From 49ddbfd635105283869e87737576c213f3ac78a5 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Tue, 27 Mar 2018 22:25:58 +0100
Subject: [PATCH] Use a common python build/install role

In order to radically simplify how we prepare the service
venvs, we use a common role to do the wheel builds and the
venv preparation. This makes the process far simpler to
understand, because the role does its own building and
installing. It also reduces the code maintenance burden,
because instead of duplicating the build processes in the
repo_build role and the service role - we only have it all
done in a single place.

We also change the role venv tag var to use the integrated
build's common venv tag so that we can remove the role's
venv tag in group_vars in the integrated build. This reduces
memory consumption and also reduces the duplication.

This is by no means the final stop in the simplification
process, but it is a step forward. The will be work to follow
which:

1. Replaces 'developer mode' with an equivalent mechanism
   that uses the common role and is simpler to understand.
   We will also simplify the provisioning of pip install
   arguments when doing this.
2. Simplifies the installation of optional pip packages.
   Right now it's more complicated than it needs to be due
   to us needing to keep the py_pkgs plugin working in the
   integrated build.
3. Deduplicates the distro package installs. Right now the
   role installs the distro packages twice - just before
   building the venv, and during the python_venv_build role
   execution.

Depends-On: https://review.openstack.org/598957
Change-Id: Ib7b1cd7ec004de4e3e285c315f63076e7448e50e
Implements: blueprint python-build-install-simplification
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
---
 defaults/main.yml                 |  13 ++-
 handlers/main.yml                 |  26 ++++--
 tasks/keystone_install.yml        |   4 +-
 tasks/keystone_install_source.yml | 144 +++++++-----------------------
 4 files changed, 66 insertions(+), 121 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 1484995b..997556d6 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -41,8 +41,19 @@ keystone_developer_mode: false
 keystone_developer_constraints:
   - "git+{{ keystone_git_repo }}@{{ keystone_git_install_branch }}#egg=keystone"
 
+# TODO(odyssey4me):
+# This can be simplified once all the roles are using
+# python_venv_build. We can then switch to using a
+# set of constraints in pip.conf inside the venv,
+# perhaps prepared by giving a giving a list of
+# constraints to the role.
+keystone_pip_install_args: >-
+  {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
+  {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''), '') }}
+  {{ pip_install_options | default('') }}
+
 # Name of the virtual env to deploy into
-keystone_venv_tag: untagged
+keystone_venv_tag: "{{ venv_tag | default('untagged') }}"
 keystone_bin: "{{ _keystone_bin }}"
 
 # venv_download, even when true, will use the fallback method of building the
diff --git a/handlers/main.yml b/handlers/main.yml
index 671c1f40..7dc59823 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -23,6 +23,8 @@
   until: _restart is success
   retries: 5
   delay: 2
+  listen:
+    - "venv changed"
 
 - name: Wait for web server to complete starting
   wait_for:
@@ -35,7 +37,9 @@
   register: _wait_check
   until: _wait_check is success
   retries: 5
-  listen: "Restart web server"
+  listen:
+    - "venv changed"
+    - "Restart web server"
 
 - name: Stop uWSGI
   service:
@@ -47,7 +51,9 @@
   retries: 5
   delay: 2
   with_items: "{{ keystone_services.keys() | list }}"
-  listen: "Restart uWSGI"
+  listen:
+    - "venv changed"
+    - "Restart uWSGI"
 
 # Note (odyssey4me):
 # The policy.json file is currently read continually by the services
@@ -61,7 +67,9 @@
   stat:
     path: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
   register: _custom_policy_file
-  listen: "Restart uWSGI"
+  listen:
+    - "venv changed"
+    - "Restart uWSGI"
 
 - name: Copy new policy file into place
   copy:
@@ -73,7 +81,9 @@
     remote_src: yes
   when:
     - _custom_policy_file['stat']['exists'] | bool
-  listen: "Restart uWSGI"
+  listen:
+    - "venv changed"
+    - "Restart uWSGI"
 
 - name: Start uWSGI
   service:
@@ -86,7 +96,9 @@
   retries: 5
   delay: 2
   with_items: "{{ keystone_services.keys() | list }}"
-  listen: "Restart uWSGI"
+  listen:
+    - "venv changed"
+    - "Restart uWSGI"
 
 - name: Wait for uWSGI socket to be ready
   wait_for:
@@ -99,7 +111,9 @@
   register: _wait_check
   until: _wait_check is success
   retries: 5
-  listen: "Restart uWSGI"
+  listen:
+    - "venv changed"
+    - "Restart uWSGI"
 
 - name: Restart Shibd
   service:
diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml
index 5669f661..b17bb17a 100644
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@@ -136,9 +136,7 @@
       state: "True"
     - name: "install_method"
       state: "{{ keystone_install_method }}"
-  when: (keystone_install_method == 'source' and
-        (keystone_get_venv | changed or keystone_venv_dir | changed)) or
-        (install_packages | changed) or
+  when: (install_packages | changed) or
         (ansible_local is not defined) or
         ('openstack_ansible' not in ansible_local) or
         ('keystone' not in ansible_local['openstack_ansible']) or
diff --git a/tasks/keystone_install_source.yml b/tasks/keystone_install_source.yml
index bd991aea..f6265093 100644
--- a/tasks/keystone_install_source.yml
+++ b/tasks/keystone_install_source.yml
@@ -13,6 +13,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# TODO(odyssey4me):
+# This can be simplified once all the roles are using
+# python_venv_build. We can then switch to using a
+# set of constraints in pip.conf inside the venv,
+# perhaps prepared by giving a giving a list of
+# constraints to the role.
 - name: Create developer mode constraint file
   copy:
     dest: "/opt/developer-pip-constraints.txt"
@@ -22,116 +28,32 @@
       {% endfor %}
   when: keystone_developer_mode | bool
 
