    login_user: "{{ keystone_admin_user_name }}"
113
-    login_password: "{{ keystone_auth_admin_password }}"
114
-    login_project_name: "{{ keystone_admin_tenant_name }}"
115
-    insecure: "{{ keystone_service_adminuri_insecure }}"
116
-    user_name: "{{ magnum_trustee_domain_admin_name }}"
117
-    domain_name: "{{ magnum_trustee_domain_name }}"
118
-    project_name: "{{ magnum_service_project_name }}"
119
-    password: "{{ magnum_trustee_password |default('changeme') }}"
120
-  register: add_magnum_trustee_user
121
-  until: add_magnum_trustee_user is success
122
-  retries: 5
123
-  delay: 2
124
-  no_log: True
106
+    - name: Add trustee user
107
+      os_user:
108
+        cloud: default
109
+        state: present
110
+        name: "{{ magnum_trustee_domain_admin_name }}"
111
+        password: "{{ magnum_trustee_password }}"
112
+        domain: "{{ magnum_trustee_domain_name }}"
113
+        default_project: "{{ magnum_service_project_name }}"
114
+        endpoint_type: admin
115
+        verify: "{{ not keystone_service_adminuri_insecure }}"
116
+      register: add_trustee_user
117
+      until: add_trustee_user is success
118
+      retries: 5
119
+      delay: 10
120
+      no_log: True
125 121
 
126
-- name: Ensure the magnum user has the admin role
127
-  keystone:
128
-    command: "ensure_user_role"
129
-    endpoint: "{{ keystone_service_adminurl }}"
130
-    login_user: "{{ keystone_admin_user_name }}"
131
-    login_password: "{{ keystone_auth_admin_password }}"
132
-    login_project_name: "{{ keystone_admin_tenant_name }}"
133
-    user_name: "{{ magnum_trustee_domain_admin_name }}"
134
-    role_name: "{{ item }}"
135
-    domain_name: "{{ magnum_trustee_domain_name }}"
136
-    insecure: "{{ keystone_service_adminuri_insecure }}"
137
-  register: ensure_magnum_trustee_roles
138
-  until: ensure_magnum_trustee_roles is success
139
-  retries: 5
140
-  delay: 2
141
-  with_items: "{{ magnum_trustee_domain_admin_roles }}"
142
-  no_log: True
122
+    - name: Add trustee user to trustee domain admin roles
123
+      os_user_role:
124
+        cloud: default
125
+        state: present
126
+        user: "{{ magnum_trustee_domain_admin_name }}"
127
+        role: "{{ item }}"
128
+        domain: "{{ add_trustee_domain.id }}"
129
+        endpoint_type: admin
130
+        verify: "{{ not keystone_service_adminuri_insecure }}"
131
+      register: add_trustee_role
132
+      until: add_trustee_role is success
133
+      retries: 5
134
+      delay: 10
135
+      with_items: "{{ magnum_trustee_domain_admin_roles }}"
136
+
137
+    - name: Create image download directory
138
+      file:
139
+        path: "{{ magnum_image_path }}"
140
+        state: directory
141
+        mode: "0750"
142
+        owner: "{{ magnum_image_path_owner }}"
143
+
144
+    - name: Download images
145
+      get_url:
146
+        url: "{{ item.file }}"
147
+        dest: "{{ magnum_image_path }}/{{ item.file | basename }}"
148
+        checksum: "{{ item.checksum | default(omit) }}"
149
+      register: download_image
150
+      until: download_image is success
151
+      retries: 5
152
+      delay: 10
153
+      with_items: "{{ magnum_glance_images }}"
154
+
155
+    - name: Upload images to Glance
156
+      os_image:
157
+        cloud: default
158
+        state: present
159
+        endpoint_type: admin
160
+        verify: "{{ not keystone_service_adminuri_insecure }}"
161
+        name: "{{ item.name }}"
162
+        disk_format: "{{ item.disk_format }}"
163
+        container_format: "{{ item.image_format }}"
164
+        is_public: "{{ item.public }}"
165
+        filename: "{{ magnum_image_path }}/{{ item.file | basename }}"
166
+        properties:
167
+          os_distro: "{{ item.distro }}"
168
+      register: upload_image
169
+      until: upload_image is success
170
+      retries: 5
171
+      delay: 10
172
+      with_items: "{{ magnum_glance_images }}"

+ 1
- 0
tests/test-install-haproxy.yml View File

@@ -15,6 +15,7 @@
15 15
 
16 16
 - name: Install haproxy
17 17
   hosts: localhost
18
+  connection: local
18 19
   become: true
19 20
   roles:
20 21
     - role: "haproxy_server"

+ 1
- 1
tests/test-install-magnum.yml View File

@@ -15,7 +15,7 @@
15 15
 
16 16
 - name: Install magnum server
17 17
   hosts: magnum_all
18
-  user: root
18
+  remote_user: root
19 19
   vars_files:
20 20
     - common/test-vars.yml
21 21
   roles:

Loading…
Cancel
Save