From 33a709485ca3b6fb20ee42366c84da834c78e7d1 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Thu, 2 Aug 2018 08:40:07 +0100 Subject: [PATCH] Execute image setup against octavia_service_setup_host In order to reduce the packages required to pip install on to the hosts, we use service delegation to octavia_service_setup_host so that instead of installing software on the target host, and putting credentials on every target host, we isolate the software and credentials to a single host. In this patch we remove the variable 'octavia_image_downloader' and replace it with just using the 'octavia_service_setup_host' instead. We also need to add the variable 'octavia_amp_image_path_owner' which is set to the user running the playbook by default, so that the image can be downloaded to the deployment host successfully. There are any other tasks in the role which need updating before we can eliminate the octavia_requires_pip_packages, but for the sake of keeping the patch smaller and easier to review they will be done in follow up patches. Change-Id: I438cdf695abe223a9fcf7ead796fe2eef41845b7 --- defaults/main.yml | 14 +- ...a-service-setup-host-d57533fdea394394.yaml | 6 + tasks/main.yml | 1 + tasks/octavia_amp_image.yml | 174 ++++++++---------- 4 files changed, 88 insertions(+), 107 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8c22de0b..44f98692 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -219,15 +219,13 @@ octavia_amp_image_id: # download the image from an artefact server # Note: The default is the Octavia test image so don't use that in prod octavia_download_artefact: True -# The host to download images to if enabled -# Options are ['deployment-host', 'target-host'] -octavia_image_downloader: "deployment-host" -# The URL to downlaod from +# The URL to download from octavia_artefact_url: http://tarballs.openstack.org/octavia/test-images/test-only-amphora-x64-haproxy-ubuntu-xenial.qcow2 -# the directory to store the downloaded file to -octavia_amp_image_path: "~/" -# add here the file name of the image if it should be uploaded automatically -octavia_amp_image_file_name: +# Set the directory where the downloaded image will be stored +# on the octavia_service_setup_host host. If the host is localhost, +# then the user running the playbook must have access to it. +octavia_amp_image_path: "{{ lookup('env', 'HOME') }}/openstack-ansible/octavia" +octavia_amp_image_path_owner: "{{ lookup('env', 'USER') }}" # enable uploading image to glance automatically octavia_amp_image_upload_enabled: "{{ octavia_download_artefact }}" diff --git a/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml b/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml index dbf17817..54088225 100644 --- a/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml +++ b/releasenotes/notes/octavia-service-setup-host-d57533fdea394394.yaml @@ -10,3 +10,9 @@ features: .. code-block:: yaml octavia_service_setup_host: "{{ groups['utility_all'][0] }}" + +deprecations: + - | + The variable ``octavia_image_downloader`` has been removed. The image + download now uses the same host designated by the + ``octavia_service_setup_host`` for the image download. diff --git a/tasks/main.yml b/tasks/main.yml index 4d08fb8b..5cef541c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -113,6 +113,7 @@ - octavia-config - include: octavia_amp_image.yml + run_once: true tags: - octavia-config diff --git a/tasks/octavia_amp_image.yml b/tasks/octavia_amp_image.yml index 2722d132..5d0e54b1 100644 --- a/tasks/octavia_amp_image.yml +++ b/tasks/octavia_amp_image.yml @@ -1,105 +1,81 @@ --- - # Copyright 2018, Rackspace US, Inc. - # - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - -- name: Download image from artefact server - get_url: - url: "{{ octavia_artefact_url }}" - dest: "{{ octavia_amp_image_path }}" - retries: 10 - delay: 10 - register: octavia_download_result - when: - - octavia_download_artefact|bool - delegate_to: "{{ (octavia_image_downloader == 'deployment-host') | ternary('localhost', inventory_hostname) }}" - -- name: Set the filename fact - set_fact: - octavia_amp_image_file_name: "{{ octavia_download_result.dest }}" - when: - - octavia_image_downloader == "deployment-host" - - octavia_download_artefact|bool - -- name: Copy download images from deployment-host to target-host(s) - copy: - src: "{{ octavia_amp_image_file_name }}" - dest: "~/{{ octavia_amp_image_file_name|basename }}" - when: - - octavia_amp_image_upload_enabled - - octavia_image_downloader == "deployment-host" - register: octavia_amp_image_copy_result - until: octavia_amp_image_copy_result is success - retries: 6 - delay: 5 - -- name: Set if we need to upload an image - set_fact: - octavia_amp_image_needs_upload: "{{ (octavia_image_downloader != 'deployment-host')|ternary(octavia_download_result|changed, octavia_amp_image_copy_result|changed) }}" - octavia_dst_amp_image_path: "{{ ((octavia_image_downloader == 'deployment-host') and (octavia_download_artefact|bool))|ternary(octavia_amp_image_copy_result.dest, octavia_download_result.dest) }}" - when: - - octavia_amp_image_upload_enabled - -- name: Get curremt image id - os_image_facts: - auth: - auth_url: "{{ keystone_service_adminurl }}" - username: "{{ octavia_service_user_name }}" - password: "{{ octavia_service_password }}" - project_name: "{{ octavia_service_project_name }}" - user_domain_name: "{{ octavia_service_user_domain_id }}" - project_domain_name: "{{ octavia_service_project_domain_id }}" - endpoint_type: "{{ octavia_ansible_endpoint_type }}" - region_name: "{{ octavia_service_region }}" - validate_certs: "{{ keystone_service_adminuri_insecure }}" - auth_type: "{{ octavia_keystone_auth_plugin }}" - image: amphora-x64-haproxy - when: - - octavia_amp_image_needs_upload|default(False) - -# use shell since os_image doesn't support tags -- name: Upload new image to glance - shell: | - . {{ ansible_env.HOME }}/openrc - openstack image create --file {{ octavia_dst_amp_image_path }} --disk-format qcow2 \ - --tag {{ octavia_glance_image_tag }} --private --project service amphora-x64-haproxy - when: - - octavia_amp_image_needs_upload|default(False) - run_once: True - tags: - - skip_ansible_lint - -- name: Delete old image from glance - os_image: - auth: - auth_url: "{{ keystone_service_adminurl }}" - username: "{{ octavia_service_user_name }}" - password: "{{ octavia_service_password }}" - project_name: "{{ octavia_service_project_name }}" - user_domain_name: "{{ octavia_service_user_domain_id }}" - project_domain_name: "{{ octavia_service_project_domain_id }}" - endpoint_type: "{{ octavia_ansible_endpoint_type }}" - region_name: "{{ octavia_service_region }}" - validate_certs: "{{ keystone_service_adminuri_insecure }}" - auth_type: "{{ octavia_keystone_auth_plugin }}" - id: "{{ openstack.id }}" - state: absent - when: - - openstack is defined # result from os_image_facts - - +# Copyright 2018, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# We set the python interpreter to the ansible runtime venv if +# the delegation is to localhost so that we get access to the +# appropriate python libraries in that venv. If the delegation +# is to another host, we assume that it is accessible by the +# system python instead. +- name: Setup the amphora image + delegate_to: "{{ octavia_service_setup_host }}" + vars: + ansible_python_interpreter: >- + {{ (octavia_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }} + block: + - name: Create image download directory + file: + path: "{{ octavia_amp_image_path }}" + state: directory + mode: "0750" + owner: "{{ octavia_amp_image_path_owner }}" + when: + - octavia_download_artefact | bool + - name: Download image from artefact server + get_url: + url: "{{ octavia_artefact_url }}" + dest: "{{ octavia_amp_image_path }}" + retries: 10 + delay: 10 + register: octavia_download_result + when: + - octavia_download_artefact | bool + - name: Get current image id + os_image_facts: + cloud: default + region_name: "{{ octavia_service_region }}" + image: amphora-x64-haproxy + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + when: + - octavia_download_result | changed + # This uses command since os_image doesn't support tags. + # TODO(odyssey4me): + # Add tag capability to os_image module and replace this. + - name: Upload new image to glance + command: >- + openstack image create + --os-cloud default + --file {{ octavia_download_result.dest }} + --disk-format qcow2 + --tag {{ octavia_glance_image_tag }} + --private + --project service + amphora-x64-haproxy + when: + - octavia_download_result | changed + - name: Delete old image from glance + os_image: + cloud: default + state: absent + region_name: "{{ octavia_service_region }}" + id: "{{ openstack.id }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" + when: + - openstack is defined # result from os_image_facts