From 70016bb4ee2a54f503b8d8218c0a56f639737226 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Thu, 12 Jul 2018 19:37:21 +0100
Subject: [PATCH] Execute service setup against a delegated host using Ansible
 built-in modules

In order to reduce the packages required to pip install on to the hosts,
we allow the service setup to be delegated to a specific host, defaulting
to the deploy host. We also switch as many tasks as possible to using the
built-in Ansible modules which make use of the shade library.

The 'virtualenv' package is now installed appropriately by the openstack_hosts
role, so there's no need to install it any more. The 'httplib2' package is a
legacy Ansible requirement for the get_url/get_uri module which is no longer
needed. The keystone client library is not required any more now that we're
using the upstream modules. As there are no required packages left, the task
to install them is also removed.

Change-Id: I81bb3f872dc93e54861cb720e3b37ab7660a074a
---
 defaults/main.yml                   |  12 +-
 meta/main.yml                       |   1 -
 tasks/searchlight_install.yml       |  13 --
 tasks/searchlight_service_setup.yml | 182 ++++++++++++++--------------
 tests/host_vars/localhost.yml       |   2 -
 tests/test-install-searchlight.yml  |   8 +-
 6 files changed, 98 insertions(+), 120 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 19464f4..bb74a65 100755
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -16,6 +16,11 @@
 ## Verbosity Options
 debug: False
 
+# Set the host which will execute the shade modules
+# for the service setup. The host must already have
+# clouds.yaml properly configured.
+searchlight_service_setup_host: "{{ openstack_service_setup_host | default('localhost') }}"
+
 # Set the package install state for distribution and pip packages
 # Options are 'present' and 'latest'
 searchlight_package_state: "latest"
@@ -61,13 +66,6 @@ searchlight_system_shell: /bin/false
 searchlight_system_comment: searchlight system user
 searchlight_system_user_home: "/var/lib/{{ searchlight_system_user_name }}"
 
-#: searchlight packages that must be installed before anything else
-searchlight_required_pip_packages:
-  - virtualenv
-  - python-keystoneclient # Keystoneclient needed for OSA keystone lib
-  - httplib2 # so we can use the uri module
-  - python-searchlightclient
-
 #: Common pip packages
 searchlight_pip_packages:
   - cryptography
diff --git a/meta/main.yml b/meta/main.yml
index 59da928..ee32ad1 100755
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -18,4 +18,3 @@ dependencies:
   - role: apt_package_pinning
     when:
       - ansible_pkg_mgr == 'apt'
-  - openstack_openrc
diff --git a/tasks/searchlight_install.yml b/tasks/searchlight_install.yml
index 38822e1..80be337 100644
--- a/tasks/searchlight_install.yml
+++ b/tasks/searchlight_install.yml
@@ -37,19 +37,6 @@
   when:
     - searchlight_developer_mode | bool
 
-- name: Install required pip packages
-  pip:
-    name: "{{ searchlight_required_pip_packages | join(' ') }}"
-    state: "{{ searchlight_pip_package_state }}"
-    extra_args: >-
-      {{ searchlight_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-      {{ pip_install_options | default('') }}
-  register: install_packages
-  until: install_packages is success
-  retries: 5
-  delay: 2
-
 - name: Attempt venv download
   get_url:
     url: "{{ searchlight_venv_download_url }}"
diff --git a/tasks/searchlight_service_setup.yml b/tasks/searchlight_service_setup.yml
index 75d3d4f..ad522c9 100644
--- a/tasks/searchlight_service_setup.yml
+++ b/tasks/searchlight_service_setup.yml
@@ -13,100 +13,96 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Create a service
-- name: Ensure Searchlight service
-  keystone:
-    command: "ensure_service"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    service_name: "{{ searchlight_service_name }}"
-    service_type: "{{ searchlight_service_type }}"
-    description: "{{ searchlight_service_description }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_service
-  until: add_service is success
-  retries: 5
-  delay: 2
-  no_log: True
+# We set the python interpreter to the ansible runtime venv if
+# the delegation is to localhost so that we get access to the
+# appropriate python libraries in that venv. If the delegation
+# is to another host, we assume that it is accessible by the
+# system python instead.
+- name: Setup the service
+  delegate_to: "{{ searchlight_service_setup_host }}"
+  vars:
+    ansible_python_interpreter: >-
+      {{ (searchlight_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
+  block:
+    - name: Add service to the keystone service catalog
+      os_keystone_service:
+        cloud: default
+        state: present
+        name: "{{ searchlight_service_name }}"
+        service_type: "{{ searchlight_service_type }}"
+        description: "{{ searchlight_service_description }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      register: add_service
+      until: add_service is success
+      retries: 5
+      delay: 10
 
