Execute service setup against a delegated host using Ansible built-in modules

In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. The masakari client is not used on the host, so
it serves no purpose. As there are no required packages left, the task to
install them is also removed.

Change-Id: I5f4339b322b967fcfd326c7442d634abf8b6cb05

defaults/main.yml

@@ -16,7 +16,10 @@
 ## Verbosity Options
 debug: False
 
-masakari_role_project_group: masakari_all
+# Set the host which will execute the shade modules
+# for the service setup. The host must already have
+# clouds.yaml properly configured.
+masakari_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
 
 # Set the package install state for distribution and pip packages
 # Options are 'present' and 'latest'
@@ -44,13 +47,6 @@ masakari_galera_user: masakari
 masakari_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
 masakari_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
 
-# masakari packages that must be installed before anything else
-masakari_requires_pip_packages:
-  - virtualenv
-  - python-masakariclient
-  - python-keystoneclient # Keystoneclient needed to OSA keystone lib
-
-
 # venv_download, even when true, will use the fallback method of building the
 # venv from scratch if the venv download fails.
 masakari_venv_download: "{{ not masakari_developer_mode | bool }}"
@@ -122,3 +118,9 @@ masakari_services:
   masakari-engine:
     group: masakari_engine
     service_name: masakari-engine
+
+# This variable is used by the repo_build process to determine
+# which host group to check for members of before building the
+# pip packages required by this role. The value is picked up
+# by the py_pkgs lookup.
+masakari_role_project_group: masakari_all

meta/main.yml

@@ -42,4 +42,3 @@ dependencies:
     when:
       - ansible_pkg_mgr == 'apt'
   - galera_client
-  - openstack_openrc

tasks/masakari_install.yml

@@ -33,19 +33,6 @@
       {% endfor %}
   when: masakari_developer_mode | bool
 
-- name: Install requires pip packages
-  pip:
-    name: "{{ masakari_requires_pip_packages }}"
-    state: "{{ masakari_pip_package_state }}"
-    extra_args: >-
-      {{ masakari_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-      {{ pip_install_options | default('') }}
-  register: install_packages
-  until: install_packages|success
-  retries: 5
-  delay: 2
-
 - name: Retrieve checksum for venv download
   uri:
     url: "{{ masakari_venv_download_url | replace('tgz', 'checksum') }}"

tasks/masakari_service_setup.yml

@@ -13,83 +13,81 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Create a service
+# We set the python interpreter to the ansible runtime venv if
-- name: Ensure masakari service
+# the delegation is to localhost so that we get access to the
-  keystone:
+# appropriate python libraries in that venv. If the delegation
-    command: "ensure_service"
+# is to another host, we assume that it is accessible by the
-    endpoint: "{{ keystone_service_adminurl }}"
+# system python instead.
-    login_user: "{{ keystone_admin_user_name }}"
+- name: Setup the service
-    login_password: "{{ keystone_auth_admin_password }}"
+  delegate_to: "{{ masakari_service_setup_host }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
+  vars:
-    service_name: "{{ masakari_service_name }}"
+    ansible_python_interpreter: >-
-    service_type: "{{ masakari_service_type }}"
+      {{ (masakari_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
-    description: "{{ masakari_service_description }}"
+  block:
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+    - name: Add service to the keystone service catalog
-  register: add_service
+      os_keystone_service:
-  until: add_service|success
+        cloud: default
-  retries: 5
+        state: present
-  delay: 2
+        name: "{{ masakari_service_name }}"
-  no_log: True
+        service_type: "{{ masakari_service_type }}"
+        description: "{{ masakari_service_description }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      register: add_service
+      until: add_service is success
+      retries: 5
+      delay: 10
 
