Reduce dependencies on the dest nodes

Currently we require a slew of deps on each destination node, this includes a gcc compiler and installing things via pip. We can remove these dependencies by containerizing them and running and Ansible inside the container itself. The container would then report back facts about idempotency. DocImpact Closes-Bug: #1481495 Implements: blueprint containerize-dependencies Change-Id: I3dfccbf9fafc06ffc36e78f3006fe5d3367891df
2015-08-03 07:50:01 +00:00 · 2015-08-03 07:50:01 +00:00 · 98a379b0fd
parent 12b70241ba
commit 98a379b0fd
25 changed files with 230 additions and 81 deletions
--- a/ansible/roles/bootstrap.yml
+++ b/ansible/roles/bootstrap.yml
@ -1,38 +1,45 @@
 ---
 - name: Creating database
-  mysql_db:
-    login_host: "{{ database_address }}"
-    login_user: "{{ database_user }}"
-    login_password: "{{ database_password }}"
-    name: "{{ service_database_name }}"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m mysql_db
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ service_database_name }}'"
  register: database
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database.stdout.split()[2] != 'SUCCESS'
  run_once: True

 - name: Creating database user and setting permissions
-  mysql_user:
-    login_host: "{{ database_address }}"
-    login_user: "{{ database_user }}"
-    login_password: "{{ database_password }}"
-    name: "{{ service_database_name }}"
-    password: "{{ service_database_password }}"
-    host: "%"
-    priv: "{{ service_database_name }}.*:ALL"
-    append_privs: "yes"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ database_address }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='{{ service_database_name }}'
+        password='{{ service_database_password }}'
+        host='%'
+        priv='{{ service_database_name }}.*:ALL'
+        append_privs='yes'"
+  register: database_user
+  changed_when: "{{ database.stdout.find('localhost | SUCCESS => ') != -1 and (database_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  failed_when: database_user.stdout.split()[2] != 'SUCCESS'
  run_once: True

 - include: start.yml
  vars:
    run_once: True
-  when: database|changed
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed

 # https://github.com/ansible/ansible-modules-core/pull/1031
 - name: Waiting for bootstrap container to exit
  command: docker wait "{{ container_name }}"
-  when: database|changed
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed

 - name: Cleaning up boostrap container
  docker:
    name: "{{ container_name }}"
    image: "{{ container_image }}"
    state: "absent"
-  when: database|changed
+  when: database.stdout.find('localhost | SUCCESS => ') != -1 and (database.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed
--- a/ansible/roles/common/defaults/main.yml
+++ b/ansible/roles/common/defaults/main.yml
@ -0,0 +1,13 @@
+---
+####################
+# Docker
+####################
+docker_ansible_registry: "{{ docker_registry ~ '/' if docker_registry else '' }}"
+docker_ansible_namespace: "{{ docker_namespace }}"
+kolla_ansible_base_distro: "{{ kolla_base_distro }}"
+kolla_ansible_install_type: "{{ kolla_install_type }}"
+kolla_ansible_container_name: "kolla-ansible"
+
+docker_ansible_image: "{{ docker_ansible_registry }}{{ docker_ansible_namespace }}/{{ kolla_ansible_base_distro }}-{{ kolla_ansible_install_type }}-{{ kolla_ansible_container_name }}"
+docker_ansible_tag: "{{ openstack_release }}"
+docker_ansible_image_full: "{{ docker_ansible_image }}:{{ docker_ansible_tag }}"
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include: start.yml
--- a/ansible/roles/common/tasks/start.yml
+++ b/ansible/roles/common/tasks/start.yml
@ -0,0 +1,9 @@
+---
+- include: ../../start.yml
+  vars:
+    container_command: "/bin/sleep infinity"
+    container_environment:
+      ANSIBLE_NOCOLOR: "1"
+      ANSIBLE_LIBRARY: "/usr/share/ansible"
+    container_image: "{{ docker_ansible_image_full }}"
+    container_name: "kolla_ansible"
--- a/ansible/roles/glance/defaults/main.yml
+++ b/ansible/roles/glance/defaults/main.yml
@ -44,3 +44,5 @@ glance_logging_verbose: "{{ openstack_logging_verbose }}"
 glance_logging_debug: "{{ openstack_logging_debug }}"

