From 839aec5abeb665aa12b2e982b7ac40c4d5f5afac Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Wed, 4 Jul 2018 13:47:51 +0100 Subject: [PATCH] Ensure remote_user and become are consistently implemented It makes no sense to use become when you're connecting to a host via the root remote_user. As such, we remove all uses of 'become: true' from the test plays with the exception of the 'test-prepare-keys.yml' playbook which uses a local connection rather than a remote one and it therefore needs to use become. We also transition all plays to use 'remote_user' which is the correct parameter to replace 'user' (since ansible 1.4). Finally, we switch the horizon nova service setup to its own playbook using a local connection and the upstream keystone modules. Change-Id: I20517c22f07b1bb811a51d8c63741604360fe7f8 --- destroy_containers.yml | 2 +- test-install-cinder.yml | 6 +-- test-install-etcd.yml | 3 +- test-install-galera.yml | 3 +- test-install-glance.yml | 3 +- test-install-gnocchi.yml | 3 +- test-install-haproxy.yml | 2 +- test-install-heat.yml | 3 +- test-install-horizon.yml | 77 +++++++++++++++++--------------- test-install-ironic.yml | 1 - test-install-keystone.yml | 9 ++-- test-install-memcached.yml | 3 +- test-install-neutron.yml | 12 ++--- test-install-nova.yml | 9 ++-- test-install-openstack-hosts.yml | 2 +- test-install-rabbitmq.yml | 7 ++- test-install-sahara.yml | 1 - test-install-swift.yml | 9 +++- test-install-tempest.yml | 10 ++++- test-prepare-containers.yml | 11 ++++- test-prepare-host.yml | 4 +- test-setup-cinder-localhost.yml | 2 +- test-setup-swifthosts.yml | 10 ++++- 23 files changed, 101 insertions(+), 91 deletions(-) diff --git a/destroy_containers.yml b/destroy_containers.yml index 4318bc3f..8554b19b 100644 --- a/destroy_containers.yml +++ b/destroy_containers.yml @@ -15,7 +15,7 @@ - name: Playbook for destroying test containers hosts: all_containers - become: true + remote_user: root gather_facts: false tasks: - name: Destroy a container diff --git a/test-install-cinder.yml b/test-install-cinder.yml index e8f5fb98..baa72e31 100644 --- a/test-install-cinder.yml +++ b/test-install-cinder.yml @@ -15,8 +15,7 @@ - name: Deploy cinder API services hosts: cinder_api - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true pre_tasks: @@ -50,8 +49,7 @@ - name: Deploy the rest of cinder hosts: "cinder_all:!cinder_api" - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-etcd.yml b/test-install-etcd.yml index 0e9f6cfd..1a082c70 100644 --- a/test-install-etcd.yml +++ b/test-install-etcd.yml @@ -15,8 +15,7 @@ - name: Deploy etcd hosts: etcd_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-galera.yml b/test-install-galera.yml index 1626a332..ed434815 100644 --- a/test-install-galera.yml +++ b/test-install-galera.yml @@ -15,8 +15,7 @@ - name: Deploy galera hosts: galera_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-glance.yml b/test-install-glance.yml index a8da3c76..ac065e33 100644 --- a/test-install-glance.yml +++ b/test-install-glance.yml @@ -15,8 +15,7 @@ - name: Playbook for deploying glance hosts: glance_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true pre_tasks: diff --git a/test-install-gnocchi.yml b/test-install-gnocchi.yml index 657b06ff..ecfea6ef 100644 --- a/test-install-gnocchi.yml +++ b/test-install-gnocchi.yml @@ -15,8 +15,7 @@ - name: Deploy gnocchi hosts: gnocchi_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-haproxy.yml b/test-install-haproxy.yml index 9cc42a10..807f7e35 100644 --- a/test-install-haproxy.yml +++ b/test-install-haproxy.yml @@ -15,7 +15,7 @@ - name: Install haproxy hosts: localhost - become: true + remote_user: root any_errors_fatal: true roles: - role: "haproxy_server" diff --git a/test-install-heat.yml b/test-install-heat.yml index a3f18c45..b71675ac 100644 --- a/test-install-heat.yml +++ b/test-install-heat.yml @@ -15,8 +15,7 @@ - name: Playbook for deploying heat hosts: heat_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true pre_tasks: diff --git a/test-install-horizon.yml b/test-install-horizon.yml index 26206760..839d8fb9 100644 --- a/test-install-horizon.yml +++ b/test-install-horizon.yml @@ -15,51 +15,54 @@ - name: Playbook for deploying horizon hosts: horizon_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true vars_files: - test-vars.yml roles: - role: "os_horizon" - post_tasks: - - name: Ensure nova service - keystone: - command: "ensure_service" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - service_name: "{{ nova_service_name }}" + +- name: Playbook to add nova service and endpoint (required by Horizon) + hosts: localhost + connection: local + gather_facts: false + any_errors_fatal: true + vars: + ansible_python_interpreter: "{{ ansible_playbook_python }}" + vars_files: + - test-vars.yml + tasks: + - name: Add nova service to the keystone service catalog + os_keystone_service: + cloud: default + state: present + name: "{{ nova_service_name }}" service_type: "{{ nova_service_type }}" description: "{{ nova_service_description }}" - insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_type: admin + verify: "{{ not keystone_service_adminuri_insecure }}" register: add_service - until: add_service|success - retries: 5 - delay: 2 - no_log: true - - name: Ensure nova endpoint - keystone: - command: "ensure_endpoint" - endpoint: "{{ keystone_service_adminurl }}" - login_user: "{{ keystone_admin_user_name }}" - login_password: "{{ keystone_auth_admin_password }}" - login_project_name: "{{ keystone_admin_tenant_name }}" - region_name: "{{ nova_service_region }}" - service_name: "{{ nova_service_name }}" - service_type: "{{ nova_service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - endpoint_list: - - url: "{{ nova_service_publicurl }}" - interface: "public" - - url: "{{ nova_service_internalurl }}" - interface: "internal" - - url: "{{ nova_service_adminurl }}" - interface: "admin" - register: add_service - until: add_service|success + until: add_service is success retries: 5 delay: 10 - no_log: true + + - name: Add nova endpoints to keystone endpoint catalog + os_keystone_endpoint: + cloud: default + state: present + service: "{{ nova_service_name }}" + endpoint_interface: "{{ item.interface }}" + url: "{{ item.url }}" + region: "{{ nova_service_region }}" + register: add_service + until: add_service is success + retries: 5 + delay: 10 + with_items: + - interface: "public" + url: "{{ nova_service_publicurl }}" + - interface: "internal" + url: "{{ nova_service_internalurl }}" + - interface: "admin" + url: "{{ nova_service_adminurl }}" diff --git a/test-install-ironic.yml b/test-install-ironic.yml index 5e0dc50a..4c5c281b 100644 --- a/test-install-ironic.yml +++ b/test-install-ironic.yml @@ -16,7 +16,6 @@ - name: Playbook for installing Ironic hosts: ironic_all remote_user: root - become: true gather_facts: true any_errors_fatal: true pre_tasks: diff --git a/test-install-keystone.yml b/test-install-keystone.yml index b07cb680..7406b60d 100644 --- a/test-install-keystone.yml +++ b/test-install-keystone.yml @@ -17,8 +17,7 @@ hosts: keystone_all[0] gather_facts: true any_errors_fatal: true - user: root - become: true + remote_user: root vars_files: - test-vars.yml tasks: @@ -49,8 +48,7 @@ - name: Playbook for deploying keystone hosts: keystone_all serial: 1 - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true vars_files: @@ -79,8 +77,7 @@ - name: Playbook for finalising the keystone db migrations hosts: keystone_all[0] - user: root - become: true + remote_user: root gather_facts: false any_errors_fatal: true vars_files: diff --git a/test-install-memcached.yml b/test-install-memcached.yml index c3fd297b..c8031358 100644 --- a/test-install-memcached.yml +++ b/test-install-memcached.yml @@ -15,8 +15,7 @@ - name: Deploy memcached hosts: memcached_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-neutron.yml b/test-install-neutron.yml index a1cef219..8d95007b 100644 --- a/test-install-neutron.yml +++ b/test-install-neutron.yml @@ -17,8 +17,10 @@ - name: Make /lib/modules accessible on neutron_agent containers hosts: neutron_agent - user: root - become: true + # We explicitly do not use 'remote_user: root' here because the + # play totally fails to apply the extra container config through + # delegation. + become: True gather_facts: true any_errors_fatal: true vars: @@ -53,8 +55,7 @@ - name: Prepare for neutron services hosts: neutron_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true vars: @@ -106,8 +107,7 @@ - name: Deploy neutron server hosts: neutron_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-nova.yml b/test-install-nova.yml index d9bb830f..34f64f41 100644 --- a/test-install-nova.yml +++ b/test-install-nova.yml @@ -17,8 +17,7 @@ - name: Prepare for nova services hosts: nova_all - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true vars: @@ -79,8 +78,7 @@ - name: Deploy nova control plane hosts: "nova_all:!nova_compute" - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: @@ -90,8 +88,7 @@ - name: Deploy nova compute hosts: "nova_compute" - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-openstack-hosts.yml b/test-install-openstack-hosts.yml index 0d8f7750..a5fb846e 100644 --- a/test-install-openstack-hosts.yml +++ b/test-install-openstack-hosts.yml @@ -15,7 +15,7 @@ - name: Execute the openstack-host role hosts: localhost - become: true + remote_user: root gather_facts: true