diff --git a/doc/source/index.rst b/doc/source/index.rst index a25d6512..e2590629 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -53,6 +53,19 @@ Example playbook .. literalinclude:: ../../examples/playbook.yml :language: yaml +External Restart Hooks +~~~~~~~~~~~~~~~~~~~~~~ + +When the role performs a restart of the service, it will notify an Ansible +handler named ``Manage LB``, which is a noop within this role. In the +playbook, other roles may be loaded before and after this role which will +implement Ansible handler listeners for ``Manage LB``, allowing external roles +to manage the load balancer endpoints responsible for sending traffic to the +servers being restarted by marking them in maintenance or active mode, +draining sessions, etc. For an example implementation, please reference the +`ansible-haproxy-endpoints role `_ +used by the openstack-ansible project. + Tags ~~~~ diff --git a/handlers/main.yml b/handlers/main.yml index 489bd008..5c0e9b1e 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -103,3 +103,7 @@ until: _restart | success retries: 5 delay: 2 + +- meta: noop + listen: Manage LB + when: false diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml index b53e09f3..a9333858 100644 --- a/tasks/keystone_apache.yml +++ b/tasks/keystone_apache.yml @@ -42,6 +42,7 @@ when: - ansible_pkg_mgr in ['apt', 'zypper'] notify: + - Manage LB - Restart web server ## NOTE(andymccr): @@ -54,6 +55,7 @@ when: - ansible_pkg_mgr in ['yum', 'dnf'] notify: + - Manage LB - Restart web server - name: Drop apache2 config files @@ -64,6 +66,7 @@ group: "root" with_items: "{{ keystone_apache_configs }}" notify: + - Manage LB - Restart web server - name: Disable default apache site @@ -72,6 +75,7 @@ state: "absent" with_items: "{{ keystone_apache_default_sites }}" notify: + - Manage LB - Restart web server - name: Enabled keystone vhost @@ -83,6 +87,7 @@ - keystone_apache_site_available is defined - keystone_apache_site_enabled is defined notify: + - Manage LB - Restart web server - name: Ensure Apache ServerName @@ -90,6 +95,7 @@ dest: "{{ keystone_apache_conf }}" line: "ServerName {{ ansible_hostname }}" notify: + - Manage LB - Restart web server - name: Ensure Apache ServerTokens @@ -98,6 +104,7 @@ regexp: '^ServerTokens' line: "ServerTokens {{ keystone_apache_servertokens }}" notify: + - Manage LB - Restart web server - name: Ensure Apache ServerSignature @@ -106,6 +113,7 @@ regexp: '^ServerSignature' line: "ServerSignature {{ keystone_apache_serversignature }}" notify: + - Manage LB - Restart web server - name: Remove Listen from Apache config @@ -115,4 +123,5 @@ backrefs: yes line: '#\1' notify: + - Manage LB - Restart web server diff --git a/tasks/keystone_db_setup.yml b/tasks/keystone_db_setup.yml index 73d7f9e9..bf8951d6 100644 --- a/tasks/keystone_db_setup.yml +++ b/tasks/keystone_db_setup.yml @@ -64,6 +64,7 @@ - "'systemd could not find' not in _stop.msg" - "'Could not find the requested service' not in _stop.msg" notify: + - Manage LB - Restart uWSGI - name: Perform a Keystone DB sync expand diff --git a/tasks/keystone_federation_sp_setup.yml b/tasks/keystone_federation_sp_setup.yml index a5129ad7..04e8e1f0 100644 --- a/tasks/keystone_federation_sp_setup.yml +++ b/tasks/keystone_federation_sp_setup.yml @@ -33,6 +33,7 @@ changed_when: false when: inventory_hostname == groups['keystone_all'][0] notify: + - Manage LB - Restart web server - Restart Shibd @@ -65,6 +66,7 @@ mode: "0640" when: inventory_hostname != groups['keystone_all'][0] notify: + - Manage LB - Restart web server - Restart Shibd @@ -77,6 +79,7 @@ mode: "0640" when: inventory_hostname != groups['keystone_all'][0] notify: + - Manage LB - Restart web server - Restart Shibd @@ -90,5 +93,6 @@ - "/etc/shibboleth/sp-key.pem" when: inventory_hostname != groups['keystone_all'][0] notify: + - Manage LB - Restart web server - Restart Shibd diff --git a/tasks/keystone_idp_metadata.yml b/tasks/keystone_idp_metadata.yml index f7ed648e..b76d090d 100644 --- a/tasks/keystone_idp_metadata.yml +++ b/tasks/keystone_idp_metadata.yml @@ -20,4 +20,5 @@ become_user: "{{ keystone_system_user_name }}" when: keystone_idp != {} notify: + - Manage LB - Restart uWSGI diff --git a/tasks/keystone_idp_self_signed_create.yml b/tasks/keystone_idp_self_signed_create.yml index 014809b4..d2f70243 100644 --- a/tasks/keystone_idp_self_signed_create.yml +++ b/tasks/keystone_idp_self_signed_create.yml @@ -33,6 +33,7 @@ when: > inventory_hostname == groups['keystone_all'][0] notify: + - Manage LB - Restart web server - name: Set appropriate file ownership on the IdP self-signed cert diff --git a/tasks/keystone_idp_self_signed_distribute.yml b/tasks/keystone_idp_self_signed_distribute.yml index cb8b4b6b..a556497f 100644 --- a/tasks/keystone_idp_self_signed_distribute.yml +++ b/tasks/keystone_idp_self_signed_distribute.yml @@ -30,6 +30,7 @@ retries: 5 delay: 2 notify: + - Manage LB - Restart web server - name: Set appropriate file ownership on the IdP self-signed cert diff --git a/tasks/keystone_init_systemd.yml b/tasks/keystone_init_systemd.yml index 2848bb08..3d9c8ec9 100644 --- a/tasks/keystone_init_systemd.yml +++ b/tasks/keystone_init_systemd.yml @@ -39,6 +39,7 @@ owner: "root" group: "root" notify: + - Manage LB - Restart uWSGI - Restart web server @@ -53,5 +54,6 @@ config_type: "ini" with_items: "{{ keystone_wsgi_program_names }}" notify: + - Manage LB - Restart uWSGI - Restart web server diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml index 4c8787fe..d2568628 100644 --- a/tasks/keystone_install.yml +++ b/tasks/keystone_install.yml @@ -78,6 +78,7 @@ retries: 5 delay: 2 notify: + - Manage LB - Restart web server - name: Create developer mode constraint file @@ -137,6 +138,7 @@ copy: "no" when: keystone_get_venv | changed notify: + - Manage LB - Restart uWSGI - Restart web server @@ -156,6 +158,7 @@ delay: 2 when: keystone_get_venv | failed or keystone_get_venv | skipped notify: + - Manage LB - Restart uWSGI - Restart web server @@ -184,6 +187,7 @@ - src: "{{ keystone_bin }}/keystone-wsgi-public" dest: main notify: + - Manage LB - Restart web server - name: Initialise the upgrade facts diff --git a/tasks/keystone_ldap_setup.yml b/tasks/keystone_ldap_setup.yml index f24504e6..5b9c444c 100644 --- a/tasks/keystone_ldap_setup.yml +++ b/tasks/keystone_ldap_setup.yml @@ -35,6 +35,7 @@ mode: "0640" with_dict: "{{ keystone_ldap }}" notify: + - Manage LB - Restart uWSGI - Restart web server @@ -47,5 +48,6 @@ state: absent when: keystone_ldap.Default is not defined notify: + - Manage LB - Restart uWSGI - Restart web server diff --git a/tasks/keystone_nginx.yml b/tasks/keystone_nginx.yml index d06d1778..cb5dc63a 100644 --- a/tasks/keystone_nginx.yml +++ b/tasks/keystone_nginx.yml @@ -24,6 +24,7 @@ path: /etc/nginx/sites-enabled/default