From 6202a5500ae9c5ae649abac44647e53ad2ccb726 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Wed, 12 Jan 2022 10:40:00 +0000 Subject: [PATCH] Use common service setup tasks from a collection rather than in-role Change-Id: I04531583a731d02a011f72f6d79eced434a66eaa --- tasks/main.yml | 19 +++-- tasks/mq_setup.yml | 115 ---------------------------- tasks/service_setup.yml | 162 ---------------------------------------- 3 files changed, 14 insertions(+), 282 deletions(-) delete mode 100644 tasks/mq_setup.yml delete mode 100644 tasks/service_setup.yml diff --git a/tasks/main.yml b/tasks/main.yml index 0aab1220..fe2d4b3f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -133,7 +133,12 @@ - swift-config - systemd-service -- import_tasks: mq_setup.yml +- include_role: + name: openstack.osa.mq_setup + apply: + tags: + - common-mq + - swift-config when: - _swift_proxy_is_first_play_host vars: @@ -144,10 +149,14 @@ _oslomsg_notify_vhost: "{{ swift_oslomsg_notify_vhost }}" _oslomsg_notify_transport: "{{ swift_oslomsg_notify_transport }}" tags: - - common-mq - - swift-config + - always -- import_tasks: service_setup.yml +- include_role: + name: openstack.osa.service_setup + apply: + tags: + - common-service + - swift-config vars: _service_adminuri_insecure: "{{ keystone_service_adminuri_insecure }}" _service_in_ldap: "{{ swift_service_in_ldap }}" @@ -185,7 +194,7 @@ - '"keystoneauth" in swift_middleware_list' - _swift_proxy_is_first_play_host tags: - - swift-config + - always - name: Flush handlers meta: flush_handlers diff --git a/tasks/mq_setup.yml b/tasks/mq_setup.yml deleted file mode 100644 index 655519e0..00000000 --- a/tasks/mq_setup.yml +++ /dev/null @@ -1,115 +0,0 @@ ---- -# Copyright 2018, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# WARNING: -# This file is maintained in the openstack-ansible-tests repository. -# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/mq_setup.yml -# If you need to modify this file, update the one in the openstack-ansible-tests -# repository. Once it merges there, the changes will automatically be proposed to -# all the repositories which use it. - -- name: Setup RPC MQ Service (RabbitMQ) - delegate_to: "{{ _oslomsg_rpc_setup_host }}" - when: - - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" - - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'rabbit')" - tags: - - common-rabbitmq - block: - - name: Add RPC RabbitMQ vhost - community.rabbitmq.rabbitmq_vhost: - name: "{{ _oslomsg_rpc_vhost }}" - state: "present" - - - name: Apply RPC RabbitMQ vhost policies - community.rabbitmq.rabbitmq_policy: - name: "{{ item.name }}" - pattern: "{{ item.pattern }}" - priority: "{{ item.priority | default(0) }}" - tags: "{{ item.tags }}" - state: "{{ item.state | default(omit) }}" - vhost: "{{ _oslomsg_rpc_vhost }}" - loop: "{{ _oslomsg_rpc_policies | default([]) + oslomsg_rpc_policies }}" - - - name: Add RPC RabbitMQ user - community.rabbitmq.rabbitmq_user: - user: "{{ _oslomsg_rpc_userid }}" - password: "{{ _oslomsg_rpc_password }}" - update_password: always - vhost: "{{ _oslomsg_rpc_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - no_log: true - -- name: Setup Notify MQ Service (RabbitMQ) - delegate_to: "{{ _oslomsg_notify_setup_host }}" - when: - - "(_oslomsg_configure_notify | default(_oslomsg_notify_transport is defined))" - - "(_oslomsg_notify_transport is defined) and (_oslomsg_notify_transport == 'rabbit')" - tags: - - common-rabbitmq - block: - - name: Add Notify RabbitMQ vhost - community.rabbitmq.rabbitmq_vhost: - name: "{{ _oslomsg_notify_vhost }}" - state: "present" - when: - - (_oslomsg_rpc_vhost is undefined) or - (_oslomsg_notify_vhost != _oslomsg_rpc_vhost) or - (_oslomsg_notify_setup_host != _oslomsg_rpc_setup_host) - - - name: Apply Notify RabbitMQ vhost policies - community.rabbitmq.rabbitmq_policy: - name: "{{ item.name }}" - pattern: "{{ item.pattern }}" - priority: "{{ item.priority | default(0) }}" - tags: "{{ item.tags }}" - state: "{{ item.state | default(omit) }}" - vhost: "{{ _oslomsg_notify_vhost }}" - loop: "{{ _oslomsg_notify_policies | default([]) + oslomsg_notify_policies }}" - when: - - (_oslomsg_rpc_vhost is undefined) or - (_oslomsg_notify_vhost != _oslomsg_rpc_vhost) or - (_oslomsg_notify_setup_host != _oslomsg_rpc_setup_host) - - - name: Add Notify RabbitMQ user - community.rabbitmq.rabbitmq_user: - user: "{{ _oslomsg_notify_userid }}" - password: "{{ _oslomsg_notify_password }}" - update_password: always - vhost: "{{ _oslomsg_notify_vhost }}" - configure_priv: ".*" - read_priv: ".*" - write_priv: ".