-# Create an admin user
+    - name: Add service user
-- name: Ensure masakari user
+      os_user:
-  keystone:
+        cloud: default
-    command: "ensure_user"
+        state: present
-    endpoint: "{{ keystone_service_adminurl }}"
+        name: "{{ masakari_service_user_name }}"
-    login_user: "{{ keystone_admin_user_name }}"
+        password: "{{ masakari_service_password }}"
-    login_password: "{{ keystone_auth_admin_password }}"
+        domain: default
-    login_project_name: "{{ keystone_admin_tenant_name }}"
+        default_project: "{{ masakari_service_project_name }}"
-    user_name: "{{ masakari_service_user_name }}"
+        endpoint_type: admin
-    tenant_name: "{{ masakari_service_project_name }}"
+        verify: "{{ not keystone_service_adminuri_insecure }}"
-    password: "{{ masakari_service_password }}"
+      register: add_service
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+      when: not masakari_service_in_ldap | bool
-  register: add_service
+      until: add_service is success
-  when: not masakari_service_in_ldap | bool
+      retries: 5
-  until: add_service|success
+      delay: 10
-  retries: 5
+      no_log: True
-  delay: 10
-  no_log: True
 
-# Add a role to the user
+    - name: Add service user to admin role
-- name: Ensure masakari user to admin role
+      os_user_role:
-  keystone:
+        cloud: default
-    command: "ensure_user_role"
+        state: present
-    endpoint: "{{ keystone_service_adminurl }}"
+        user: "{{ masakari_service_user_name }}"
-    login_user: "{{ keystone_admin_user_name }}"
+        role: "{{ masakari_role_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
+        project: "{{ masakari_service_project_name }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
+        endpoint_type: admin
-    user_name: "{{ masakari_service_user_name }}"
+        verify: "{{ not keystone_service_adminuri_insecure }}"
-    tenant_name: "{{ masakari_service_project_name }}"
+      register: add_service
-    role_name: "{{ masakari_role_name }}"
+      when: not masakari_service_in_ldap | bool
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+      until: add_service is success
-  register: add_service
+      retries: 5
-  when: not masakari_service_in_ldap | bool
+      delay: 10
-  until: add_service|success
-  retries: 5
-  delay: 10
-  no_log: True
 
-# Create an endpoint
+    - name: Add endpoints to keystone endpoint catalog
-- name: Ensure masakari endpoint
+      os_keystone_endpoint:
-  keystone:
+        cloud: default
-    command: "ensure_endpoint"
+        state: present
-    endpoint: "{{ keystone_service_adminurl }}"
+        service: "{{ masakari_service_name }}"
-    login_user: "{{ keystone_admin_user_name }}"
+        endpoint_interface: "{{ item.interface }}"
-    login_password: "{{ keystone_auth_admin_password }}"
+        url: "{{ item.url }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
+        region: "{{ masakari_service_region }}"
-    region_name: "{{ masakari_service_region }}"
+        endpoint_type: admin
-    service_name: "{{ masakari_service_name }}"
+        verify: "{{ not keystone_service_adminuri_insecure }}"
-    service_type: "{{ masakari_service_type }}"
+      register: add_service
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+      until: add_service is success
-    endpoint_list:
+      retries: 5
-      - url: "{{ masakari_service_publicurl }}"
+      delay: 10
-        interface: "public"
+      with_items:
-      - url: "{{ masakari_service_internalurl }}"
+        - interface: "public"
-        interface: "internal"
+          url: "{{ masakari_service_publicurl }}"
-      - url: "{{ masakari_service_adminurl }}"
+        - interface: "internal"
-        interface: "admin"
+          url: "{{ masakari_service_internalurl }}"
-  register: add_service
+        - interface: "admin"
-  until: add_service|success
+          url: "{{ masakari_service_adminurl }}"
-  retries: 5
-  delay: 10
-  no_log: True

tests/host_vars/localhost.yml

@@ -16,5 +16,3 @@
 bridges:
   - name: "br-mgmt"
     ip_addr: "10.1.0.1"
-
-ansible_python_interpreter: "/usr/bin/python2"

tests/test-install-masakari.yml

@@ -16,7 +16,6 @@
 - name: Playbook for deploying masakari
   hosts: masakari_all
   user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:

tests/test-masakari-functional.yml

@@ -20,11 +20,9 @@
   tasks:
     - name: check masakari api
       uri:
-        url: "http://localhost:{{ item.value.service_name['masakari-api'] }}"
+        url: "http://localhost:15868"
         status_code: 200
       register: result
       until: result.status == 200
       retries: 5
       delay: 10
-      with_items:
-        - 15868