state: absent notify: + - Manage LB - Restart web server - name: Configure custom nginx log format @@ -34,6 +35,7 @@ dest: "/etc/nginx/nginx.conf" line: "log_format custom '{{ keystone_nginx_access_log_format_combined }} {{ keystone_nginx_access_log_format_extras }}';" notify: + - Manage LB - Restart web server - name: Ensure configuration directory exists @@ -48,6 +50,7 @@ dest: "/etc/nginx/{{ keystone_nginx_conf_path }}/{{ item }}.conf" with_items: "{{ keystone_wsgi_program_names }}" notify: + - Manage LB - Restart web server - name: Link to enable virtual hosts @@ -58,4 +61,5 @@ with_items: "{{ keystone_wsgi_program_names }}" when: ansible_os_family == "Debian" notify: + - Manage LB - Restart web server diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml index 69744a18..cf6d3556 100644 --- a/tasks/keystone_post_install.yml +++ b/tasks/keystone_post_install.yml @@ -54,6 +54,7 @@ config_type: "json" content: "{{ keystone_policy_user_content | default('{}', true) }}" notify: + - Manage LB - Restart uWSGI - Restart web server @@ -67,6 +68,7 @@ when: - keystone_idp != {} notify: + - Manage LB - Restart uWSGI - Restart web server @@ -77,5 +79,6 @@ when: - keystone_idp == {} notify: + - Manage LB - Restart uWSGI - Restart web server diff --git a/tasks/keystone_ssl_key_create.yml b/tasks/keystone_ssl_key_create.yml index 6b48b81c..88808d70 100644 --- a/tasks/keystone_ssl_key_create.yml +++ b/tasks/keystone_ssl_key_create.yml @@ -29,6 +29,7 @@ -extensions v3_ca creates={{ keystone_ssl_cert }} notify: + - Manage LB - Restart web server - name: Ensure keystone user owns the self-signed key and certificate @@ -41,4 +42,5 @@ - "{{ keystone_ssl_key }}" - "{{ keystone_ssl_cert }}" notify: + - Manage LB - Restart web server diff --git a/tasks/keystone_ssl_key_distribute.yml b/tasks/keystone_ssl_key_distribute.yml index 83206f3c..2ca8f526 100644 --- a/tasks/keystone_ssl_key_distribute.yml +++ b/tasks/keystone_ssl_key_distribute.yml @@ -21,6 +21,7 @@ group: "{{ keystone_system_group_name }}" mode: "0640" notify: + - Manage LB - Restart web server - name: Distribute self signed ssl cert @@ -31,6 +32,7 @@ group: "{{ keystone_system_group_name }}" mode: "0640" notify: + - Manage LB - Restart web server - name: Ensure keystone user owns the self-signed key and certificate @@ -42,4 +44,5 @@ - "{{ keystone_ssl_key }}" - "{{ keystone_ssl_cert }}" notify: + - Manage LB - Restart web server diff --git a/tasks/keystone_ssl_user_provided.yml b/tasks/keystone_ssl_user_provided.yml index 6e2db52e..1435094e 100644 --- a/tasks/keystone_ssl_user_provided.yml +++ b/tasks/keystone_ssl_user_provided.yml @@ -22,6 +22,7 @@ mode: "0644" when: keystone_user_ssl_cert is defined notify: + - Manage LB - Restart web server - name: Drop user provided ssl key @@ -33,6 +34,7 @@ mode: "0640" when: keystone_user_ssl_key is defined notify: + - Manage LB - Restart web server - name: Drop user provided ssl CA cert @@ -44,4 +46,5 @@ mode: "0644" when: keystone_user_ssl_ca_cert is defined notify: + - Manage LB - Restart web server diff --git a/tasks/keystone_uwsgi.yml b/tasks/keystone_uwsgi.yml index 1660cc04..002d2a34 100644 --- a/tasks/keystone_uwsgi.yml +++ b/tasks/keystone_uwsgi.yml @@ -27,6 +27,7 @@ config_type: ini with_items: "{{ keystone_wsgi_program_names }}" notify: + - Manage LB - Restart uWSGI - include: "keystone_init_{{ ansible_service_mgr }}.yml"