 glance_keystone_user: "glance"
+
+openstack_glance_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
--- a/ansible/roles/glance/meta/main.yml
+++ b/ansible/roles/glance/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/glance/tasks/register.yml
+++ b/ansible/roles/glance/tasks/register.yml
@ -1,23 +1,37 @@
 ---
 - name: Creating the Glance service and endpoint
-  kolla_keystone_service:
-    service_name: "glance"
-    service_type: "image"
-    description: "Openstack Image"
-    endpoint_region: "{{ openstack_region_name }}"
-    admin_url: "http://{{ kolla_internal_address }}:{{ glance_api_port }}"
-    internal_url: "http://{{ kolla_internal_address }}:{{ glance_api_port }}"
-    public_url: "http://{{ kolla_external_address }}:{{ glance_api_port }}"
-    auth: "{{ openstack_auth_v2 }}"
-    region_name: "{{ openstack_region_name }}"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=glance
+        service_type=image
+        description='Openstack Image'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}'
+        internal_url='http://{{ kolla_internal_address }}:{{ glance_api_port }}'
+        public_url='http://{{ kolla_external_address }}:{{ glance_api_port }}'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_glance_auth }}' }}"
+    -e "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
+  register: glance_endpoint
+  changed_when: "{{ glance_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (glance_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: glance_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
  run_once: True

 - name: Creating the Glance project, user, and role
-  kolla_keystone_user:
-    project: "service"
-    user: "glance"
-    password: "{{ glance_keystone_password }}"
-    role: "admin"
-    auth: "{{ openstack_auth_v2 }}"
-    region_name: "{{ openstack_region_name }}"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=glance
+        password={{ glance_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_glance_auth }}' }}"
+    -e "{'openstack_glance_auth':{{ openstack_glance_auth }}}"
+  register: glance_user
+  changed_when: "{{ glance_user.stdout.find('localhost | SUCCESS => ') != -1 and (glance_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: glance_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
  run_once: True
--- a/ansible/roles/haproxy/meta/main.yml
+++ b/ansible/roles/haproxy/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/keystone/meta/main.yml
+++ b/ansible/roles/keystone/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/mariadb/meta/main.yml
+++ b/ansible/roles/mariadb/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/mariadb/tasks/register.yml
+++ b/ansible/roles/mariadb/tasks/register.yml
@ -1,15 +1,31 @@
 ---
+- include: ../../start.yml
+  vars:
+    container_environment:
+      KOLLA_BOOTSTRAP:
+      KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+      DB_ROOT_PASSWORD: "{{ database_password }}"
+    container_image: "{{ docker_database_image_full }}"
+    container_name: "mariadb"
+    container_restart_policy: "no"
+    container_volumes:
+      - "{{ node_config_directory }}/mariadb/:/opt/kolla/mariadb/:ro"
+    container_volumes_from:
+      - "mariadb_data"
+  when: delegate_host == 'None' and inventory_hostname == groups['mariadb'][0]
+
 - name: Creating haproxy mysql user
-  mysql_user:
-    login_host: "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
-    login_user: "{{ database_user }}"
-    login_password: "{{ database_password }}"
-    name: "haproxy"
-    password: ""
-    host: "%"
-    priv: "*.*:USAGE"
-  register: status
-  until: status|success
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m mysql_user
+    -a "login_host='{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}'
+        login_user='{{ database_user }}'
+        login_password='{{ database_password }}'
+        name='haproxy'
+        password=''
+        host='%'"
+  register: haproxy_user
+  changed_when: "{{ (haproxy_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: haproxy_user.stdout.split()[2] == 'SUCCESS'
  retries: 10
  delay: 5

