Eliminate installing pip on host/containers

None of the hosts need pip installed any more. Everything
installed on the host is now a distribution package, and
all pip packages are inside a virtualenv. As such, we make
the final changes to eliminate the installation of pip on
the host.

1. We change the pip_install role settings to only put
   pip.conf down, and not bother installing pip. The
   pip.conf remains necessary to provide any pip installs
   done in venvs with the details of the repo server.
2. We update the utility container playbook so that it
   installs everything into a venv, then symlinks the
   appropriate openstack client binaries to /usr/local/bin
   for convenient access. This is only done for source
   based installs.
3. We update the ceph radosgw keystone setup to make it
   use the appropriate service host, and to make use of
   the correct runtime venv. It also now makes use of
   native ansible modules instead of our own.

Depends-On: https://review.openstack.org/587840
Depends-On: https://review.openstack.org/587849
Depends-On: https://review.openstack.org/589643
Depends-On: https://review.openstack.org/590011
Depends-On: https://review.openstack.org/590178
Change-Id: Iac018386e98d1531b605c66bccf3bcce10226e19
This commit is contained in:
Jesse Pretorius 2018-08-01 16:22:06 +01:00
parent 59e795288c
commit 191e0b8660
6 changed files with 138 additions and 134 deletions

View File

@ -23,9 +23,11 @@ galera_client_drop_config_file: true
utility_package_state: "{{ package_state }}" utility_package_state: "{{ package_state }}"
utility_pip_package_state: "latest" utility_pip_package_state: "latest"
# Path to the utility host openstack client venv binaries
utility_venv_bin: "/openstack/venvs/utility-{{ openstack_release }}/bin"
# Distribution packages to be installed into the utility container # Distribution packages to be installed into the utility container
utility_distro_packages: utility_distro_packages:
- curl
- git - git
utility_distro_openstack_clients_packages: utility_distro_openstack_clients_packages:

