Merge "Execute service setup against a delegated host using Ansible built-in modules"
This commit is contained in:
commit
ff469e2e02
@ -26,6 +26,11 @@ nova_ceilometer_enabled: False
|
||||
## Verbosity Options
|
||||
debug: False
|
||||
|
||||
# Set the host which will execute the shade modules
|
||||
# for the service setup. The host must already have
|
||||
# clouds.yaml properly configured.
|
||||
nova_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
|
||||
|
||||
# Set the package install state for distribution and pip packages
|
||||
# Options are 'present' and 'latest'
|
||||
nova_package_state: "latest"
|
||||
@ -528,10 +533,6 @@ nova_services:
|
||||
nova_novnc_pip_packages:
|
||||
- websockify
|
||||
|
||||
# nova packages that must be installed before anything else
|
||||
nova_requires_pip_packages:
|
||||
- virtualenv
|
||||
|
||||
nova_compute_ironic_pip_packages:
|
||||
- python-ironicclient
|
||||
|
||||
@ -545,6 +546,7 @@ nova_pip_packages:
|
||||
- python-keystoneclient
|
||||
- python-memcached
|
||||
- python-novaclient
|
||||
- python-openstackclient
|
||||
- uWSGI
|
||||
|
||||
nova_compute_lxd_pip_packages:
|
||||
|
@ -64,17 +64,6 @@
|
||||
delay: 2
|
||||
listen: "Restart nova services"
|
||||
|
||||
- name: Wait for the nova-compute service to initialize
|
||||
command: "openstack --os-cloud default compute service list --service nova-compute --format value --column Host"
|
||||
register: _compute_host_list
|
||||
retries: 10
|
||||
delay: 5
|
||||
until: "ansible_nodename in _compute_host_list.stdout_lines"
|
||||
when:
|
||||
- "nova_services['nova-compute']['group'] in group_names"
|
||||
- "nova_discover_hosts_in_cells_interval | int < 1"
|
||||
listen: "Restart nova services"
|
||||
|
||||
- meta: noop
|
||||
listen: Manage LB
|
||||
when: false
|
||||
|
@ -40,4 +40,3 @@ galaxy_info:
|
||||
dependencies:
|
||||
- apt_package_pinning
|
||||
- galera_client
|
||||
- openstack_openrc
|
||||
|
@ -0,0 +1,17 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
The service setup in keystone for nova will now be executed
|
||||
through delegation to the ``nova_service_setup_host`` which,
|
||||
by default, is ``localhost`` (the deploy host). Deployers can
|
||||
opt to rather change this to the utility container by implementing
|
||||
the following override in ``user_variables.yml``.
|
||||
|
||||
.. code-block:: yaml
|
||||
|
||||
nova_service_setup_host: "{{ groups['utility_all'][0] }}"
|
||||
|
||||
deprecations:
|
||||
- |
|
||||
The variable ``nova_requires_pip_packages`` is no longer required
|
||||
and has therefore been removed.
