openstack/openstack-ansible-os_swift
Code Issues Proposed changes

Merge "Execute service setup against a delegated host using Ansible built-in modules"

Browse Source
This commit is contained in:
Zuul 2018-08-01 15:00:03 +00:00 committed by Gerrit Code Review
commit 9df587fa4d
5 changed files with 130 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
defaults/main.yml
View File

@ -20,6 +20,11 @@ swift_gnocchi_enabled: False
## Verbosity Options ## Verbosity Options
debug: False debug: False
# Set the host which will execute the shade modules
# for the service setup. The host must already have
# clouds.yaml properly configured.
swift_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
# Set the package install state for distribution and pip packages # Set the package install state for distribution and pip packages
# Options are 'present' and 'latest' # Options are 'present' and 'latest'
swift_package_state: "latest" swift_package_state: "latest"
@ -324,10 +329,6 @@ swift_do_sync: True
# clustername1: https://<cluster1-ip>/v1 # clustername1: https://<cluster1-ip>/v1
# clustername2: https://<cluster2-ip>/v1 # clustername2: https://<cluster2-ip>/v1
# swift packages that must be installed before anything else
swift_requires_pip_packages:
- virtualenv
swift_pip_packages: swift_pip_packages:
- ceilometermiddleware - ceilometermiddleware
- cryptography - cryptography

1
meta/main.yml
View File

@ -42,4 +42,3 @@ dependencies:
- role: apt_package_pinning - role: apt_package_pinning
when: when:
- ansible_pkg_mgr == 'apt' - ansible_pkg_mgr == 'apt'
- openstack_openrc

17
releasenotes/notes/swift-service-setup-host-b3d0aca53522a887.yaml Normal file
View File

@ -0,0 +1,17 @@
---
features:
- |
The service setup in keystone for swift will now be executed
through delegation to the ``swift_service_setup_host`` which,
by default, is ``localhost`` (the deploy host). Deployers can
opt to rather change this to the utility container by implementing
the following override in ``user_variables.yml``.
.. code-block:: yaml
swift_service_setup_host: "{{ groups['utility_all'][0] }}"
deprecations:
- |
The variable ``swift_requires_pip_packages`` is no longer required
and has therefore been removed.

13
tasks/swift_install_source.yml
View File

@ -23,19 +23,6 @@
when: when:
- swift_developer_mode | bool - swift_developer_mode | bool
- name: Install requires pip packages
pip:
name: "{{ swift_requires_pip_packages }}"
state: "{{ swift_pip_package_state }}"
extra_args: >-
{{ swift_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
{{ pip_install_options | default('') }}
register: install_packages
until: install_packages is success
retries: 5
delay: 2
- name: Retrieve checksum for venv download - name: Retrieve checksum for venv download
uri: uri:
url: "{{ swift_venv_download_url | replace('tgz', 'checksum') }}" url: "{{ swift_venv_download_url | replace('tgz', 'checksum') }}"