-- name: Retrieve checksum for venv download
-  uri:
-    url: "{{ keystone_venv_download_url | replace('tgz', 'checksum') }}"
-    return_content: yes
-  register: keystone_venv_checksum
-  when: keystone_venv_download | bool
-
-- name: Attempt venv download
-  get_url:
-    url: "{{ keystone_venv_download_url }}"
-    dest: "/var/cache/{{ keystone_venv_download_url | basename }}"
-    checksum: "sha1:{{ keystone_venv_checksum.content | trim }}"
-  register: keystone_get_venv
-  when: keystone_venv_download | bool
-
-- name: Remove existing venv
-  file:
-    path: "{{ keystone_bin | dirname }}"
-    state: absent
-  when: keystone_get_venv  is changed
-
-- name: Create keystone venv dir
-  file:
-    path: "{{ keystone_bin | dirname }}"
-    state: directory
-  register: keystone_venv_dir
-  when: keystone_get_venv  is changed
-
-- name: Unarchive pre-built venv
-  unarchive:
-    src: "/var/cache/{{ keystone_venv_download_url | basename }}"
-    dest: "{{ keystone_bin | dirname }}"
-    copy: "no"
-  when: keystone_get_venv  is changed
-  notify:
-    - Manage LB
-    - Restart uWSGI
-    - Restart web server
-
-- name: Create the python venv and install packages into it
-  when: keystone_get_venv | failed or keystone_get_venv | skipped
-  block:
-    - name: Create the virtualenv (if it does not exist)
-      command: "virtualenv --never-download --no-site-packages {{ keystone_bin | dirname }}"
-      args:
-        creates: "{{ keystone_bin }}/activate"
-
-    - name: Upgrade pip/setuptools/wheel to the versions we want
-      pip:
-        name:
-          - pip
-          - setuptools
-          - wheel
-        state: "{{ keystone_pip_package_state }}"
-        virtualenv: "{{ keystone_bin | dirname }}"
-        virtualenv_site_packages: "no"
-        extra_args: >-
-          {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-          {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-          {{ pip_install_options | default('') }}
-      register: install_packages
-      until: install_packages is success
-      retries: 5
-      delay: 2
-
-    - name: Install pip packages
-      pip:
-        name: "{{ keystone_pip_packages }}"
-        state: "{{ keystone_pip_package_state }}"
-        virtualenv: "{{ keystone_bin | dirname }}"
-        virtualenv_site_packages: "no"
-        extra_args: >-
-          {{ keystone_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-          {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-          {{ pip_install_options | default('') }}
-      register: install_packages
-      until: install_packages is success
-      retries: 5
-      delay: 2
-      notify:
-        - Manage LB
-        - Restart uWSGI
-        - Restart web server
-
-- name: Remove python from path first (CentOS, openSUSE)
-  file:
-    path:  "{{ keystone_bin | dirname }}/bin/python2.7"
-    state: "absent"
+- name: Ensure remote wheel building is disabled in developer mode
+  set_fact:
+    venv_build_host: "{{ ansible_hostname }}"
   when:
-    - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
-    - keystone_get_venv  is changed
+    - keystone_developer_mode | bool
 
-# NOTE(odyssey4me):
-# # We reinitialize the venv to ensure that the right
-# # version of python is in the venv, but we do not
-# # want virtualenv to also replace pip, setuptools
-# # and wheel so we tell it not to.
-# # We do not use --always-copy for CentOS/SuSE due
-# # to https://github.com/pypa/virtualenv/issues/565
-- name: Reset virtualenv and update its paths
-  shell: |
-    set -o errexit
-    find {{ keystone_bin }} -name \*.pyc -delete
-    if test -d {{ keystone_bin }}/__pycache__; then rmdir {{ keystone_bin }}/__pycache__; fi
-    sed -si '1s/^.*python.*$/#!{{ keystone_bin | replace ('/','\/') }}\/python/' {{ keystone_bin }}/*
-    virtualenv {{ keystone_bin | dirname }} \
-        {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \
-        --no-pip \
-        --no-setuptools \
-        --no-wheel
-  when: keystone_get_venv  is changed
-  tags:
-    - skip_ansible_lint
+- name: Install the python venv
+  include_role:
+    name: "python_venv_build"
+    private: yes
+  vars:
+    venv_build_distro_package_list: "{{ keystone_devel_distro_packages }}"
+    venv_install_destination_path: "{{ keystone_bin | dirname }}"
+    venv_install_distro_package_list: "{{ keystone_distro_packages }}"
+    venv_pip_install_args: "{{ keystone_pip_install_args }}"
+    venv_pip_packages: "{{ keystone_pip_packages }}"
+    venv_facts_when_changed:
+      - section: "keystone"
+        option: "need_db_expand"
+        value: "True"
+      - section: "keystone"
+        option: "need_db_migrate"
+        value: "True"
+      - section: "keystone"
+        option: "need_db_contract"
+        value: "True"
+      - section: "keystone"
+        option: "venv_tag"
+        value: "{{ keystone_venv_tag }}"