Execute image setup against octavia_service_setup_host

In order to reduce the packages required to pip install on to the hosts, we use service delegation to octavia_service_setup_host so that instead of installing software on the target host, and putting credentials on every target host, we isolate the software and credentials to a single host. In this patch we remove the variable 'octavia_image_downloader' and replace it with just using the 'octavia_service_setup_host' instead. We also need to add the variable 'octavia_amp_image_path_owner' which is set to the user running the playbook by default, so that the image can be downloaded to the deployment host successfully. There are any other tasks in the role which need updating before we can eliminate the octavia_requires_pip_packages, but for the sake of keeping the patch smaller and easier to review they will be done in follow up patches. Change-Id: I438cdf695abe223a9fcf7ead796fe2eef41845b7
2018-08-02 08:40:07 +01:00 · 2018-08-02 08:40:07 +01:00 · 33a709485c
parent faf5d66876
commit 33a709485c
4 changed files with 88 additions and 107 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -219,15 +219,13 @@ octavia_amp_image_id:
 # download the image from an artefact server
 # Note: The default is the Octavia test image so don't use that in prod
 octavia_download_artefact: True
-# The host to download images to if enabled
-# Options are ['deployment-host', 'target-host']
-octavia_image_downloader: "deployment-host"
-# The URL to downlaod from
+# The URL to download from
 octavia_artefact_url: http://tarballs.openstack.org/octavia/test-images/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2
-# the directory to store the downloaded file to
-octavia_amp_image_path: "~/"
-# add here the file name of the image if it should be uploaded automatically
-octavia_amp_image_file_name:
+# Set the directory where the downloaded image will be stored
+# on the octavia_service_setup_host host. If the host is localhost,
+# then the user running the playbook must have access to it.
+octavia_amp_image_path: "{{ lookup('env', 'HOME') }}/openstack-ansible/octavia"
+octavia_amp_image_path_owner: "{{ lookup('env', 'USER') }}"
 # enable uploading image to glance automatically
 octavia_amp_image_upload_enabled: "{{ octavia_download_artefact }}"

--- a/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml
+++ b/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml
@ -10,3 +10,9 @@ features:
    .. code-block:: yaml

      octavia_service_setup_host: "{{ groups['utility_all'][0] }}"
+
+deprecations:
+  - |
+    The variable ``octavia_image_downloader`` has been removed. The image
+    download now uses the same host designated by the
+    ``octavia_service_setup_host`` for the image download.
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -113,6 +113,7 @@
    - octavia-config