|
@ -179,6 +179,20 @@
|
||||
- name: Flush handlers
|
||||
meta: flush_handlers
|
||||
|
||||
# We delegate this back to the conductor because that is
|
||||
# where we want to isolate the clouds.yaml configuration,
|
||||
# rather than have it implemented on all compute nodes.
|
||||
- import_tasks: nova_compute_wait.yml
|
||||
delegate_to: "{{ first_conductor }}"
|
||||
when:
|
||||
- "nova_services['nova-compute']['group'] in group_names"
|
||||
- "nova_discover_hosts_in_cells_interval | int < 1"
|
||||
vars:
|
||||
first_conductor: "{{ groups[nova_services['nova-conductor']['group']][0] }}"
|
||||
compute_host_to_wait_for: "{{ ansible_nodename }}"
|
||||
tags:
|
||||
- nova-config
|
||||
|
||||
# We have to delegate this back to the conductor
|
||||
# because the compute hosts do not have access to
|
||||
# the database connection string and therefore
|
||||
|
30
tasks/nova_compute_wait.yml
Normal file
30
tasks/nova_compute_wait.yml
Normal file
@ -0,0 +1,30 @@
|
||||
---
|
||||
# Copyright 2017, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Implement openrc/clouds.yaml
|
||||
include_role:
|
||||
name: "openstack_openrc"
|
||||
|
||||
- name: Set the delegated task facts
|
||||
set_fact:
|
||||
_wait_nova_bin: "{{ hostvars[first_conductor]['nova_bin'] | default(nova_bin) }}"
|
||||
|
||||
- name: Wait for the nova-compute service to initialize
|
||||
command: "{{ _wait_nova_bin }}/openstack --os-cloud default compute service list --service nova-compute --format value --column Host"
|
||||
changed_when: false
|
||||
register: _compute_host_list
|
||||
retries: 10
|
||||
delay: 5
|
||||
until: "compute_host_to_wait_for in _compute_host_list.stdout_lines"
|
@ -25,21 +25,6 @@
|
||||
tags:
|
||||
- nova-pip-packages
|
||||
|
||||
- name: Install required pip packages
|
||||
pip:
|
||||
name: "{{ nova_requires_pip_packages }}"
|
||||
state: "{{ nova_pip_package_state }}"
|
||||
extra_args: >-
|
||||
{{ nova_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
|
||||
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
|
||||
{{ pip_install_options | default('') }}
|
||||
register: install_packages
|
||||
until: install_packages is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
tags:
|
||||
- nova-pip-packages
|
||||
|
||||
- name: Retrieve checksum for venv download
|
||||
uri:
|
||||
url: "{{ nova_venv_download_url | replace('tgz', 'checksum') }}"
|
||||
|
@ -13,194 +13,120 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Create a service
|
||||
- name: Ensure nova service
|
||||
keystone:
|
||||
command: "ensure_service"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
service_name: "{{ nova_service_name }}"
|
||||
service_type: "{{ nova_service_type }}"
|
||||
description: "{{ nova_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
- nova-setup
|
||||
# We set the python interpreter to the ansible runtime venv if
|
||||
# the delegation is to localhost so that we get access to the
|
||||
# appropriate python libraries in that venv. If the delegation
|
||||
# is to another host, we assume that it is accessible by the
|
||||
# system python instead.
|
||||
- name: Setup the service
|
||||
delegate_to: "{{ nova_service_setup_host }}"
|
||||
vars:
|
||||
ansible_python_interpreter: >-
|
||||
{{ (nova_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
|
||||
block:
|
||||
- name: Add services to the keystone service catalog
|
||||
os_keystone_service:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ item.name }}"
|
||||
service_type: "{{ item.service_type }}"
|
||||
description: "{{ item.description }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_items:
|
||||
- name: "{{ nova_service_name }}"
|
||||
service_type: "{{ nova_service_type }}"
|
||||
description: "{{ nova_service_description }}"
|
||||
- name: "{{ nova_placement_service_name }}"
|
||||
service_type: "{{ nova_placement_service_type }}"
|
||||
description: "{{ nova_placement_service_description }}"
|
||||
|
||||
# Create an admin user
|
||||
- name: Ensure nova user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ nova_service_user_name }}"
|
||||
tenant_name: "{{ nova_service_project_name }}"
|
||||
password: "{{ nova_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when:
|
||||
- not nova_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
- nova-setup
|
||||
- name: Add service users
|
||||
os_user:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
domain: default
|
||||
default_project: "{{ item.default_project }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: "{{ item.condition }}"
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
with_items:
|
||||
- name: "{{ nova_service_user_name }}"
|
||||
password: "{{ nova_service_password }}"
|
||||
default_project: "{{ nova_service_project_name }}"
|
||||
condition: "{{ not nova_service_in_ldap | bool }}"
|
||||
- name: "{{ nova_placement_service_username }}"
|
||||
password: "{{ nova_placement_service_password }}"
|
||||
default_project: "{{ nova_placement_service_project_name }}"