-# Create the project if needed, assumed to be in default domain.
-# In many cases this will be present but under some circumstances the project
-# may be unique to Searchlight, esp. when Swift is used for storage.
-- name: Ensure Searchlight project
-  keystone:
-    command: ensure_project
-    project_name: "{{ searchlight_service_project_name }}"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    description: "{{ searchlight_service_project_description }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_project
-  until: add_project is success
-  retries: 5
-  delay: 10
-  no_log: True
+    # Create the project if needed, assumed to be in default domain.
+    # In many cases this will be present but under some circumstances the project
+    # may be unique to Searchlight, esp. when Swift is used for storage.
+    - name: Add service project
+      os_project:
+        cloud: default
+        state: present
+        name: "{{ searchlight_service_project_name }}"
+        description: "{{ searchlight_service_project_description }}"
+        domain: "Default"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      register: add_service
+      until: add_service is success
+      retries: 5
+      delay: 10
 
-# Create an admin user
-- name: Ensure Searchlight user
-  keystone:
-    command: "ensure_user"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    user_name: "{{ searchlight_service_user_name }}"
-    tenant_name: "{{ searchlight_service_project_name }}"
-    password: "{{ searchlight_service_password }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_user
-  until: add_user is success
-  retries: 5
-  delay: 10
-  no_log: True
+    - name: Add service user
+      os_user:
+        cloud: default
+        state: present
+        name: "{{ searchlight_service_user_name }}"
+        password: "{{ searchlight_service_password }}"
+        domain: default
+        default_project: "{{ searchlight_service_project_name }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      register: add_service
+      until: add_service is success
+      retries: 5
+      delay: 10
+      no_log: True
 
-# Add a role to the user
-- name: Ensure Searchlight user maps to admin role
-  keystone:
-    command: "ensure_user_role"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    user_name: "{{ searchlight_service_user_name }}"
-    tenant_name: "{{ searchlight_service_project_name }}"
-    role_name: "{{ searchlight_role_name }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: add_admin_role
-  until: add_admin_role is success
-  retries: 5
-  delay: 10
-  no_log: True
+    - name: Add service user to admin role
+      os_user_role:
+        cloud: default
+        state: present
+        user: "{{ searchlight_service_user_name }}"
+        role: "{{ searchlight_role_name }}"
+        project: "{{ searchlight_service_project_name }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      register: add_service
+      until: add_service is success
+      retries: 5
+      delay: 10
 
-# Create an endpoint
-- name: Ensure Searchlight endpoint
-  keystone:
-    command: "ensure_endpoint"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    region_name: "{{ searchlight_service_region }}"
-    service_name: "{{ searchlight_service_name }}"
-    service_type: "{{ searchlight_service_type }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-    endpoint_list:
-      - url: "{{ searchlight_service_publicurl }}"
-        interface: "public"
-      - url: "{{ searchlight_service_internalurl }}"
-        interface: "internal"
-      - url: "{{ searchlight_service_adminurl }}"
-        interface: "admin"
-  register: add_endpoint
-  until: add_endpoint is success
-  retries: 5
-  delay: 10
-  no_log: True
+    - name: Add endpoints to keystone endpoint catalog
+      os_keystone_endpoint:
+        cloud: default
+        state: present
+        service: "{{ searchlight_service_name }}"
+        endpoint_interface: "{{ item.interface }}"
+        url: "{{ item.url }}"
+        region: "{{ searchlight_service_region }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      register: add_service
+      until: add_service is success
+      retries: 5
+      delay: 10
+      with_items:
+        - interface: "public"
+          url: "{{ searchlight_service_publicurl }}"
+        - interface: "internal"
+          url: "{{ searchlight_service_internalurl }}"
+        - interface: "admin"
+          url: "{{ searchlight_service_adminurl }}"
diff --git a/tests/host_vars/localhost.yml b/tests/host_vars/localhost.yml
index cfb18fc..293799e 100644
--- a/tests/host_vars/localhost.yml
+++ b/tests/host_vars/localhost.yml
@@ -15,5 +15,3 @@
 
 bridges:
   - name: "br-mgmt"
-
-ansible_python_interpreter: "/usr/bin/python2"
diff --git a/tests/test-install-searchlight.yml b/tests/test-install-searchlight.yml
index b3be86a..468feb1 100644
--- a/tests/test-install-searchlight.yml
+++ b/tests/test-install-searchlight.yml
@@ -17,15 +17,15 @@
   hosts: searchlight_all
   user: root
   gather_facts: true
+  vars_files:
+    - common/test-vars.yml
+  vars:
+    elasticsearch_apt_java_package: openjdk-8-jre
   pre_tasks:
     - include: common/ensure-rabbitmq.yml
       vhost_name: "{{ searchlight_rabbitmq_vhost }}"
       user_name: "{{ searchlight_rabbitmq_userid }}"
       user_password: "{{ searchlight_rabbitmq_password }}"
       when: groups['rabbitmq_all'] is defined
-  vars:
-    elasticsearch_apt_java_package: openjdk-8-jre
   roles:
     - role: "os_searchlight"
-  vars_files:
-    - common/test-vars.yml