Add var for environment used only inside playbooks

When global_environment_variables is set in user_variables.yml, this installs environment settings in /etc/environment on all hosts and containers. These remain in place after deployment is complete. This patch adds a similar variable deployment_environment_variables that defines environment strings applied only while the playbooks are running. They leave nothing behind on the hosts or containers. This may be used, for example, for proxy settings required only during deployment. A simpler no_proxy setting is adequate during deployment, so this provides a workaround to Bug #1691749. Change-Id: Ia15d2133c6749fa9496bbf9359b8bf075742d60e Related-Bug: #1691749
2017-05-18 13:35:06 +01:00 · 2017-05-18 13:35:06 +01:00 · 77ac88197c
commit 77ac88197c
parent c9a96296d7
38 changed files with 51 additions and 0 deletions
--- a/etc/openstack_deploy/user_variables.yml
+++ b/etc/openstack_deploy/user_variables.yml
@ -118,6 +118,7 @@ debug: false
 # placed both on the hosts and inside the containers.

 ## Example environment variable setup:
+## (1) This sets up a permanent environment, used during and after deployment:
 # proxy_env_url: http://username:pa$$w0rd@10.10.10.9:9000/
 # no_proxy_env: "localhost,127.0.0.1,{{ internal_lb_vip_address }},{{ external_lb_vip_address }},{% for host in groups['all_containers'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
 # global_environment_variables:
@ -127,6 +128,12 @@ debug: false
 #   http_proxy: "{{ proxy_env_url }}"
 #   https_proxy: "{{ proxy_env_url }}"
 #   no_proxy: "{{ no_proxy_env }}"
+#
+## (2) This is applied only during deployment, nothing is left after deployment is complete:
+# deployment_environment_variables:
+#   http_proxy: http://username:pa$$w0rd@10.10.10.9:9000/
+#   https_proxy: http://username:pa$$w0rd@10.10.10.9:9000/
+#   no_proxy: "localhost,127.0.0.1,{{ internal_lb_vip_address }},{{ external_lb_vip_address }}"


 ## SSH connection wait time
--- a/playbooks/ceph-install.yml
+++ b/playbooks/ceph-install.yml
@ -73,6 +73,7 @@
        - crontab
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - ceph
    - ceph-mon
@ -145,6 +146,7 @@
    - role: "system_crontab_coordination"
      tags:
        - crontab
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - ceph
    - ceph-osd
--- a/playbooks/etcd-install.yml
+++ b/playbooks/etcd-install.yml
@ -29,3 +29,5 @@
    - role: "system_crontab_coordination"
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
+
--- a/playbooks/galera-install.yml
+++ b/playbooks/galera-install.yml
@ -33,6 +33,7 @@
    - include: common-tasks/package-cache-proxy.yml
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - galera