|
||||
condition: "{{ not nova_service_in_ldap | bool }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
|
||||
# Add a role to the user
|
||||
- name: Ensure nova user to admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ nova_service_user_name }}"
|
||||
tenant_name: "{{ nova_service_project_name }}"
|
||||
role_name: "{{ nova_service_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when:
|
||||
- not nova_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
- nova-setup
|
||||
- name: Add service users to admin roles
|
||||
os_user_role:
|
||||
cloud: default
|
||||
state: present
|
||||
user: "{{ item.user }}"
|
||||
role: "{{ item.role }}"
|
||||
project: "{{ item.project }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: "{{ item.condition }}"
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_items:
|
||||
- user: "{{ nova_service_user_name }}"
|
||||
role: "{{ nova_service_role_name }}"
|
||||
project: "{{ nova_service_project_name }}"
|
||||
condition: "{{ not nova_service_in_ldap | bool }}"
|
||||
- user: "{{ nova_placement_service_username }}"
|
||||
role: "{{ nova_placement_service_role_name }}"
|
||||
project: "{{ nova_placement_service_project_name }}"
|
||||
condition: "{{ not nova_placement_service_in_ldap | bool }}"
|
||||
|
||||
# Create an endpoint
|
||||
- name: Ensure nova endpoint
|
||||
keystone:
|
||||
command: "ensure_endpoint"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
region_name: "{{ nova_service_region }}"
|
||||
service_name: "{{ nova_service_name }}"
|
||||
service_type: "{{ nova_service_type }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
endpoint_list:
|
||||
- url: "{{ nova_service_publicurl }}"
|
||||
interface: "public"
|
||||
- url: "{{ nova_service_internalurl }}"
|
||||
interface: "internal"
|
||||
- url: "{{ nova_service_adminurl }}"
|
||||
interface: "admin"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
- nova-setup
|
||||
|
||||
# Create a service
|
||||
- name: Ensure nova placement service
|
||||
keystone:
|
||||
command: "ensure_service"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
service_name: "{{ nova_placement_service_name }}"
|
||||
service_type: "{{ nova_placement_service_type }}"
|
||||
description: "{{ nova_placement_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
|
||||
# Create an admin user
|
||||
- name: Ensure nova placement user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ nova_placement_service_username }}"
|
||||
tenant_name: "{{ nova_placement_service_project_name }}"
|
||||
password: "{{ nova_placement_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not nova_placement_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
|
||||
# Add a role to the user
|
||||
- name: Ensure nova user to admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ nova_placement_service_username }}"
|
||||
tenant_name: "{{ nova_placement_service_project_name }}"
|
||||
role_name: "{{ nova_placement_service_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not nova_placement_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
|
||||
# Create an endpoint
|
||||
- name: Ensure nova endpoint
|
||||
keystone:
|
||||
command: "ensure_endpoint"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
region_name: "{{ nova_placement_service_region }}"
|
||||
service_name: "{{ nova_placement_service_name }}"
|
||||
service_type: "{{ nova_placement_service_type }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
endpoint_list:
|
||||
- url: "{{ nova_placement_service_publicurl }}"
|
||||
interface: "public"
|
||||
- url: "{{ nova_placement_service_internalurl }}"
|
||||
interface: "internal"
|
||||
- url: "{{ nova_placement_service_adminurl }}"
|
||||
interface: "admin"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- nova-api-setup
|
||||
- nova-service-add
|
||||
- name: Add endpoints to keystone endpoint catalog
|
||||
os_keystone_endpoint:
|
||||
cloud: default
|
||||
state: present
|
||||
service: "{{ item.service }}"
|
||||
endpoint_interface: "{{ item.interface }}"
|
||||
url: "{{ item.url }}"
|
||||
region: "{{ nova_service_region }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_items:
|
||||
- service: "{{ nova_service_name }}"
|
||||
interface: "public"
|
||||
url: "{{ nova_service_publicurl }}"
|
||||
- service: "{{ nova_service_name }}"
|
||||
interface: "internal"
|
||||
url: "{{ nova_service_internalurl }}"
|
||||
- service: "{{ nova_service_name }}"
|
||||
interface: "admin"
|
||||
url: "{{ nova_service_adminurl }}"
|
||||
- service: "{{ nova_placement_service_name }}"
|
||||
interface: "public"
|
||||
url: "{{ nova_placement_service_publicurl }}"
|
||||
- service: "{{ nova_placement_service_name }}"
|
||||
interface: "internal"
|
||||
url: "{{ nova_placement_service_internalurl }}"
|
||||
- service: "{{ nova_placement_service_name }}"
|
||||
interface: "admin"
|
||||
url: "{{ nova_placement_service_adminurl }}"
|
||||
|
Loading…
x
Reference in New Issue
Block a user