Eliminate installing pip on host/containers
None of the hosts need pip installed any more. Everything installed on the host is now a distribution package, and all pip packages are inside a virtualenv. As such, we make the final changes to eliminate the installation of pip on the host. 1. We change the pip_install role settings to only put pip.conf down, and not bother installing pip. The pip.conf remains necessary to provide any pip installs done in venvs with the details of the repo server. 2. We update the utility container playbook so that it installs everything into a venv, then symlinks the appropriate openstack client binaries to /usr/local/bin for convenient access. This is only done for source based installs. 3. We update the ceph radosgw keystone setup to make it use the appropriate service host, and to make use of the correct runtime venv. It also now makes use of native ansible modules instead of our own. Depends-On: https://review.openstack.org/587840 Depends-On: https://review.openstack.org/587849 Depends-On: https://review.openstack.org/589643 Depends-On: https://review.openstack.org/590011 Depends-On: https://review.openstack.org/590178 Change-Id: Iac018386e98d1531b605c66bccf3bcce10226e19
This commit is contained in:
parent
59e795288c
commit
191e0b8660
@ -23,9 +23,11 @@ galera_client_drop_config_file: true
|
||||
utility_package_state: "{{ package_state }}"
|
||||
utility_pip_package_state: "latest"
|
||||
|
||||
# Path to the utility host openstack client venv binaries
|
||||
utility_venv_bin: "/openstack/venvs/utility-{{ openstack_release }}/bin"
|
||||
|
||||
# Distribution packages to be installed into the utility container
|
||||
utility_distro_packages:
|
||||
- curl
|
||||
- git
|
||||
|
||||
utility_distro_openstack_clients_packages:
|
||||
|
@ -14,120 +14,95 @@
|
||||
# limitations under the License.
|
||||
|
||||
- name: Configure keystone for radosgw
|
||||
hosts: utility_all
|
||||
hosts: "{{ openstack_service_setup_host | default('localhost') }}"
|
||||
user: root
|
||||
vars_files:
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
vars:
|
||||
ansible_python_interpreter: >-
|
||||
{{ ((openstack_service_setup_host | default('localhost')) == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
|
||||
tags:
|
||||
- ceph-rgw
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
tasks:
|
||||
- name: Ensure RGW service
|
||||
keystone:
|
||||
command: "ensure_service"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
service_name: "{{ radosgw_service_name }}"
|
||||
- name: Add service to the keystone service catalog
|
||||
os_keystone_service:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ radosgw_service_name }}"
|
||||
service_type: "{{ radosgw_service_type }}"
|
||||
description: "{{ radosgw_service_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
no_log: True
|
||||
delay: 10
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure RGW user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ radosgw_admin_user }}"
|
||||
tenant_name: "{{ radosgw_admin_tenant }}"
|
||||
role_name: "{{ radosgw_role_name | default('service') }}"
|
||||
- name: Add service user
|
||||
os_user:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ radosgw_admin_user }}"
|
||||
password: "{{ radosgw_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
domain: default
|
||||
default_project: "{{ radosgw_admin_tenant }}"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_user
|
||||
until: add_user is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure RGW user to admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ radosgw_admin_user }}"
|
||||
tenant_name: "{{ radosgw_admin_tenant }}"
|
||||
role_name: "{{ radosgw_role_name | default('admin') }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
register: add_admin_role
|
||||
until: add_admin_role is success
|
||||
- name: Add service user to roles
|
||||
os_user_role:
|
||||
cloud: default
|
||||
state: present
|
||||
user: "{{ radosgw_admin_user }}"
|
||||