233
tasks/swift_service_setup.yml
View File

@ -13,166 +13,115 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# Create a service # We set the python interpreter to the ansible runtime venv if
- name: Ensure swift service # the delegation is to localhost so that we get access to the
keystone: # appropriate python libraries in that venv. If the delegation
command: "ensure_service" # is to another host, we assume that it is accessible by the
endpoint: "{{ keystone_service_adminurl }}" # system python instead.
login_user: "{{ keystone_admin_user_name }}" - name: Setup the service
login_password: "{{ keystone_auth_admin_password }}" delegate_to: "{{ swift_service_setup_host }}"
login_project_name: "{{ keystone_admin_tenant_name }}" vars:
service_name: "{{ swift_service_name }}" ansible_python_interpreter: >-
{{ (swift_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
block:
- name: Add service to the keystone service catalog
os_keystone_service:
cloud: default
state: present
name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}" service_type: "{{ swift_service_type }}"
description: "{{ swift_service_description }}" description: "{{ swift_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}" endpoint_type: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service register: add_service
until: add_service is success until: add_service is success
retries: 5 retries: 5
delay: 2 delay: 10
no_log: True
# Create an admin user - name: Add service users
- name: Ensure swift user os_user:
keystone: cloud: default
command: "ensure_user" state: present
endpoint: "{{ keystone_service_adminurl }}" name: "{{ item.name }}"
login_user: "{{ keystone_admin_user_name }}" password: "{{ item.password }}"
login_password: "{{ keystone_auth_admin_password }}" domain: default
login_project_name: "{{ keystone_admin_tenant_name }}" default_project: "{{ swift_service_project_name }}"
user_name: "{{ swift_service_user_name }}" endpoint_type: admin
tenant_name: "{{ swift_service_project_name }}" verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service is success
retries: 5
delay: 10
no_log: True
with_items:
- name: "{{ swift_service_user_name }}"
password: "{{ swift_service_password }}" password: "{{ swift_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}" - name: "{{ swift_dispersion_user }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service is success
retries: 5
delay: 10
no_log: True
# Add a role to the user
- name: Ensure swift user to admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_service_user_name }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service is success
retries: 5
delay: 10
no_log: True
- name: Ensure swiftoperator role
keystone:
command: "ensure_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service is success
retries: 5
delay: 10
no_log: True
- name: "Create keystone user for swift-dispersion"
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
password: "{{ swift_dispersion_password }}" password: "{{ swift_dispersion_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}" loop_control:
label: "{{ item.name }}"
- name: Add service roles
os_keystone_role:
cloud: default
state: present
name: "{{ item }}"
endpoint_type: admin
verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_service register: add_service
when: not swift_service_in_ldap | bool when: not swift_service_in_ldap | bool
until: add_service is success until: add_service is success
retries: 5 retries: 5
delay: 10 delay: 10
no_log: True with_items:
- "{{ swift_operator_role }}"
- "{{ swift_reselleradmin_role }}"
- name: "Create keystone role for ResellerAdmin" - name: Add service users to roles
keystone: os_user_role:
command: "ensure_role" cloud: default
endpoint: "{{ keystone_service_adminurl }}" state: present
login_user: "{{ keystone_admin_user_name }}" user: "{{ item.name }}"
login_password: "{{ keystone_auth_admin_password }}" role: "{{ item.role }}"
login_project_name: "{{ keystone_admin_tenant_name }}" project: "{{ item.project | default(swift_service_project_name) }}"
role_name: "{{ swift_reselleradmin_role }}" endpoint_type: admin
insecure: "{{ keystone_service_adminuri_insecure }}" verify: "{{ not keystone_service_adminuri_insecure }}"
register: add_role register: add_service
until: add_role is success when:
- not swift_service_in_ldap | bool
- (item.condition | default(True)) | bool
until: add_service is success
retries: 5 retries: 5
delay: 10 delay: 10
no_log: True with_items:
- name: "{{ swift_service_user_name }}"
role: "{{ swift_service_role_name }}"
- name: "{{ swift_dispersion_user }}"
role: "{{ swift_operator_role }}"
- name: "{{ ceilometer_service_user_name | default('ceilometer') }}"
role: "{{ swift_reselleradmin_role }}"
project: "{{ ceilometer_service_project_name | default('service') }}"
condition: "{{ swift_ceilometer_enabled | bool }}"
- name: "Add ResellerAdmin role to the service tenant and ceilometer user" - name: Add endpoints to keystone endpoint catalog
keystone: os_keystone_endpoint:
command: "ensure_user_role" cloud: default
endpoint: "{{ keystone_service_adminurl }}" state: present
login_user: "{{ keystone_admin_user_name }}" service: "{{ swift_service_name }}"
login_password: "{{ keystone_auth_admin_password }}" endpoint_interface: "{{ item.interface }}"
login_project_name: "{{ keystone_admin_tenant_name }}" url: "{{ item.url }}"
user_name: "{{ ceilometer_service_user_name }}" region: "{{ swift_service_region }}"
tenant_name: "{{ ceilometer_service_tenant_name }}" endpoint_type: admin
role_name: "{{ swift_reselleradmin_role }}" verify: "{{ not keystone_service_adminuri_insecure }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: ensure_role
until: ensure_role is success
retries: 5
delay: 10
when: swift_ceilometer_enabled | bool
no_log: True
- name: "Add swiftoperator role to swift-dispersion user"
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service register: add_service
until: add_service is success until: add_service is success
retries: 5 retries: 5
delay: 10 delay: 10
no_log: True with_items:
- interface: "public"
# Create an endpoint url: "{{ swift_service_publicurl }}"
- name: Ensure swift endpoint - interface: "internal"
keystone: url: "{{ swift_service_internalurl }}"
command: "ensure_endpoint" - interface: "admin"
endpoint: "{{ keystone_service_adminurl }}" url: "{{ swift_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ swift_service_region }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ swift_service_publicurl }}"
interface: "public"
- url: "{{ swift_service_internalurl }}"
interface: "internal"
- url: "{{ swift_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service is success
retries: 5
delay: 10
no_log: True