@ -64,5 +65,6 @@
    galera_address: 127.0.0.1
    galera_server_id: "{{ inventory_hostname | string_2_int }}"
    galera_wsrep_node_name: "{{ container_name }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - galera
--- a/playbooks/haproxy-install.yml
+++ b/playbooks/haproxy-install.yml
@ -33,6 +33,7 @@
    - "{{ haproxy_keepalived_vars_file | default('vars/configs/keepalived_haproxy.yml') }}"
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - haproxy-config
    - haproxy
@ -73,5 +74,6 @@
    - vars/configs/haproxy_config.yml
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - haproxy
--- a/playbooks/lxc-containers-create.yml
+++ b/playbooks/lxc-containers-create.yml
@ -33,5 +33,6 @@
        timeout: "{{ lxc_container_wait_params.timeout | default(omit) }}"
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - lxc-containers-create
--- a/playbooks/lxc-hosts-setup.yml
+++ b/playbooks/lxc-hosts-setup.yml
@ -55,5 +55,6 @@
    - defaults/repo_packages/openstack_services.yml
  vars:
    pip_lock_to_internal_repo: False
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - lxc-hosts
--- a/playbooks/memcached-install.yml
+++ b/playbooks/memcached-install.yml
@ -39,5 +39,6 @@
        - crontab
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - memcached
--- a/playbooks/openstack-hosts-setup.yml
+++ b/playbooks/openstack-hosts-setup.yml
@ -64,5 +64,6 @@
        msg: "The only supported platforms for this release are Ubuntu 16.04 LTS (Xenial) and CentOS 7 (WIP)"
  roles:
    - role: "openstack_hosts"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - openstack-hosts
--- a/playbooks/os-aodh-install.yml
+++ b/playbooks/os-aodh-install.yml
@ -62,5 +62,6 @@
    aodh_rabbitmq_servers: "{{ rabbitmq_servers }}"
    aodh_rabbitmq_port: "{{ rabbitmq_port }}"
    aodh_rabbitmq_use_ssl: "{{ rabbitmq_use_ssl }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - aodh
--- a/playbooks/os-barbican-install.yml
+++ b/playbooks/os-barbican-install.yml
@ -57,5 +57,6 @@
        - rsyslog
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - barbican
--- a/playbooks/os-ceilometer-install.yml
+++ b/playbooks/os-ceilometer-install.yml
@ -49,5 +49,6 @@
        - rsyslog
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - ceilometer
--- a/playbooks/os-cinder-install.yml
+++ b/playbooks/os-cinder-install.yml
@ -122,5 +122,6 @@
    cinder_galera_user: cinder
    cinder_galera_database: cinder
    cinder_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - cinder
--- a/playbooks/os-designate-install.yml
+++ b/playbooks/os-designate-install.yml
@ -72,5 +72,6 @@
        - rsyslog
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - designate
--- a/playbooks/os-glance-install.yml
+++ b/playbooks/os-glance-install.yml
@ -93,5 +93,6 @@
    glance_galera_user: glance
    glance_galera_database: glance
    glance_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - glance
--- a/playbooks/os-gnocchi-install.yml
+++ b/playbooks/os-gnocchi-install.yml
@ -66,5 +66,6 @@
    gnocchi_galera_user: gnocchi
    gnocchi_galera_database: gnocchi
    gnocchi_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - gnocchi
--- a/playbooks/os-heat-install.yml
+++ b/playbooks/os-heat-install.yml
@ -75,5 +75,6 @@
    heat_galera_user: heat
    heat_galera_database: heat
    heat_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - heat
--- a/playbooks/os-horizon-install.yml
+++ b/playbooks/os-horizon-install.yml
@ -50,5 +50,6 @@
    horizon_galera_user: horizon
    horizon_galera_database: horizon
    horizon_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - horizon
--- a/playbooks/os-ironic-install.yml
+++ b/playbooks/os-ironic-install.yml
@ -57,5 +57,6 @@
    ironic_galera_user: ironic
    ironic_galera_database: ironic
    ironic_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - ironic
--- a/playbooks/os-keystone-install.yml
+++ b/playbooks/os-keystone-install.yml
@ -109,5 +109,6 @@
    keystone_galera_user: keystone
    keystone_galera_database: keystone
    keystone_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - keystone
--- a/playbooks/os-magnum-install.yml
+++ b/playbooks/os-magnum-install.yml
@ -58,5 +58,6 @@
        - rsyslog
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - "magnum"
--- a/playbooks/os-molteniron-install.yml
+++ b/playbooks/os-molteniron-install.yml
@ -47,5 +47,6 @@
        - crontab
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - molteniron
--- a/playbooks/os-neutron-install.yml
+++ b/playbooks/os-neutron-install.yml
@ -154,5 +154,6 @@
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
    bind_prefix: "{{ provider_network_bind_prefix|default('') }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - neutron
--- a/playbooks/os-nova-install.yml
+++ b/playbooks/os-nova-install.yml
@ -180,5 +180,6 @@
    nova_api_galera_address: "{{ galera_address }}"
    nova_placement_galera_address: "{{ galera_address }}"
    glance_host: "{{ internal_lb_vip_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - nova
--- a/playbooks/os-octavia-install.yml
+++ b/playbooks/os-octavia-install.yml
@ -64,5 +64,6 @@
    octavia_galera_user: octavia
    octavia_galera_database: octavia
    octavia_galera_address: "{{ galera_address }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - octavia
--- a/playbooks/os-rally-install.yml
+++ b/playbooks/os-rally-install.yml
@ -28,3 +28,4 @@
      when: inventory_hostname == groups['utility_all'][0]
  roles:
    - role: "os_rally"
+  environment: "{{ deployment_environment_variables | default({}) }}"
--- a/playbooks/os-sahara-install.yml
+++ b/playbooks/os-sahara-install.yml
@ -67,5 +67,6 @@
        - rsyslog
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - sahara
--- a/playbooks/os-swift-install.yml
+++ b/playbooks/os-swift-install.yml
@ -51,6 +51,7 @@
      swift_do_sync: True
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - swift