*" - state: "present" - no_log: true - when: - - (_oslomsg_rpc_userid is undefined) or - (_oslomsg_notify_userid != _oslomsg_rpc_userid) or - (_oslomsg_notify_setup_host != _oslomsg_rpc_setup_host) - -- name: Setup RPC MQ Service (Qdrouterd) - delegate_to: "{{ _oslomsg_rpc_setup_host }}" - when: - - "(_oslomsg_configure_rpc | default(_oslomsg_rpc_transport is defined))" - - "(_oslomsg_rpc_transport is defined) and (_oslomsg_rpc_transport == 'amqp')" - tags: - - common-qdrouterd - block: - - name: Add RPC Qdrouterd user - shell: "echo {{ _oslomsg_rpc_password }} | saslpasswd2 -c -p -f /var/lib/qdrouterd/qdrouterd.sasldb -u AMQP {{ _oslomsg_rpc_userid }}" - no_log: true diff --git a/tasks/service_setup.yml b/tasks/service_setup.yml deleted file mode 100644 index f9200c28..00000000 --- a/tasks/service_setup.yml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# Copyright 2019, VEXXHOST, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# WARNING: -# This file is maintained in the openstack-ansible-tests repository. -# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/service_setup.yml -# If you need to modify this file, update the one in the openstack-ansible-tests -# repository. Once it merges there, the changes will automatically be proposed to -# all the repositories which use it. - -# We set the python interpreter to the ansible runtime venv if -# the delegation is to localhost so that we get access to the -# appropriate python libraries in that venv. If the delegation -# is to another host, we assume that it is accessible by the -# system python instead. - -- name: Setup the OS service - delegate_to: "{{ _service_setup_host }}" - vars: - ansible_python_interpreter: "{{ _service_setup_host_python_interpreter }}" - block: - - name: Add keystone domain - openstack.cloud.identity_domain: - cloud: default - state: present - description: "{{ _domain_name_description | default(omit) }}" - name: "{{ _domain_name }}" - endpoint_type: admin - verify: "{{ not _service_adminuri_insecure }}" - register: add_domain - when: _domain_name is defined - until: add_domain is success - retries: 5 - delay: 10 - - - name: Add service project - openstack.cloud.project: - cloud: default - state: present - name: "{{ _project_name }}" - description: "{{ _project_description | default(omit) }}" - domain_id: "{{ _project_domain | default('default') }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _project_name is defined - until: add_service is success - retries: 5 - delay: 10 - - - name: Add services to the keystone service catalog - openstack.cloud.catalog_service: - cloud: default - state: "{{ item.state | default('present') }}" - name: "{{ item.name }}" - service_type: "{{ item.type }}" - description: "{{ item.description | default('') }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - with_items: "{{ _service_catalog }}" - when: _service_catalog is defined - until: add_service is success - retries: 5 - delay: 10 - - - name: Add keystone roles - openstack.cloud.identity_role: - cloud: default - state: present - name: "{{ item.role }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _service_users is defined - - "'role' in item" - - (item.condition | default(True)) | bool - until: add_service is success - with_items: "{{ _service_users }}" - retries: 5 - delay: 10 - no_log: True - - - name: Add service users - openstack.cloud.identity_user: - cloud: default - state: present - name: "{{ item.name }}" - password: "{{ item.password }}" - domain: "{{ item.domain | default('default') }}" - default_project: "{{ item.project | default(_service_project_name) }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - update_password: always - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _service_users is defined - - "'name' in item" - - "'password' in item" - - (item.condition | default(True)) | bool - until: add_service is success - with_items: "{{ _service_users }}" - retries: 5 - delay: 10 - no_log: True - - - name: Add service users to the role - openstack.cloud.role_assignment: - cloud: default - state: present - user: "{{ item.name }}" - role: "{{ item.role }}" - project: "{{ item.project | default(_service_project_name) }}" - domain: "{{ item.domain | default(omit) }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - when: - - not (_service_in_ldap | default(False) | bool) - - _service_users is defined - - "'name' in item" - - "'role' in item" - - (item.condition | default(True)) | bool - until: add_service is success - with_items: "{{ _service_users }}" - retries: 5 - delay: 10 - no_log: True - - - name: Add endpoints to keystone endpoint catalog - openstack.cloud.endpoint: - cloud: default - state: "{{ item.state | default('present') }}" - service: "{{ item.service }}" - endpoint_interface: "{{ item.interface }}" - url: "{{ item.url }}" - region: "{{ _service_region | default('RegionOne') }}" - endpoint_type: admin - validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" - register: add_service - until: add_service is success - retries: 5 - delay: 10 - with_items: "{{ _service_endpoints }}" - when: _service_endpoints is defined