role: "{{ radosgw_role_name | default('admin') }}"
|
||||
project: "{{ radosgw_admin_tenant }}"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_user_role
|
||||
until: add_user_role is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure swiftoperator role
|
||||
keystone:
|
||||
command: "ensure_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
role_name: "swiftoperator"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
run_once: true
|
||||
register: add_swiftoperator_role
|
||||
until: add_swiftoperator_role is success
|
||||
- name: Add service role
|
||||
os_keystone_role:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "swiftoperator"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_role
|
||||
until: add_role is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
|
||||
- name: Ensure RGW endpoint
|
||||
keystone:
|
||||
command: "ensure_endpoint"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
region_name: "{{ radosgw_service_region }}"
|
||||
service_name: "{{ radosgw_service_name }}"
|
||||
service_type: "{{ radosgw_service_type }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
endpoint_list:
|
||||
- url: "{{ radosgw_service_publicurl }}"
|
||||
interface: "public"
|
||||
- url: "{{ radosgw_service_adminurl }}"
|
||||
interface: "admin"
|
||||
- url: "{{ radosgw_service_internalurl }}"
|
||||
interface: "internal"
|
||||
run_once: true
|
||||
register: add_endpoint
|
||||
until: add_endpoint is success
|
||||
- name: Add endpoints to keystone endpoint catalog
|
||||
os_keystone_endpoint:
|
||||
cloud: default
|
||||
state: present
|
||||
service: "{{ radosgw_service_name }}"
|
||||
endpoint_interface: "{{ item.interface }}"
|
||||
url: "{{ item.url }}"
|
||||
region: "{{ radosgw_service_region }}"
|
||||
interface: admin
|
||||
verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
tags:
|
||||
- ceph-rgw-setup
|
||||
- rgw-service-add
|
||||
tags:
|
||||
- ceph-rgw
|
||||
with_items:
|
||||
- interface: "public"
|
||||
url: "{{ radosgw_service_publicurl }}"
|
||||
- interface: "internal"
|
||||
url: "{{ radosgw_service_internalurl }}"
|
||||
- interface: "admin"
|
||||
url: "{{ radosgw_service_adminurl }}"
|
||||
|
@ -13,21 +13,20 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# TODO(evrardjp): Remove this playbook when the repo_build process
|
||||
# is done upfront. This would mean that the openstack_hosts role
|
||||
# can run once and for all directly after the
|
||||
# lxc-container-create playbook.
|
||||
- name: Configure all nodes to use the repo container for python/apt packages
|
||||
hosts: "{{ openstack_host_group | default('hosts') }}:all_containers"
|
||||
vars:
|
||||
pip_install: no
|
||||
pip_configure: yes
|
||||
vars_files:
|
||||
- defaults/repo_packages/openstack_services.yml
|
||||
- "defaults/repo_packages/openstack_services.yml"
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
tags:
|
||||
- always
|
||||
- repo-config
|
||||
pre_tasks:
|
||||
- include: common-tasks/package-cache-proxy.yml
|
||||
- include: common-tasks/set-pip-vars.yml
|
||||
roles:
|
||||
- pip_install
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
tags:
|
||||
- always
|
||||
- repo-config
|
||||
|
@ -16,6 +16,11 @@
|
||||
- name: Setup the utility location(s)
|
||||
hosts: utility_all
|
||||
user: root
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
vars_files:
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
tags:
|
||||
- utility
|
||||
pre_tasks:
|
||||
- include: "common-tasks/os-{{ container_tech | default('lxc') }}-container-setup.yml"
|
||||
static: no
|
||||
@ -58,31 +63,6 @@
|
||||
update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
|
||||
cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
|
||||
|
||||
- name: Get list of python clients
|
||||
shell: "curl -s {{ repo_release_path }}/requirements_absolute_requirements.txt | grep client | cut -d'=' -f1"
|
||||
args:
|
||||
warn: no
|
||||
register: client_list
|
||||
run_once: true
|
||||
changed_when: false
