openstack
/
openstack-ansible-tests
Code Issues Proposed changes

Ensure remote_user and become are consistently implemented 

It makes no sense to use become when you're connecting to a
host via the root remote_user. As such, we remove all uses of
'become: true' from the test plays with the exception of the
'test-prepare-keys.yml' playbook which uses a local connection
rather than a remote one and it therefore needs to use become.

We also transition all plays to use 'remote_user' which is the
correct parameter to replace 'user' (since ansible 1.4).

Finally, we switch the horizon nova service setup to its own
playbook using a local connection and the upstream keystone
modules.

Change-Id: I20517c22f07b1bb811a51d8c63741604360fe7f8
This commit is contained in:
Jesse Pretorius 2018-07-04 13:47:51 +01:00
parent aa0a76ce9c
commit 839aec5abe
23 changed files with 101 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
destroy_containers.yml
View File

@ -15,7 +15,7 @@
- name: Playbook for destroying test containers
hosts: all_containers
become: true
remote_user: root
gather_facts: false
tasks:
- name: Destroy a container

6
test-install-cinder.yml
View File

@ -15,8 +15,7 @@
- name: Deploy cinder API services
hosts: cinder_api
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
pre_tasks:
@ -50,8 +49,7 @@
- name: Deploy the rest of cinder
hosts: "cinder_all:!cinder_api"
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

3
test-install-etcd.yml
View File

@ -15,8 +15,7 @@
- name: Deploy etcd
hosts: etcd_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

3
test-install-galera.yml
View File

@ -15,8 +15,7 @@
- name: Deploy galera
hosts: galera_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

3
test-install-glance.yml
View File

@ -15,8 +15,7 @@
- name: Playbook for deploying glance
hosts: glance_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
pre_tasks:

3
test-install-gnocchi.yml
View File

@ -15,8 +15,7 @@
- name: Deploy gnocchi
hosts: gnocchi_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

2
test-install-haproxy.yml
View File

@ -15,7 +15,7 @@
- name: Install haproxy
hosts: localhost
become: true
remote_user: root
any_errors_fatal: true
roles:
- role: "haproxy_server"

3
test-install-heat.yml
View File

@ -15,8 +15,7 @@
- name: Playbook for deploying heat
hosts: heat_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
pre_tasks:

77
test-install-horizon.yml
View File

@ -15,51 +15,54 @@
- name: Playbook for deploying horizon
hosts: horizon_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
vars_files:
- test-vars.yml
roles:
- role: "os_horizon"
post_tasks:
- name: Ensure nova service
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ nova_service_name }}"
- name: Playbook to add nova service and endpoint (required by Horizon)
hosts: localhost
connection: local
gather_facts: false
any_errors_fatal: true
vars:
ansible_python_interpreter: "{{ ansible_playbook_python }}"
vars_files:
- test-vars.yml
tasks:
- name: Add nova service to the keystone service catalog
os_keystone_service:
cloud: default
state: present
name: "{{ nova_service_name }}"
service_type: "{{ nova_service_type }}"
description: "{{ nova_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_type: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
no_log: true
- name: Ensure nova endpoint
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ nova_service_region }}"
service_name: "{{ nova_service_name }}"
service_type: "{{ nova_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ nova_service_publicurl }}"
interface: "public"
- url: "{{ nova_service_internalurl }}"
interface: "internal"
- url: "{{ nova_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
until: add_service is success
retries: 5
delay: 10
no_log: true
- name: Add nova endpoints to keystone endpoint catalog
os_keystone_endpoint:
cloud: default
state: present
service: "{{ nova_service_name }}"
endpoint_interface: "{{ item.interface }}"
url: "{{ item.url }}"
region: "{{ nova_service_region }}"
register: add_service
until: add_service is success
retries: 5
delay: 10
with_items:
- interface: "public"
url: "{{ nova_service_publicurl }}"
- interface: "internal"
url: "{{ nova_service_internalurl }}"
- interface: "admin"
url: "{{ nova_service_adminurl }}"

1
test-install-ironic.yml
View File

@ -16,7 +16,6 @@
- name: Playbook for installing Ironic
hosts: ironic_all
remote_user: root
become: true
gather_facts: true
any_errors_fatal: true
pre_tasks:

9
test-install-keystone.yml
View File

@ -17,8 +17,7 @@
hosts: keystone_all[0]
gather_facts: true
any_errors_fatal: true
user: root
become: true
remote_user: root
vars_files:
- test-vars.yml
tasks:
@ -49,8 +48,7 @@
- name: Playbook for deploying keystone
hosts: keystone_all
serial: 1
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
vars_files:
@ -79,8 +77,7 @@
- name: Playbook for finalising the keystone db migrations
hosts: keystone_all[0]
user: root
become: true
remote_user: root
gather_facts: false
any_errors_fatal: true
vars_files:

3
test-install-memcached.yml
View File

@ -15,8 +15,7 @@
- name: Deploy memcached
hosts: memcached_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