@ -70,5 +71,6 @@
    - role: "system_crontab_coordination"
      tags:
        - crontab
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - swift
--- a/playbooks/os-swift-sync.yml
+++ b/playbooks/os-swift-sync.yml
@ -26,5 +26,6 @@
      swift_do_sync: True
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - swift
--- a/playbooks/os-tempest-install.yml
+++ b/playbooks/os-tempest-install.yml
@ -33,5 +33,6 @@
    - defaults/repo_packages/openstack_testing.yml
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - tempest
--- a/playbooks/os-trove-install.yml
+++ b/playbooks/os-trove-install.yml
@ -72,5 +72,6 @@
        - rsyslog
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - trove
--- a/playbooks/rabbitmq-install.yml
+++ b/playbooks/rabbitmq-install.yml
@ -30,6 +30,7 @@
    - role: "system_crontab_coordination"
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - rabbitmq

@ -60,6 +61,7 @@
      rsyslog_client_config_name: "99-rabbitmq-rsyslog-client.conf"
      tags:
        - rsyslog
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - rabbitmq

@ -73,6 +75,7 @@
         password: "{{ rabbitmq_monitoring_password }}"
         state: "present"
      when: rabbitmq_monitoring_password is defined
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - rabbitmq-config
    - rabbitmq
--- a/playbooks/repo-build.yml
+++ b/playbooks/repo-build.yml
@ -131,5 +131,6 @@
      - "{{ playbook_dir }}/../"
      - /etc/ansible/roles
      - /etc/openstack_deploy
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - repo-build
--- a/playbooks/repo-server.yml
+++ b/playbooks/repo-server.yml
@ -66,5 +66,6 @@
    - defaults/repo_packages/openstack_services.yml
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - repo-server
--- a/playbooks/rsyslog-install.yml
+++ b/playbooks/rsyslog-install.yml
@ -36,5 +36,6 @@
        - crontab
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - rsyslog
--- a/playbooks/security-hardening.yml
+++ b/playbooks/security-hardening.yml
@ -24,5 +24,6 @@
  roles:
    - role: "openstack-ansible-security"
      when: apply_security_hardening | bool
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - security
--- a/playbooks/unbound-install.yml
+++ b/playbooks/unbound-install.yml
@ -97,3 +97,4 @@
  vars:
    #Only run the resolvconf role when DNS containers are deployed to the env.
    resolvconf_enabled: "{{ groups['unbound'] is defined and groups['unbound'] | length > 0 }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
--- a/playbooks/utility-install.yml
+++ b/playbooks/utility-install.yml
@ -85,5 +85,6 @@
      when: utility_ssh_private_key is defined
  vars:
    is_metal: "{{ properties.is_metal|default(false) }}"
+  environment: "{{ deployment_environment_variables | default({}) }}"
  tags:
    - utility