Use kolla_toolbox to execute REST methods

Delegate executing uri REST methods to the current module containers using kolla_toolbox. This will allow self signed certificate that are already copied into the container to be automatically validated. This circumvents requiring Kolla Ansible to explicitly disable certificate validation in the ansible uri module. Partially-Implements: blueprint custom-cacerts Change-Id: I2625db7b8000af980e4745734c834c5d9292290b
2019-12-30 10:41:43 -08:00 · 2019-12-30 10:41:43 -08:00 · 88418cbaa9
commit 88418cbaa9
parent 511ba9f6a2
6 changed files with 175 additions and 113 deletions
--- a/ansible/roles/elasticsearch/tasks/upgrade.yml
+++ b/ansible/roles/elasticsearch/tasks/upgrade.yml
@ -2,7 +2,10 @@
 # The official procedure for upgrade elasticsearch:
 # https://www.elastic.co/guide/en/elasticsearch/reference/5.6/restart-upgrade.html
 - name: Disable shard allocation
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/_cluster/settings"
      method: PUT
      status_code: 200
@ -13,7 +16,10 @@
  run_once: true
 - name: Perform a synced flush
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/_flush/synced"
      method: POST
      status_code: 200
--- a/ansible/roles/grafana/tasks/post_config.yml
+++ b/ansible/roles/grafana/tasks/post_config.yml
@ -1,6 +1,9 @@
 ---
 - name: Wait for grafana application ready
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/login"
      status_code: 200
  register: result
@ -10,7 +13,10 @@
  run_once: true
 - name: Enable grafana datasources
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/datasources"
      method: POST
      user: "{{ grafana_admin_username }}"
@ -28,7 +34,10 @@
  when: item.value.enabled | bool
 - name: Disable Getting Started panel
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ grafana_server_port }}/api/user/helpflags/1"
      method: PUT
      user: "{{ grafana_admin_username }}"
--- a/ansible/roles/ironic/handlers/main.yml
+++ b/ansible/roles/ironic/handlers/main.yml
@ -35,7 +35,10 @@
 # TODO(mgoddard): remove this task when
 # https://storyboard.openstack.org/#!/story/2006393 has been fixed.
 - name: Wait for ironic-api to be accessible
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ ironic_internal_endpoint }}"
  register: result
  until: result is success
--- a/ansible/roles/kibana/tasks/post_config.yml
+++ b/ansible/roles/kibana/tasks/post_config.yml
@ -6,7 +6,10 @@
  run_once: true
 - name: Register the kibana index in elasticsearch
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana"
      method: PUT
      body: "{{ kibana_default_index_options | to_json }}"
@ -21,7 +24,10 @@
  run_once: true
 - name: Wait for kibana to register in elasticsearch
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana"
      status_code: 200
  register: result
@ -31,7 +37,10 @@
  run_once: true
 - name: Change kibana config to set index as defaultIndex
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/config/*"
      method: PUT
      body:
@ -41,7 +50,10 @@
  run_once: true
 - name: Get kibana default indexes
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      headers:
        Content-Type: application/json
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana"
@ -59,8 +71,11 @@
  connection: local
 - name: Add index pattern to kibana
-  uri:
+  become: true
-    url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/index-pattern/{{ kibana_default_index_pattern }}"  # noqa 204
+  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ elasticsearch_port }}/.kibana/index-pattern/{{ kibana_default_index_pattern }}"
      method: PUT
      body: "{{ kibana_default_index | to_json }}"
      body_format: json
--- a/ansible/roles/monasca/tasks/post_config.yml
+++ b/ansible/roles/monasca/tasks/post_config.yml
@ -1,6 +1,9 @@
 ---
 - name: Wait for Monasca Grafana to load
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/login"
      status_code: 200
  register: result
@ -14,7 +17,10 @@
    monasca_grafana_control_plane_org: "{{ monasca_control_plane_project }}@{{ default_project_domain_id }}"
 - name: List Monasca Grafana organisations
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      method: GET
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs"
      user: '{{ monasca_grafana_admin_username }}'
@ -25,7 +31,10 @@
  register: monasca_grafana_orgs
 - name: Create default control plane organisation if it doesn't exist
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      method: POST
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs"
      user: '{{ monasca_grafana_admin_username }}'
@ -38,7 +47,10 @@
  when: monasca_grafana_control_plane_org not in monasca_grafana_orgs.json|map(attribute='name')|unique
 - name: Lookup Monasca Grafana control plane organisation ID
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      method: GET
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/name/{{ monasca_grafana_control_plane_org }}"
      user: '{{ monasca_grafana_admin_username }}'
@ -49,7 +61,10 @@
  register: monasca_grafana_conf_org
 - name: Add {{ monasca_grafana_admin_username }} user to control plane organisation
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      method: POST
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/orgs/{{ monasca_grafana_conf_org.json.id }}/users"
      user: '{{ monasca_grafana_admin_username }}'
@ -67,7 +82,10 @@
               monasca_grafana_add_user_response.status == 409 and ("User is already" not in  monasca_grafana_add_user_response.json.message|default(""))
 - name: Switch Monasca Grafana to the control plane organisation
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      method: POST
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/user/using/{{ monasca_grafana_conf_org.json.id }}"
      user: '{{ monasca_grafana_admin_username }}'
@ -76,7 +94,10 @@
  run_once: True
 - name: Enable Monasca Grafana datasource for control plane organisation
-  uri:
+  become: true
  kolla_toolbox:
    module_name: uri
    module_args:
      url: "{{ internal_protocol }}://{{ kolla_internal_vip_address | put_address_in_context('url') }}:{{ monasca_grafana_server_port }}/api/datasources"
      method: POST
      user: "{{ monasca_grafana_admin_username }}"
--- a/releasenotes/notes/execute-rest-methods-inside-containers-ce2a1410dbdc71f3.yaml
+++ b/releasenotes/notes/execute-rest-methods-inside-containers-ce2a1410dbdc71f3.yaml
@ -0,0 +1,8 @@
 ---
 features:
  - |
    Delegate executing ansible uri REST methods to service containers using
    kolla_toolbox. This will enable any certificates that are already copied
    and extracted into the service container to be automatically validated.
    This is particularly useful in the case that the certificate is either
    self-signed or signed by a local (private) CA.