--- a/ansible/roles/neutron/defaults/main.yml
+++ b/ansible/roles/neutron/defaults/main.yml
@ -66,3 +66,5 @@ neutron_logging_debug: "{{ openstack_logging_debug }}"
 neutron_keystone_user: "neutron"

 neutron_bridge_name: "br-ex"
+
+openstack_neutron_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
--- a/ansible/roles/neutron/meta/main.yml
+++ b/ansible/roles/neutron/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/neutron/tasks/register.yml
+++ b/ansible/roles/neutron/tasks/register.yml
@ -1,23 +1,37 @@
 ---
 - name: Creating the Neutron service and endpoint
-  kolla_keystone_service:
-    service_name: "neutron"
-    service_type: "network"
-    description: "OpenStack Networking"
-    endpoint_region: "{{ openstack_region_name }}"
-    admin_url: "http://{{ kolla_internal_address }}:{{ neutron_server_port }}"
-    internal_url: "http://{{ kolla_internal_address }}:{{ neutron_server_port }}"
-    public_url: "http://{{ kolla_external_address }}:{{ neutron_server_port }}"
-    auth: "{{ openstack_auth_v2 }}"
-    region_name: "{{ openstack_region_name }}"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=neutron
+        service_type=image
+        description='Openstack Networking'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}'
+        internal_url='http://{{ kolla_internal_address }}:{{ neutron_server_port }}'
+        public_url='http://{{ kolla_external_address }}:{{ neutron_server_port }}'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_neutron_auth }}' }}"
+    -e "{'openstack_neutron_auth':{{ openstack_neutron_auth }}}"
+  register: neutron_endpoint
+  changed_when: "{{ neutron_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (neutron_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: neutron_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
  run_once: True

 - name: Creating the Neutron project, user, and role
-  kolla_keystone_user:
-    project: "service"
-    user: "neutron"
-    password: "{{ neutron_keystone_password }}"
-    role: "admin"
-    auth: "{{ openstack_auth_v2 }}"
-    region_name: "{{ openstack_region_name }}"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=neutron
+        password={{ neutron_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_neutron_auth }}' }}"
+    -e "{'openstack_neutron_auth':{{ openstack_neutron_auth }}}"
+  register: neutron_user
+  changed_when: "{{ neutron_user.stdout.find('localhost | SUCCESS => ') != -1 and (neutron_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: neutron_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
  run_once: True
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@ -69,3 +69,5 @@ nova_logging_verbose: "{{ openstack_logging_verbose }}"
 nova_logging_debug: "{{ openstack_logging_debug }}"

 nova_keystone_user: "nova"
+
+openstack_nova_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
--- a/ansible/roles/nova/meta/main.yml
+++ b/ansible/roles/nova/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/nova/tasks/register.yml
+++ b/ansible/roles/nova/tasks/register.yml
@ -1,23 +1,38 @@
 ---
 - name: Creating the Nova service and endpoint
-  kolla_keystone_service:
-    service_name: "nova"
-    service_type: "compute"
-    description: "Openstack Compute"
-    endpoint_region: "{{ openstack_region_name }}"
-    admin_url: "http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s"
-    internal_url: "http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s"
-    public_url: "http://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s"
-    auth: "{{ openstack_auth_v2 }}"
-    region_name: "{{ openstack_region_name }}"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=nova
+        service_type=compute
+        description='Openstack Compute'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+        internal_url='http://{{ kolla_internal_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+        public_url='http://{{ kolla_external_address }}:{{ nova_api_port }}/v2/%(tenant_id)s'
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_nova_auth }}' }}"
+    -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"
+  register: nova_endpoint
+  changed_when: "{{ nova_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (nova_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: nova_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
  run_once: True