|
||||
when: install_method == "source"
|
||||
tags:
|
||||
- always
|
||||
- skip_ansible_lint
|
||||
|
||||
- name: Install pip packages
|
||||
pip:
|
||||
name: "{{ client_list.stdout_lines | union(utility_pip_packages) }}"
|
||||
state: "{{ utility_pip_package_state }}"
|
||||
extra_args: >-
|
||||
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
|
||||
{{ pip_install_options | default('') }}
|
||||
register: install_packages
|
||||
until: install_packages is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
when: install_method == "source"
|
||||
|
||||
- name: Distribute private ssh key
|
||||
copy:
|
||||
content: "{{ utility_ssh_private_key }}"
|
||||
@ -91,8 +71,60 @@
|
||||
owner: root
|
||||
group: root
|
||||
when: utility_ssh_private_key is defined
|
||||
environment: "{{ deployment_environment_variables | default({}) }}"
|
||||
vars_files:
|
||||
- "defaults/{{ install_method }}_install.yml"
|
||||
tags:
|
||||
- utility
|
||||
|
||||
- name: Install openstack clients (source-based install)
|
||||
when:
|
||||
- install_method == "source"
|
||||
block:
|
||||
- name: Get list of repo packages
|
||||
uri:
|
||||
url: "{{ repo_release_path }}/requirements_absolute_requirements.txt"
|
||||
return_content: yes
|
||||
register: _abs_reqs
|
||||
run_once: true
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Derive the list of openstack clients
|
||||
set_fact:
|
||||
_openstack_client_list: >-
|
||||
{%- set package_list = [] %}
|
||||
{%- for l in _abs_reqs.content.split('\n') %}
|
||||
{%- if (l is match('^python_.*client==.*$')) or (l is match('^(aodh|gnocchi)client==.*$')) %}
|
||||
{%- set _ = package_list.append(l | regex_replace('==.*$', '')) %}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{{- package_list }}
|
||||
run_once: true
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Create the virtualenv (if it does not exist)
|
||||
command: "virtualenv --never-download --no-site-packages {{ utility_venv_bin | dirname }}"
|
||||
args:
|
||||
creates: "{{ utility_venv_bin }}/activate"
|
||||
|
||||
- name: Install pip packages
|
||||
pip:
|
||||
name: "{{ _openstack_client_list | union(utility_pip_packages) }}"
|
||||
state: "{{ utility_pip_package_state }}"
|
||||
virtualenv: "{{ utility_venv_bin | dirname }}"
|
||||
virtualenv_site_packages: "no"
|
||||
extra_args: >-
|
||||
{{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
|
||||
{{ pip_install_options | default('') }}
|
||||
register: install_packages
|
||||
until: install_packages is success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Create symlinks for openstack clients
|
||||
shell: |
|
||||
{% set _bin_name = item | regex_replace('^(?:python_)?(\w*)(?:client)$', '\\1') %}
|
||||
if [[ -e "{{ utility_venv_bin }}/{{ _bin_name }}" ]]; then
|
||||
ln -sfn {{ utility_venv_bin }}/{{ _bin_name }} /usr/local/bin/{{ _bin_name }}
|
||||
fi
|
||||
args:
|
||||
executable: /bin/bash
|
||||
with_items: "{{ _openstack_client_list }}"
|
||||
|
||||
|
@ -83,19 +83,16 @@ case ${DISTRO_ID} in
|
||||
python3 python3-dev \
|
||||
libssl-dev libffi-dev \
|
||||
python-apt python3-apt \
|
||||
python-pip \
|
||||
python-virtualenv
|
||||
;;
|
||||
opensuse)
|
||||
zypper -n install -l git-core curl autoconf gcc gcc-c++ \
|
||||
netcat-openbsd python python-xml python-devel gcc \
|
||||
libffi-devel libopenssl-devel python-pip \
|
||||
python-virtualenv
|
||||
libffi-devel libopenssl-devel python-virtualenv
|
||||
# Leap ships with python3.4 which is not supported by ansible and as
|
||||
# such we are using python2
|
||||
# See https://github.com/ansible/ansible/issues/24180
|
||||
PYTHON_EXEC_PATH="/usr/bin/python2"
|
||||
alternatives --set pip /usr/bin/pip2.7 || true
|
||||
;;
|
||||
esac
|
||||
|
||||
|
@ -19,7 +19,6 @@
|
||||
user: root
|
||||
roles:
|
||||
- role: "sshd"
|
||||
- role: "pip_install"
|
||||
- role: "bootstrap-host"
|
||||
vars:
|
||||
ansible_python_interpreter: "/usr/bin/python"
|
||||
|
Loading…
x
Reference in New Issue
Block a user