openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Use a common python build/install role

Browse Source 
In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.
3. Deduplicates the distro package installs. Right now the
   role installs the distro packages twice - just before
   building the venv, and during the python_venv_build role
   execution.

Depends-On: https://review.openstack.org/598957
Change-Id: Ib7b1cd7ec004de4e3e285c315f63076e7448e50e
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
This commit is contained in:
Jesse Pretorius 2018-03-27 22:25:58 +01:00 committed by Jesse Pretorius (odyssey4me)
parent 735aaf52ac
commit 49ddbfd635
4 changed files with 66 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
defaults/main.yml
View File

@ -41,8 +41,19 @@ keystone_developer_mode: false
keystone_developer_constraints:
- "git+{{ keystone_git_repo }}@{{ keystone_git_install_branch }}#egg=keystone"
# TODO(odyssey4me):
# This can be simplified once all the roles are using
# python_venv_build. We can then switch to using a
# set of constraints in pip.conf inside the venv,
# perhaps prepared by giving a giving a list of
# constraints to the role.
keystone_pip_install_args: >-
{{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }}
{{ pip_install_options | default('') }}
# Name of the virtual env to deploy into
keystone_venv_tag: untagged
keystone_venv_tag: "{{ venv_tag | default('untagged') }}"
keystone_bin: "{{ _keystone_bin }}"
# venv_download, even when true, will use the fallback method of building the

26
handlers/main.yml
View File

@ -23,6 +23,8 @@
until: _restart is success
retries: 5
delay: 2
listen:
- "venv changed"
- name: Wait for web server to complete starting
wait_for:
@ -35,7 +37,9 @@
register: _wait_check
until: _wait_check is success
retries: 5
listen: "Restart web server"
listen:
- "venv changed"
- "Restart web server"
- name: Stop uWSGI
service:
@ -47,7 +51,9 @@
retries: 5
delay: 2
with_items: "{{ keystone_services.keys() | list }}"
listen: "Restart uWSGI"
listen:
- "venv changed"
- "Restart uWSGI"
# Note (odyssey4me):
# The policy.json file is currently read continually by the services
@ -61,7 +67,9 @@
stat:
path: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
register: _custom_policy_file
listen: "Restart uWSGI"
listen:
- "venv changed"
- "Restart uWSGI"
- name: Copy new policy file into place
copy:
@ -73,7 +81,9 @@
remote_src: yes
when:
- _custom_policy_file['stat']['exists'] | bool
listen: "Restart uWSGI"
listen:
- "venv changed"
- "Restart uWSGI"
- name: Start uWSGI
service:
@ -86,7 +96,9 @@
retries: 5
delay: 2
with_items: "{{ keystone_services.keys() | list }}"
listen: "Restart uWSGI"
listen:
- "venv changed"
- "Restart uWSGI"
- name: Wait for uWSGI socket to be ready
wait_for:
@ -99,7 +111,9 @@
register: _wait_check
until: _wait_check is success
retries: 5
listen: "Restart uWSGI"
listen:
- "venv changed"
- "Restart uWSGI"
- name: Restart Shibd
service:

4
tasks/keystone_install.yml
View File

@ -136,9 +136,7 @@
state: "True"
- name: "install_method"
state: "{{ keystone_install_method }}"
when: (keystone_install_method == 'source' and
(keystone_get_venv | changed or keystone_venv_dir | changed)) or
(install_packages | changed) or
when: (install_packages | changed) or
(ansible_local is not defined) or
('openstack_ansible' not in ansible_local) or
('keystone' not in ansible_local['openstack_ansible']) or