View File

@ -14,120 +14,95 @@
# limitations under the License. # limitations under the License.
- name: Configure keystone for radosgw - name: Configure keystone for radosgw
hosts: utility_all hosts: "{{ openstack_service_setup_host | default('localhost') }}"
user: root user: root
vars_files: vars_files:
- "defaults/{{ install_method }}_install.yml" - "defaults/{{ install_method }}_install.yml"
vars:
ansible_python_interpreter: >-
{{ ((openstack_service_setup_host | default('localhost')) == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
tags:
- ceph-rgw
- ceph-rgw-setup
- rgw-service-add
tasks: tasks:
- name: Ensure RGW service - name: Add service to the keystone service catalog
keystone: os_keystone_service:
command: "ensure_service" cloud: default
endpoint: "{{ keystone_service_adminurl }}" state: present
login_user: "{{ keystone_admin_user_name }}" name: "{{ radosgw_service_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ radosgw_service_name }}"
service_type: "{{ radosgw_service_type }}" service_type: "{{ radosgw_service_type }}"
description: "{{ radosgw_service_description }}" description: "{{ radosgw_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}" interface: admin
run_once: true verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
register: add_service register: add_service
until: add_service is success until: add_service is success
retries: 5 retries: 5
delay: 2 delay: 10
no_log: True
tags: tags:
- ceph-rgw-setup - ceph-rgw-setup
- rgw-service-add - rgw-service-add
- name: Ensure RGW user - name: Add service user
keystone: os_user:
command: "ensure_user" cloud: default
endpoint: "{{ keystone_service_adminurl }}" state: present
login_user: "{{ keystone_admin_user_name }}" name: "{{ radosgw_admin_user }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ radosgw_admin_user }}"
tenant_name: "{{ radosgw_admin_tenant }}"
role_name: "{{ radosgw_role_name | default('service') }}"
password: "{{ radosgw_admin_password }}" password: "{{ radosgw_admin_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}" domain: default
run_once: true default_project: "{{ radosgw_admin_tenant }}"
interface: admin
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
register: add_user register: add_user
until: add_user is success until: add_user is success
retries: 5 retries: 5
delay: 10 delay: 10
no_log: True no_log: True
tags:
- ceph-rgw-setup
- rgw-service-add
- name: Ensure RGW user to admin role - name: Add service user to roles
keystone: os_user_role:
command: "ensure_user_role" cloud: default
endpoint: "{{ keystone_service_adminurl }}" state: present
login_user: "{{ keystone_admin_user_name }}" user: "{{ radosgw_admin_user }}"
login_password: "{{ keystone_auth_admin_password }}" role: "{{ radosgw_role_name | default('admin') }}"
login_project_name: "{{ keystone_admin_tenant_name }}" project: "{{ radosgw_admin_tenant }}"
user_name: "{{ radosgw_admin_user }}" interface: admin
tenant_name: "{{ radosgw_admin_tenant }}" verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
role_name: "{{ radosgw_role_name | default('admin') }}" register: add_user_role
insecure: "{{ keystone_service_adminuri_insecure }}" until: add_user_role is success
run_once: true
register: add_admin_role
until: add_admin_role is success
retries: 5 retries: 5
delay: 10 delay: 10
no_log: True
tags:
- ceph-rgw-setup
- rgw-service-add
- name: Ensure swiftoperator role - name: Add service role
keystone: os_keystone_role:
command: "ensure_role" cloud: default
endpoint: "{{ keystone_service_adminurl }}" state: present
login_user: "{{ keystone_admin_user_name }}" name: "swiftoperator"
login_password: "{{ keystone_auth_admin_password }}" interface: admin
login_project_name: "{{ keystone_admin_tenant_name }}" verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
role_name: "swiftoperator" register: add_role
insecure: "{{ keystone_service_adminuri_insecure }}" until: add_role is success
run_once: true
register: add_swiftoperator_role
until: add_swiftoperator_role is success
retries: 5 retries: 5
delay: 10 delay: 10
no_log: True
tags:
- ceph-rgw-setup
- rgw-service-add
- name: Ensure RGW endpoint - name: Add endpoints to keystone endpoint catalog
keystone: os_keystone_endpoint:
command: "ensure_endpoint" cloud: default
endpoint: "{{ keystone_service_adminurl }}" state: present
login_user: "{{ keystone_admin_user_name }}" service: "{{ radosgw_service_name }}"
login_password: "{{ keystone_auth_admin_password }}" endpoint_interface: "{{ item.interface }}"
login_project_name: "{{ keystone_admin_tenant_name }}" url: "{{ item.url }}"
region_name: "{{ radosgw_service_region }}" region: "{{ radosgw_service_region }}"
service_name: "{{ radosgw_service_name }}" interface: admin
service_type: "{{ radosgw_service_type }}" verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service
endpoint_list: until: add_service is success
- url: "{{ radosgw_service_publicurl }}"
interface: "public"
- url: "{{ radosgw_service_adminurl }}"
interface: "admin"
- url: "{{ radosgw_service_internalurl }}"
interface: "internal"
run_once: true
register: add_endpoint
until: add_endpoint is success
retries: 5 retries: 5
delay: 10 delay: 10
no_log: True with_items:
tags: - interface: "public"
- ceph-rgw-setup url: "{{ radosgw_service_publicurl }}"
- rgw-service-add - interface: "internal"
tags: url: "{{ radosgw_service_internalurl }}"
- ceph-rgw - interface: "admin"
url: "{{ radosgw_service_adminurl }}"

View File

@ -13,21 +13,20 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# TODO(evrardjp): Remove this playbook when the repo_build process
# is done upfront. This would mean that the openstack_hosts role
# can run once and for all directly after the
# lxc-container-create playbook.
- name: Configure all nodes to use the repo container for python/apt packages - name: Configure all nodes to use the repo container for python/apt packages
hosts: "{{ openstack_host_group | default('hosts') }}:all_containers" hosts: "{{ openstack_host_group | default('hosts') }}:all_containers"
vars:
pip_install: no
pip_configure: yes
vars_files: vars_files:
- defaults/repo_packages/openstack_services.yml - "defaults/repo_packages/openstack_services.yml"
- "defaults/{{ install_method }}_install.yml" - "defaults/{{ install_method }}_install.yml"
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- always
- repo-config
pre_tasks: pre_tasks:
- include: common-tasks/package-cache-proxy.yml - include: common-tasks/package-cache-proxy.yml
- include: common-tasks/set-pip-vars.yml - include: common-tasks/set-pip-vars.yml
roles: roles:
- pip_install - pip_install
environment: "{{ deployment_environment_variables | default({}) }}"
tags:
- always
- repo-config