 - include: octavia_amp_image.yml
+  run_once: true
  tags:
    - octavia-config

--- a/tasks/octavia_amp_image.yml
+++ b/tasks/octavia_amp_image.yml
@ -1,105 +1,81 @@
 ---
-  # Copyright 2018, Rackspace US, Inc.
-  #
-  # Licensed under the Apache License, Version 2.0 (the "License");
-  # you may not use this file except in compliance with the License.
-  # You may obtain a copy of the License at
-  #
-  #     http://www.apache.org/licenses/LICENSE-2.0
-  #
-  # Unless required by applicable law or agreed to in writing, software
-  # distributed under the License is distributed on an "AS IS" BASIS,
-  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  # See the License for the specific language governing permissions and
-  # limitations under the License.
-
- name: Download image from artefact server
-  get_url:
-    url: "{{ octavia_artefact_url }}"
-    dest: "{{ octavia_amp_image_path }}"
-  retries: 10
-  delay: 10
-  register: octavia_download_result
-  when:
-    - octavia_download_artefact|bool
-  delegate_to: "{{ (octavia_image_downloader == 'deployment-host') | ternary('localhost', inventory_hostname) }}"
-
- name: Set the filename fact
-  set_fact:
-    octavia_amp_image_file_name: "{{ octavia_download_result.dest }}"
-  when:
-    - octavia_image_downloader == "deployment-host"
-    - octavia_download_artefact|bool
-
- name: Copy download images from deployment-host to target-host(s)
-  copy:
-    src: "{{ octavia_amp_image_file_name }}"
-    dest: "~/{{ octavia_amp_image_file_name|basename }}"
-  when:
-    - octavia_amp_image_upload_enabled
-    - octavia_image_downloader == "deployment-host"
-  register: octavia_amp_image_copy_result
-  until: octavia_amp_image_copy_result is success
-  retries: 6
-  delay: 5
-
- name: Set if we need to upload an image
-  set_fact:
-    octavia_amp_image_needs_upload: "{{ (octavia_image_downloader != 'deployment-host')|ternary(octavia_download_result|changed, octavia_amp_image_copy_result|changed) }}"
-    octavia_dst_amp_image_path: "{{ ((octavia_image_downloader == 'deployment-host') and (octavia_download_artefact|bool))|ternary(octavia_amp_image_copy_result.dest, octavia_download_result.dest) }}"
-  when:
-    - octavia_amp_image_upload_enabled
-
- name: Get curremt image id
-  os_image_facts:
-    auth:
-      auth_url: "{{ keystone_service_adminurl }}"
-      username: "{{ octavia_service_user_name }}"
-      password: "{{ octavia_service_password }}"
-      project_name: "{{ octavia_service_project_name }}"
-      user_domain_name: "{{ octavia_service_user_domain_id }}"
-      project_domain_name: "{{ octavia_service_project_domain_id }}"
-    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
-    region_name: "{{ octavia_service_region }}"
-    validate_certs: "{{ keystone_service_adminuri_insecure }}"
-    auth_type: "{{ octavia_keystone_auth_plugin }}"
-    image: amphora-x64-haproxy
-  when:
-     - octavia_amp_image_needs_upload|default(False)
-
-# use shell since os_image doesn't support tags
- name: Upload new image to glance
-  shell: |
-    . {{ ansible_env.HOME }}/openrc
-    openstack image create --file  {{ octavia_dst_amp_image_path }} --disk-format qcow2 \
-    --tag {{ octavia_glance_image_tag }}  --private --project service amphora-x64-haproxy
-  when:
-    - octavia_amp_image_needs_upload|default(False)
-  run_once: True
-  tags:
-    - skip_ansible_lint
-
- name: Delete old image from glance
-  os_image:
-    auth:
-      auth_url: "{{ keystone_service_adminurl }}"
-      username: "{{ octavia_service_user_name }}"
-      password: "{{ octavia_service_password }}"
-      project_name: "{{ octavia_service_project_name }}"
-      user_domain_name: "{{ octavia_service_user_domain_id }}"
-      project_domain_name: "{{ octavia_service_project_domain_id }}"
-    endpoint_type: "{{ octavia_ansible_endpoint_type }}"
-    region_name: "{{ octavia_service_region }}"
-    validate_certs: "{{ keystone_service_adminuri_insecure }}"
-    auth_type: "{{ octavia_keystone_auth_plugin }}"
-    id: "{{ openstack.id }}"
-    state: absent
-  when:
-   - openstack is defined # result from os_image_facts
-
-
+# Copyright 2018, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

+# We set the python interpreter to the ansible runtime venv if
+# the delegation is to localhost so that we get access to the
+# appropriate python libraries in that venv. If the delegation
+# is to another host, we assume that it is accessible by the
+# system python instead.
+- name: Setup the amphora image
+  delegate_to: "{{ octavia_service_setup_host }}"
+  vars:
+    ansible_python_interpreter: >-
+      {{ (octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
+  block:
+    - name: Create image download directory
+      file:
+        path: "{{ octavia_amp_image_path }}"
+        state: directory
+        mode: "0750"
+        owner: "{{ octavia_amp_image_path_owner }}"
+      when:
+        - octavia_download_artefact | bool

+    - name: Download image from artefact server
+      get_url:
+        url: "{{ octavia_artefact_url }}"
+        dest: "{{ octavia_amp_image_path }}"
+      retries: 10
+      delay: 10
+      register: octavia_download_result
+      when:
+        - octavia_download_artefact | bool

+    - name: Get current image id
+      os_image_facts:
+        cloud: default
+        region_name: "{{ octavia_service_region }}"
+        image: amphora-x64-haproxy
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      when:
+         - octavia_download_result | changed

+    # This uses command since os_image doesn't support tags.
+    # TODO(odyssey4me):
+    # Add tag capability to os_image module and replace this.
+    - name: Upload new image to glance
+      command: >-
+        openstack image create
+        --os-cloud default
+        --file {{ octavia_download_result.dest }}
+        --disk-format qcow2
+        --tag {{ octavia_glance_image_tag }}
+        --private
+        --project service
+        amphora-x64-haproxy
+      when:
+        - octavia_download_result | changed

+    - name: Delete old image from glance
+      os_image:
+        cloud: default
+        state: absent
+        region_name: "{{ octavia_service_region }}"
+        id: "{{ openstack.id }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      when:
+       - openstack is defined # result from os_image_facts