Execute image setup against octavia_service_setup_host

In order to reduce the packages required to pip install on to the hosts, we use service delegation to octavia_service_setup_host so that instead of installing software on the target host, and putting credentials on every target host, we isolate the software and credentials to a single host. In this patch we remove the variable 'octavia_image_downloader' and replace it with just using the 'octavia_service_setup_host' instead. We also need to add the variable 'octavia_amp_image_path_owner' which is set to the user running the playbook by default, so that the image can be downloaded to the deployment host successfully. There are any other tasks in the role which need updating before we can eliminate the octavia_requires_pip_packages, but for the sake of keeping the patch smaller and easier to review they will be done in follow up patches. Change-Id: I438cdf695abe223a9fcf7ead796fe2eef41845b7
2018-08-02 08:40:07 +01:00 · 2018-08-02 08:40:07 +01:00 · 33a709485c
commit 33a709485c
parent faf5d66876
4 changed files with 88 additions and 107 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -219,15 +219,13 @@ octavia_amp_image_id:
 # download the image from an artefact server
 # Note: The default is the Octavia test image so don't use that in prod
 octavia_download_artefact: True
-# The host to download images to if enabled
+# The URL to download from
 # Options are ['deployment-host', 'target-host']
 octavia_image_downloader: "deployment-host"
 # The URL to downlaod from
 octavia_artefact_url: http://tarballs.openstack.org/octavia/test-images/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
-# the directory to store the downloaded file to
+# Set the directory where the downloaded image will be stored
-octavia_amp_image_path: "~/"
+# on the octavia_service_setup_host host. If the host is localhost,
-# add here the file name of the image if it should be uploaded automatically
+# then the user running the playbook must have access to it.
-octavia_amp_image_file_name:
+octavia_amp_image_path: "{{ lookup('env', 'HOME') }}/openstack-ansible/octavia"
 octavia_amp_image_path_owner: "{{ lookup('env', 'USER') }}"
 # enable uploading image to glance automatically
 octavia_amp_image_upload_enabled: "{{ octavia_download_artefact }}"
--- a/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml
+++ b/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml
@ -10,3 +10,9 @@ features:
    .. code-block:: yaml
      octavia_service_setup_host: "{{ groups['utility_all'][0] }}"
 deprecations:
  - |
    The variable ``octavia_image_downloader`` has been removed. The image
    download now uses the same host designated by the
    ``octavia_service_setup_host`` for the image download.
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -113,6 +113,7 @@
    - octavia-config
 - include: octavia_amp_image.yml
  run_once: true
  tags:
    - octavia-config
--- a/tasks/octavia_amp_image.yml
+++ b/tasks/octavia_amp_image.yml
@ -13,6 +13,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # We set the python interpreter to the ansible runtime venv if
 # the delegation is to localhost so that we get access to the
 # appropriate python libraries in that venv. If the delegation
 # is to another host, we assume that it is accessible by the
 # system python instead.
 - name: Setup the amphora image
  delegate_to: "{{ octavia_service_setup_host }}"
  vars:
    ansible_python_interpreter: >-
      {{ (octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
  block:
    - name: Create image download directory
      file:
        path: "{{ octavia_amp_image_path }}"
        state: directory
        mode: "0750"
        owner: "{{ octavia_amp_image_path_owner }}"
      when:
        - octavia_download_artefact | bool
    - name: Download image from artefact server
      get_url:
        url: "{{ octavia_artefact_url }}"
@ -22,84 +42,40 @@
      register: octavia_download_result
      when:
        - octavia_download_artefact | bool
  delegate_to: "{{ (octavia_image_downloader == 'deployment-host') | ternary('localhost', inventory_hostname) }}"
- name: Set the filename fact
+    - name: Get current image id
  set_fact:
    octavia_amp_image_file_name: "{{ octavia_download_result.dest }}"
  when:
    - octavia_image_downloader == "deployment-host"
    - octavia_download_artefact|bool
 - name: Copy download images from deployment-host to target-host(s)
  copy:
    src: "{{ octavia_amp_image_file_name }}"
    dest: "~/{{ octavia_amp_image_file_name|basename }}"
  when:
    - octavia_amp_image_upload_enabled
    - octavia_image_downloader == "deployment-host"
  register: octavia_amp_image_copy_result
  until: octavia_amp_image_copy_result is success
  retries: 6
  delay: 5
 - name: Set if we need to upload an image
  set_fact:
    octavia_amp_image_needs_upload: "{{ (octavia_image_downloader != 'deployment-host')|ternary(octavia_download_result|changed, octavia_amp_image_copy_result|changed) }}"
    octavia_dst_amp_image_path: "{{ ((octavia_image_downloader == 'deployment-host') and (octavia_download_artefact|bool))|ternary(octavia_amp_image_copy_result.dest, octavia_download_result.dest) }}"
  when:
    - octavia_amp_image_upload_enabled
 - name: Get curremt image id
      os_image_facts:
-    auth:
+        cloud: default
      auth_url: "{{ keystone_service_adminurl }}"
      username: "{{ octavia_service_user_name }}"
      password: "{{ octavia_service_password }}"
      project_name: "{{ octavia_service_project_name }}"
      user_domain_name: "{{ octavia_service_user_domain_id }}"
      project_domain_name: "{{ octavia_service_project_domain_id }}"
    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
        region_name: "{{ octavia_service_region }}"
    validate_certs: "{{ keystone_service_adminuri_insecure }}"
    auth_type: "{{ octavia_keystone_auth_plugin }}"
        image: amphora-x64-haproxy
        endpoint_type: admin
        verify: "{{ not keystone_service_adminuri_insecure }}"
      when:
-     - octavia_amp_image_needs_upload|default(False)
+         - octavia_download_result | changed
-# use shell since os_image doesn't support tags
+    # This uses command since os_image doesn't support tags.
    # TODO(odyssey4me):
    # Add tag capability to os_image module and replace this.
    - name: Upload new image to glance
-  shell: |
+      command: >-
-    . {{ ansible_env.HOME }}/openrc
+        openstack image create
-    openstack image create --file  {{ octavia_dst_amp_image_path }} --disk-format qcow2 \
+        --os-cloud default
-    --tag {{ octavia_glance_image_tag }}  --private --project service amphora-x64-haproxy
+        --file {{ octavia_download_result.dest }}
        --disk-format qcow2
        --tag {{ octavia_glance_image_tag }}
        --private
        --project service
        amphora-x64-haproxy
      when:
-    - octavia_amp_image_needs_upload|default(False)
+        - octavia_download_result | changed
  run_once: True
  tags:
    - skip_ansible_lint
    - name: Delete old image from glance
      os_image:
-    auth:
+        cloud: default
      auth_url: "{{ keystone_service_adminurl }}"
      username: "{{ octavia_service_user_name }}"
      password: "{{ octavia_service_password }}"
      project_name: "{{ octavia_service_project_name }}"
      user_domain_name: "{{ octavia_service_user_domain_id }}"
      project_domain_name: "{{ octavia_service_project_domain_id }}"
    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
    region_name: "{{ octavia_service_region }}"
    validate_certs: "{{ keystone_service_adminuri_insecure }}"
    auth_type: "{{ octavia_keystone_auth_plugin }}"
    id: "{{ openstack.id }}"
        state: absent
        region_name: "{{ octavia_service_region }}"
        id: "{{ openstack.id }}"
        endpoint_type: admin
        verify: "{{ not keystone_service_adminuri_insecure }}"
      when:
       - openstack is defined # result from os_image_facts