+
 - name: Creating the Nova project, user, and role
-  kolla_keystone_user:
-    project: "service"
-    user: "nova"
-    password: "{{ nova_keystone_password }}"
-    role: "admin"
-    auth: "{{ openstack_auth_v2 }}"
-    region_name: "{{ openstack_region_name }}"
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=service
+        user=nova
+        password={{ nova_keystone_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth={{ '{{ openstack_nova_auth }}' }}"
+    -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}"
+  register: nova_user
+  changed_when: "{{ nova_user.stdout.find('localhost | SUCCESS => ') != -1 and (nova_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: nova_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
  run_once: True
--- a/ansible/roles/rabbitmq/meta/main.yml
+++ b/ansible/roles/rabbitmq/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - { role: common }
--- a/ansible/roles/start.yml
+++ b/ansible/roles/start.yml
@ -27,7 +27,7 @@
    restart_policy_retry: "{{ docker_restart_policy_retry }}"
    state: "reloaded"
    username: "{{ docker_registry_username }}"
-    volumes: "{{ container_volumes }}"
+    volumes: "{{ container_volumes | default([]) }}"
    volumes_from: "{{ container_volumes_from | default([]) }}"
  run_once: "{{ run_once | default('False') }}"
  when: not container_pid|default(False)
@ -51,7 +51,7 @@
    restart_policy_retry: "{{ docker_restart_policy_retry }}"
    state: "reloaded"
    username: "{{ docker_registry_username }}"
-    volumes: "{{ container_volumes }}"
+    volumes: "{{ container_volumes | default([]) }}"
    volumes_from: "{{ container_volumes_from | default([]) }}"
  run_once: "{{ run_once | default('False') }}"
  when: container_pid|default(False)
--- a/docker/centos/binary/kolla-ansible/Dockerfile
+++ b/docker/centos/binary/kolla-ansible/Dockerfile
@ -0,0 +1,27 @@
+FROM %%KOLLA_NAMESPACE%%/%%KOLLA_PREFIX%%base:%%KOLLA_TAG%%
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+RUN yum -y install \
+        git \
+        gcc \
+        libffi-devel \
+        libxml2-devel \
+        libxslt-devel \
+        MySQL-python \
+        openssl-devel \
+        python-devel \
+        openssh-clients \
+    && yum clean all
+
+RUN pip install -U pip wheel \
+    && pip install python-openstackclient shade
+
+RUN git clone https://github.com/ansible/ansible.git \
+    && cd ansible \
+    && git submodule update --init --recursive \
+    && pip install .
+
+RUN mkdir -p /etc/ansible /usr/share/ansible \
+    && echo 'localhost ansible_connection=local' > /etc/ansible/hosts
+
+COPY kolla_keystone_service.py kolla_keystone_user.py /usr/share/ansible/
--- a/docker/centos/binary/kolla-ansible/build
+++ b/docker/centos/binary/kolla-ansible/build
@ -0,0 +1 @@
+../../../../tools/build-docker-image
--- a/docker/centos/binary/kolla-ansible/kolla_keystone_service.py
+++ b/docker/centos/binary/kolla-ansible/kolla_keystone_service.py
--- a/docker/centos/binary/kolla-ansible/kolla_keystone_user.py
+++ b/docker/centos/binary/kolla-ansible/kolla_keystone_user.py
--- a/docs/minimal-environment-vars.md
+++ b/docs/minimal-environment-vars.md
@ -329,6 +329,10 @@ In order for each service to function, there is a minimum set of required variab
    KEYSTONE_PUBLIC_SERVICE_HOST
    PUBLIC_IP

+# Kolla-ansible
+
+    None
+
 # Magnum-api

    ADMIN_TENANT_NAME
--- a/tox.ini
+++ b/tox.ini
@ -58,4 +58,4 @@ commands =

 [flake8]
 show-source = True
-exclude=.git,.tox,doc,ansible/library
+exclude=.git,.tox,doc,ansible/library,docker/centos/binary/kolla-ansible