View File

@ -16,6 +16,11 @@
- name: Setup the utility location(s) - name: Setup the utility location(s)
hosts: utility_all hosts: utility_all
user: root user: root
environment: "{{ deployment_environment_variables | default({}) }}"
vars_files:
- "defaults/{{ install_method }}_install.yml"
tags:
- utility
pre_tasks: pre_tasks:
- include: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml" - include: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml"
static: no static: no
@ -58,31 +63,6 @@
update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}" update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}" cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
- name: Get list of python clients
shell: "curl -s {{ repo_release_path }}/requirements_absolute_requirements.txt | grep client | cut -d'=' -f1"
args:
warn: no
register: client_list
run_once: true
changed_when: false
when: install_method == "source"
tags:
- always
- skip_ansible_lint
- name: Install pip packages
pip:
name: "{{ client_list.stdout_lines | union(utility_pip_packages) }}"
state: "{{ utility_pip_package_state }}"
extra_args: >-
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages is success
retries: 5
delay: 2
when: install_method == "source"
- name: Distribute private ssh key - name: Distribute private ssh key
copy: copy:
content: "{{ utility_ssh_private_key }}" content: "{{ utility_ssh_private_key }}"
@ -91,8 +71,60 @@
owner: root owner: root
group: root group: root
when: utility_ssh_private_key is defined when: utility_ssh_private_key is defined
environment: "{{ deployment_environment_variables | default({}) }}"
vars_files: - name: Install openstack clients (source-based install)
- "defaults/{{ install_method }}_install.yml" when:
tags: - install_method == "source"
- utility block:
- name: Get list of repo packages
uri:
url: "{{ repo_release_path }}/requirements_absolute_requirements.txt"
return_content: yes
register: _abs_reqs
run_once: true
tags:
- always
- name: Derive the list of openstack clients
set_fact:
_openstack_client_list: >-
{%- set package_list = [] %}
{%- for l in _abs_reqs.content.split('\n') %}
{%- if (l is match('^python_.*client==.*$')) or (l is match('^(aodh|gnocchi)client==.*$')) %}
{%- set _ = package_list.append(l | regex_replace('==.*$', '')) %}
{%- endif %}
{%- endfor %}
{{- package_list }}
run_once: true
tags:
- always
- name: Create the virtualenv (if it does not exist)
command: "virtualenv --never-download --no-site-packages {{ utility_venv_bin | dirname }}"
args:
creates: "{{ utility_venv_bin }}/activate"
- name: Install pip packages
pip:
name: "{{ _openstack_client_list | union(utility_pip_packages) }}"
state: "{{ utility_pip_package_state }}"
virtualenv: "{{ utility_venv_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: >-
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages is success
retries: 5
delay: 2
- name: Create symlinks for openstack clients
shell: |
{% set _bin_name = item | regex_replace('^(?:python_)?(\w*)(?:client)$', '\\1') %}
if [[ -e "{{ utility_venv_bin }}/{{ _bin_name }}" ]]; then
ln -sfn {{ utility_venv_bin }}/{{ _bin_name }} /usr/local/bin/{{ _bin_name }}
fi
args:
executable: /bin/bash
with_items: "{{ _openstack_client_list }}"

View File

@ -83,19 +83,16 @@ case ${DISTRO_ID} in
python3 python3-dev \ python3 python3-dev \
libssl-dev libffi-dev \ libssl-dev libffi-dev \
python-apt python3-apt \ python-apt python3-apt \
python-pip \
python-virtualenv python-virtualenv
;; ;;
opensuse) opensuse)
zypper -n install -l git-core curl autoconf gcc gcc-c++ \ zypper -n install -l git-core curl autoconf gcc gcc-c++ \
netcat-openbsd python python-xml python-devel gcc \ netcat-openbsd python python-xml python-devel gcc \
libffi-devel libopenssl-devel python-pip \ libffi-devel libopenssl-devel python-virtualenv
python-virtualenv
# Leap ships with python3.4 which is not supported by ansible and as # Leap ships with python3.4 which is not supported by ansible and as
# such we are using python2 # such we are using python2
# See https://github.com/ansible/ansible/issues/24180 # See https://github.com/ansible/ansible/issues/24180
PYTHON_EXEC_PATH="/usr/bin/python2" PYTHON_EXEC_PATH="/usr/bin/python2"
alternatives --set pip /usr/bin/pip2.7 || true
;; ;;
esac esac

View File

@ -19,7 +19,6 @@
user: root user: root
roles: roles:
- role: "sshd" - role: "sshd"
- role: "pip_install"
- role: "bootstrap-host" - role: "bootstrap-host"
vars: vars:
ansible_python_interpreter: "/usr/bin/python" ansible_python_interpreter: "/usr/bin/python"