144
tasks/keystone_install_source.yml
View File

@ -13,6 +13,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# TODO(odyssey4me):
# This can be simplified once all the roles are using
# python_venv_build. We can then switch to using a
# set of constraints in pip.conf inside the venv,
# perhaps prepared by giving a giving a list of
# constraints to the role.
- name: Create developer mode constraint file
copy:
dest: "/opt/developer-pip-constraints.txt"
@ -22,116 +28,32 @@
{% endfor %}
when: keystone_developer_mode | bool
- name: Retrieve checksum for venv download
uri:
url: "{{ keystone_venv_download_url | replace('tgz', 'checksum') }}"
return_content: yes
register: keystone_venv_checksum
when: keystone_venv_download | bool
- name: Attempt venv download
get_url:
url: "{{ keystone_venv_download_url }}"
dest: "/var/cache/{{ keystone_venv_download_url | basename }}"
checksum: "sha1:{{ keystone_venv_checksum.content | trim }}"
register: keystone_get_venv
when: keystone_venv_download | bool
- name: Remove existing venv
file:
path: "{{ keystone_bin | dirname }}"
state: absent
when: keystone_get_venv is changed
- name: Create keystone venv dir
file:
path: "{{ keystone_bin | dirname }}"
state: directory
register: keystone_venv_dir
when: keystone_get_venv is changed
- name: Unarchive pre-built venv
unarchive:
src: "/var/cache/{{ keystone_venv_download_url | basename }}"
dest: "{{ keystone_bin | dirname }}"
copy: "no"
when: keystone_get_venv is changed
notify:
- Manage LB
- Restart uWSGI
- Restart web server
- name: Create the python venv and install packages into it
when: keystone_get_venv | failed or keystone_get_venv | skipped
block:
- name: Create the virtualenv (if it does not exist)
command: "virtualenv --never-download --no-site-packages {{ keystone_bin | dirname }}"
args:
creates: "{{ keystone_bin }}/activate"
- name: Upgrade pip/setuptools/wheel to the versions we want
pip:
name:
- pip
- setuptools
- wheel
state: "{{ keystone_pip_package_state }}"
virtualenv: "{{ keystone_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: >-
{{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages is success
retries: 5
delay: 2
- name: Install pip packages
pip:
name: "{{ keystone_pip_packages }}"
state: "{{ keystone_pip_package_state }}"
virtualenv: "{{ keystone_bin | dirname }}"
virtualenv_site_packages: "no"
extra_args: >-
{{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages is success
retries: 5
delay: 2
notify:
- Manage LB
- Restart uWSGI
- Restart web server
- name: Remove python from path first (CentOS, openSUSE)
file:
path: "{{ keystone_bin | dirname }}/bin/python2.7"
state: "absent"
- name: Ensure remote wheel building is disabled in developer mode
set_fact:
venv_build_host: "{{ ansible_hostname }}"
when:
- ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
- keystone_get_venv is changed
- keystone_developer_mode | bool
# NOTE(odyssey4me):
# # We reinitialize the venv to ensure that the right
# # version of python is in the venv, but we do not
# # want virtualenv to also replace pip, setuptools
# # and wheel so we tell it not to.
# # We do not use --always-copy for CentOS/SuSE due
# # to https://github.com/pypa/virtualenv/issues/565
- name: Reset virtualenv and update its paths
shell: |
set -o errexit
find {{ keystone_bin }} -name \*.pyc -delete
if test -d {{ keystone_bin }}/__pycache__; then rmdir {{ keystone_bin }}/__pycache__; fi
sed -si '1s/^.*python.*$/#!{{ keystone_bin | replace ('/','\/') }}\/python/' {{ keystone_bin }}/*
virtualenv {{ keystone_bin | dirname }} \
{{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \
--no-pip \
--no-setuptools \
--no-wheel
when: keystone_get_venv is changed
tags:
- skip_ansible_lint
- name: Install the python venv
include_role:
name: "python_venv_build"
private: yes
vars:
venv_build_distro_package_list: "{{ keystone_devel_distro_packages }}"
venv_install_destination_path: "{{ keystone_bin | dirname }}"
venv_install_distro_package_list: "{{ keystone_distro_packages }}"
venv_pip_install_args: "{{ keystone_pip_install_args }}"
venv_pip_packages: "{{ keystone_pip_packages }}"
venv_facts_when_changed:
- section: "keystone"
option: "need_db_expand"
value: "True"
- section: "keystone"
option: "need_db_migrate"
value: "True"
- section: "keystone"
option: "need_db_contract"
value: "True"
- section: "keystone"
option: "venv_tag"
value: "{{ keystone_venv_tag }}"