12
test-install-neutron.yml
View File

@ -17,8 +17,10 @@
- name: Make /lib/modules accessible on neutron_agent containers
hosts: neutron_agent
user: root
become: true
# We explicitly do not use 'remote_user: root' here because the
# play totally fails to apply the extra container config through
# delegation.
become: True
gather_facts: true
any_errors_fatal: true
vars:
@ -53,8 +55,7 @@
- name: Prepare for neutron services
hosts: neutron_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
vars:
@ -106,8 +107,7 @@
- name: Deploy neutron server
hosts: neutron_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

9
test-install-nova.yml
View File

@ -17,8 +17,7 @@
- name: Prepare for nova services
hosts: nova_all
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
vars:
@ -79,8 +78,7 @@
- name: Deploy nova control plane
hosts: "nova_all:!nova_compute"
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:
@ -90,8 +88,7 @@
- name: Deploy nova compute
hosts: "nova_compute"
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

2
test-install-openstack-hosts.yml
View File

@ -15,7 +15,7 @@
- name: Execute the openstack-host role
hosts: localhost
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
pre_tasks:

7
test-install-rabbitmq.yml
View File

@ -18,7 +18,7 @@
# facts before continuing.
- name: Gather facts
hosts: "rabbitmq_all"
user: root
remote_user: root
gather_facts: true
# The cluster must be stopped when doing major/minor upgrades
@ -27,7 +27,7 @@
hosts: "rabbitmq_all[1:]"
serial: 1
any_errors_fatal: true
user: root
remote_user: root
tasks:
- name: "Stop RabbitMQ"
service:
@ -39,8 +39,7 @@
- name: Deploy Rabbitmq
hosts: rabbitmq_all
serial: 1
user: root
become: true
remote_user: root
gather_facts: true
any_errors_fatal: true
roles:

1
test-install-sahara.yml
View File

@ -16,7 +16,6 @@
- name: Playbook for installing Ironic
hosts: sahara_all
remote_user: root
become: true
gather_facts: true
any_errors_fatal: true
pre_tasks:

9
test-install-swift.yml
View File

@ -17,8 +17,13 @@
- name: Playbook for deploying swift
hosts: "{{ swift_groups | default('swift_all:swift_remote_all') }}"
user: root
become: true
# We explicitly do not use 'remote_user: root' here because the
# role totally fails when we do due to not being able to apply sysctl
# settings through delegation.
# TODO(odyssey4me):
# Figure out whether this issue happens for normal (non localhost)
# delegation, and how to resolve the issue.
become: True
gather_facts: true
any_errors_fatal: true
roles:

10
test-install-tempest.yml
View File

@ -15,8 +15,14 @@
- name: Playbook for deploying tempest
hosts: utility_all
user: root
become: true
# We explicitly do not use 'remote_user: root' here because the
# role totally fails when we do due to the delegation of the
# cirros image download into /opt/cache/files due to that path
# not being writable.
# TODO(odyssey4me):
# Figure out whether this issue happens for normal (non localhost)
# delegation, and how to resolve the issue.
become: True
gather_facts: true
any_errors_fatal: true
roles:

11
test-prepare-containers.yml
View File

@ -15,7 +15,7 @@
- name: Gather facts for the LXC hosts
hosts: localhost
become: true
remote_user: root
gather_facts: true
tasks:
- include: "common-tasks/test-set-nodepool-vars.yml"
@ -25,6 +25,13 @@
- name: Playbook for creating containers
hosts: all_containers
# We explicitly do not use 'remote_user: root' here because the
# role totally fails when we do due to the delegation of various
# tasks to localhost for creating the /openstack and /var/lib/lxc
# directories.
# TODO(odyssey4me):
# Figure out whether this issue happens for normal (non localhost)
# delegation, and how to resolve the issue.
become: True
gather_facts: False
any_errors_fatal: true
@ -47,7 +54,7 @@
# to optimize serialization
- name: Execute the openstack-host role on containers
hosts: all_containers
become: true
remote_user: root
gather_facts: true
pre_tasks:
- include: "common-tasks/test-set-nodepool-vars.yml"

4
test-prepare-host.yml
View File

@ -17,7 +17,7 @@
- name: Playbook for configuring hosts
hosts: localhost
become: true
remote_user: root
vars_files:
- test-vars.yml
tasks:
@ -59,7 +59,7 @@
- name: Playbook for configuring the LXC host
hosts: localhost
become: true
remote_user: root
vars_files:
- test-vars.yml
roles:

2
test-setup-cinder-localhost.yml
View File

@ -15,7 +15,7 @@
- name: Prepare cinder-volumes volume group
hosts: localhost
become: true
remote_user: root
tasks:
- name: Install lvm2 package
package:

10
test-setup-swifthosts.yml
View File

@ -15,8 +15,14 @@
- name: Swift setup
hosts: swift_hosts
user: root
become: true
# We explicitly do not use 'remote_user: root' here because the
# role totally fails when we do due to not being able to update
# the apt cache when trying to install packages for the ironic
# role.
# TODO(odyssey4me):
# Figure out whether this issue happens for normal (non localhost)
# delegation, and how to resolve the issue.
become: True
gather_facts: true
any_errors_fatal: true
vars_files: