Eliminate installing pip on host/containers
None of the hosts need pip installed any more. Everything
installed on the host is now a distribution package, and
all pip packages are inside a virtualenv. As such, we make
the final changes to eliminate the installation of pip on
the host.
1. We change the pip_install role settings to only put
pip.conf down, and not bother installing pip. The
pip.conf remains necessary to provide any pip installs
done in venvs with the details of the repo server.
2. We update the utility container playbook so that it
installs everything into a venv, then symlinks the
appropriate openstack client binaries to /usr/local/bin
for convenient access. This is only done for source
based installs.
3. We update the ceph radosgw keystone setup to make it
use the appropriate service host, and to make use of
the correct runtime venv. It also now makes use of
native ansible modules instead of our own.
Depends-On: https://review.openstack.org/587840
Depends-On: https://review.openstack.org/591329
Depends-On: https://review.openstack.org/591328
Depends-On: https://review.openstack.org/591039
Depends-On: https://review.openstack.org/591041
Change-Id: Iac018386e98d1531b605c66bccf3bcce10226e19
(cherry picked from commit 191e0b8660
)
This commit is contained in:
parent
5c12f15b6c
commit
25a2753760
|
@ -23,9 +23,11 @@ galera_client_drop_config_file: true
|
|||
utility_package_state: "{{ package_state }}"
|
||||
utility_pip_package_state: "latest"
|
||||
|
||||
# Path to the utility host openstack client venv binaries
|
||||
utility_venv_bin: "/openstack/venvs/utility-{{ openstack_release }}/bin"
|
||||
|
||||
# Distribution packages to be installed into the utility container
|
||||
utility_distro_packages:
|
||||
- curl
|
||||
- git
|
||||
|
||||
utility_distro_openstack_clients_packages:
|
||||
|
|
|
@ -14,120 +14,95 @@
|
|||
# limitations under the License.
|
||||
|
||||
- name: Configure keystone for radosgw
|
||||
hosts: utility_all
|
||||
hosts: "{{ openstack_service_setup_host | default('localhost') }}"
|
||||
user: root
|
||||
vars_files:
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
vars:
|
||||
ansible_python_interpreter: >-
|
||||
{{ ((openstack_service_setup_host | default('localhost')) == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
|
||||
tags:
|
||||
- ceph-rgw
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
tasks:
|
||||
- name: Ensure RGW service
|
||||
keystone:
|
||||
command: "ensure_service"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
service_name: "{{ radosgw_service_name }}"
|
||||
- name: Add service to the keystone service catalog
|
||||
os_keystone_service:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ radosgw_service_name }}"
|
||||
service_type: "{{ radosgw_service_type }}"
|
||||
description: "{{ radosgw_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
no_log: True
|
||||
delay: 10
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure RGW user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ radosgw_admin_user }}"
|
||||
tenant_name: "{{ radosgw_admin_tenant }}"
|
||||
role_name: "{{ radosgw_role_name | default('service') }}"
|
||||
- name: Add service user
|
||||
os_user:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ radosgw_admin_user }}"
|
||||
password: "{{ radosgw_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
domain: default
|
||||
default_project: "{{ radosgw_admin_tenant }}"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_user
|
||||
until: add_user is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure RGW user to admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ radosgw_admin_user }}"
|
||||
tenant_name: "{{ radosgw_admin_tenant }}"
|
||||
role_name: "{{ radosgw_role_name | default('admin') }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
register: add_admin_role
|
||||
until: add_admin_role is success
|
||||
- name: Add service user to roles
|
||||
os_user_role:
|
||||
cloud: default
|
||||
state: present
|
||||
user: "{{ radosgw_admin_user }}"
|
||||
role: "{{ radosgw_role_name | default('admin') }}"
|
||||
project: "{{ radosgw_admin_tenant }}"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_user_role
|
||||
until: add_user_role is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure swiftoperator role
|
||||
keystone:
|
||||
command: "ensure_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
role_name: "swiftoperator"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
register: add_swiftoperator_role
|
||||
until: add_swiftoperator_role is success
|
||||
- name: Add service role
|
||||
os_keystone_role:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "swiftoperator"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_role
|
||||
until: add_role is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure RGW endpoint
|
||||
keystone:
|
||||
command: "ensure_endpoint"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
region_name: "{{ radosgw_service_region }}"
|
||||
service_name: "{{ radosgw_service_name }}"
|
||||
service_type: "{{ radosgw_service_type }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
endpoint_list:
|
||||
- url: "{{ radosgw_service_publicurl }}"
|
||||
interface: "public"
|
||||
- url: "{{ radosgw_service_adminurl }}"
|
||||
interface: "admin"
|
||||
- url: "{{ radosgw_service_internalurl }}"
|
||||
interface: "internal"
|
||||
run_once: true
|
||||
register: add_endpoint
|
||||
until: add_endpoint is success
|
||||
- name: Add endpoints to keystone endpoint catalog
|
||||
os_keystone_endpoint:
|
||||
cloud: default
|
||||
state: present
|
||||
service: "{{ radosgw_service_name }}"
|
||||
endpoint_interface: "{{ item.interface }}"
|
||||
url: "{{ item.url }}"
|
||||
region: "{{ radosgw_service_region }}"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
tags:
|
||||
- ceph-rgw
|
||||
with_items:
|
||||
- interface: "public"
|
||||
url: "{{ radosgw_service_publicurl }}"
|
||||
- interface: "internal"
|
||||
url: "{{ radosgw_service_internalurl }}"
|
||||
- interface: "admin"
|
||||
url: "{{ radosgw_service_adminurl }}"
|
||||
|
|
|
@ -13,21 +13,20 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# TODO(evrardjp): Remove this playbook when the repo_build process
|
||||
# is done upfront. This would mean that the openstack_hosts role
|
||||
# can run once and for all directly after the
|
||||
# lxc-container-create playbook.
|
||||
- name: Configure all nodes to use the repo container for python/apt packages
|
||||
hosts: "{{ openstack_host_group | default('hosts') }}:all_containers"
|
||||
vars:
|
||||
pip_install: no
|
||||
pip_configure: yes
|
||||
vars_files:
|
||||
- defaults/repo_packages/openstack_services.yml
|
||||
- "defaults/repo_packages/openstack_services.yml"
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
tags:
|
||||
- always
|
||||
- repo-config
|
||||
pre_tasks:
|
||||
- include: common-tasks/package-cache-proxy.yml
|
||||
- include: common-tasks/set-pip-vars.yml
|
||||
roles:
|
||||
- pip_install
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
tags:
|
||||
- always
|
||||
- repo-config
|
||||
|
|
|
@ -16,6 +16,11 @@
|
|||
- name: Setup the utility location(s)
|
||||
hosts: utility_all
|
||||
user: root
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
vars_files:
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
tags:
|
||||
- utility
|
||||
pre_tasks:
|
||||
- include: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml"
|
||||
static: no
|
||||
|
@ -58,31 +63,6 @@
|
|||
update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
|
||||
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
|
||||
|
||||
- name: Get list of python clients
|
||||
shell: "curl -s {{ repo_release_path }}/requirements_absolute_requirements.txt | grep client | cut -d'=' -f1"
|
||||
args:
|
||||
warn: no
|
||||
register: client_list
|
||||
run_once: true
|
||||
changed_when: false
|
||||
when: install_method == "source"
|
||||
tags:
|
||||
- always
|
||||
- skip_ansible_lint
|
||||
|
||||
- name: Install pip packages
|
||||
pip:
|
||||
name: "{{ client_list.stdout_lines | union(utility_pip_packages) }}"
|
||||
state: "{{ utility_pip_package_state }}"
|
||||
extra_args: >-
|
||||
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
|
||||
{{ pip_install_options | default('') }}
|
||||
register: install_packages
|
||||
until: install_packages is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when: install_method == "source"
|
||||
|
||||
- name: Distribute private ssh key
|
||||
copy:
|
||||
content: "{{ utility_ssh_private_key }}"
|
||||
|
@ -91,8 +71,60 @@
|
|||
owner: root
|
||||
group: root
|
||||
when: utility_ssh_private_key is defined
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
vars_files:
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
tags:
|
||||
- utility
|
||||
|
||||
- name: Install openstack clients (source-based install)
|
||||
when:
|
||||
- install_method == "source"
|
||||
block:
|
||||
- name: Get list of repo packages
|
||||
uri:
|
||||
url: "{{ repo_release_path }}/requirements_absolute_requirements.txt"
|
||||
return_content: yes
|
||||
register: _abs_reqs
|
||||
run_once: true
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Derive the list of openstack clients
|
||||
set_fact:
|
||||
_openstack_client_list: >-
|
||||
{%- set package_list = [] %}
|
||||
{%- for l in _abs_reqs.content.split('\n') %}
|
||||
{%- if (l is match('^python_.*client==.*$')) or (l is match('^(aodh|gnocchi)client==.*$')) %}
|
||||
{%- set _ = package_list.append(l | regex_replace('==.*$', '')) %}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{{- package_list }}
|
||||
run_once: true
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Create the virtualenv (if it does not exist)
|
||||
command: "virtualenv --never-download --no-site-packages {{ utility_venv_bin | dirname }}"
|
||||
args:
|
||||
creates: "{{ utility_venv_bin }}/activate"
|
||||
|
||||
- name: Install pip packages
|
||||
pip:
|
||||
name: "{{ _openstack_client_list | union(utility_pip_packages) }}"
|
||||
state: "{{ utility_pip_package_state }}"
|
||||
virtualenv: "{{ utility_venv_bin | dirname }}"
|
||||
virtualenv_site_packages: "no"
|
||||
extra_args: >-
|
||||
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
|
||||
{{ pip_install_options | default('') }}
|
||||
register: install_packages
|
||||
until: install_packages is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Create symlinks for openstack clients
|
||||
shell: |
|
||||
{% set _bin_name = item | regex_replace('^(?:python_)?(\w*)(?:client)$', '\\1') %}
|
||||
if [[ -e "{{ utility_venv_bin }}/{{ _bin_name }}" ]]; then
|
||||
ln -sfn {{ utility_venv_bin }}/{{ _bin_name }} /usr/local/bin/{{ _bin_name }}
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
with_items: "{{ _openstack_client_list }}"
|
||||
|
||||
|
|
|
@ -83,19 +83,16 @@ case ${DISTRO_ID} in
|
|||
python3 python3-dev \
|
||||
libssl-dev libffi-dev \
|
||||
python-apt python3-apt \
|
||||
python-pip \
|
||||
python-virtualenv
|
||||
;;
|
||||
opensuse)
|
||||
zypper -n install -l git-core curl autoconf gcc gcc-c++ \
|
||||
netcat-openbsd python python-xml python-devel gcc \
|
||||
libffi-devel libopenssl-devel python-pip \
|
||||
python-virtualenv
|
||||
libffi-devel libopenssl-devel python-virtualenv
|
||||
# Leap ships with python3.4 which is not supported by ansible and as
|
||||
# such we are using python2
|
||||
# See https://github.com/ansible/ansible/issues/24180
|
||||
PYTHON_EXEC_PATH="/usr/bin/python2"
|
||||
alternatives --set pip /usr/bin/pip2.7 || true
|
||||
;;
|
||||
esac
|
||||
|
||||
|
|
|
@ -19,7 +19,6 @@
|
|||
user: root
|
||||
roles:
|
||||
- role: "sshd"
|
||||
- role: "pip_install"
|
||||
- role: "bootstrap-host"
|
||||
vars:
|
||||
ansible_python_interpreter: "/usr/bin/python"
|
||||
|
|
Loading…
Reference in New Issue