any_errors_fatal: true pre_tasks: diff --git a/test-install-rabbitmq.yml b/test-install-rabbitmq.yml index 88c35664..fd9c84c4 100644 --- a/test-install-rabbitmq.yml +++ b/test-install-rabbitmq.yml @@ -18,7 +18,7 @@ # facts before continuing. - name: Gather facts hosts: "rabbitmq_all" - user: root + remote_user: root gather_facts: true # The cluster must be stopped when doing major/minor upgrades @@ -27,7 +27,7 @@ hosts: "rabbitmq_all[1:]" serial: 1 any_errors_fatal: true - user: root + remote_user: root tasks: - name: "Stop RabbitMQ" service: @@ -39,8 +39,7 @@ - name: Deploy Rabbitmq hosts: rabbitmq_all serial: 1 - user: root - become: true + remote_user: root gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-sahara.yml b/test-install-sahara.yml index 90de817b..8355fcc8 100644 --- a/test-install-sahara.yml +++ b/test-install-sahara.yml @@ -16,7 +16,6 @@ - name: Playbook for installing Ironic hosts: sahara_all remote_user: root - become: true gather_facts: true any_errors_fatal: true pre_tasks: diff --git a/test-install-swift.yml b/test-install-swift.yml index dc43e53b..2dc76c7a 100644 --- a/test-install-swift.yml +++ b/test-install-swift.yml @@ -17,8 +17,13 @@ - name: Playbook for deploying swift hosts: "{{ swift_groups | default('swift_all:swift_remote_all') }}" - user: root - become: true + # We explicitly do not use 'remote_user: root' here because the + # role totally fails when we do due to not being able to apply sysctl + # settings through delegation. + # TODO(odyssey4me): + # Figure out whether this issue happens for normal (non localhost) + # delegation, and how to resolve the issue. + become: True gather_facts: true any_errors_fatal: true roles: diff --git a/test-install-tempest.yml b/test-install-tempest.yml index 83cf08c3..5f0734d7 100644 --- a/test-install-tempest.yml +++ b/test-install-tempest.yml @@ -15,8 +15,14 @@ - name: Playbook for deploying tempest hosts: utility_all - user: root - become: true + # We explicitly do not use 'remote_user: root' here because the + # role totally fails when we do due to the delegation of the + # cirros image download into /opt/cache/files due to that path + # not being writable. + # TODO(odyssey4me): + # Figure out whether this issue happens for normal (non localhost) + # delegation, and how to resolve the issue. + become: True gather_facts: true any_errors_fatal: true roles: diff --git a/test-prepare-containers.yml b/test-prepare-containers.yml index 7fbb7139..7e3e47b3 100644 --- a/test-prepare-containers.yml +++ b/test-prepare-containers.yml @@ -15,7 +15,7 @@ - name: Gather facts for the LXC hosts hosts: localhost - become: true + remote_user: root gather_facts: true tasks: - include: "common-tasks/test-set-nodepool-vars.yml" @@ -25,6 +25,13 @@ - name: Playbook for creating containers hosts: all_containers + # We explicitly do not use 'remote_user: root' here because the + # role totally fails when we do due to the delegation of various + # tasks to localhost for creating the /openstack and /var/lib/lxc + # directories. + # TODO(odyssey4me): + # Figure out whether this issue happens for normal (non localhost) + # delegation, and how to resolve the issue. become: True gather_facts: False any_errors_fatal: true @@ -47,7 +54,7 @@ # to optimize serialization - name: Execute the openstack-host role on containers hosts: all_containers - become: true + remote_user: root gather_facts: true pre_tasks: - include: "common-tasks/test-set-nodepool-vars.yml" diff --git a/test-prepare-host.yml b/test-prepare-host.yml index 7903c614..76e37dbf 100644 --- a/test-prepare-host.yml +++ b/test-prepare-host.yml @@ -17,7 +17,7 @@ - name: Playbook for configuring hosts hosts: localhost - become: true + remote_user: root vars_files: - test-vars.yml tasks: @@ -59,7 +59,7 @@ - name: Playbook for configuring the LXC host hosts: localhost - become: true + remote_user: root vars_files: - test-vars.yml roles: diff --git a/test-setup-cinder-localhost.yml b/test-setup-cinder-localhost.yml index e9912b4f..8664c345 100644 --- a/test-setup-cinder-localhost.yml +++ b/test-setup-cinder-localhost.yml @@ -15,7 +15,7 @@ - name: Prepare cinder-volumes volume group hosts: localhost - become: true + remote_user: root tasks: - name: Install lvm2 package package: diff --git a/test-setup-swifthosts.yml b/test-setup-swifthosts.yml index b78c4e5e..0ab7a5bd 100644 --- a/test-setup-swifthosts.yml +++ b/test-setup-swifthosts.yml @@ -15,8 +15,14 @@ - name: Swift setup hosts: swift_hosts - user: root - become: true + # We explicitly do not use 'remote_user: root' here because the + # role totally fails when we do due to not being able to update + # the apt cache when trying to install packages for the ironic + # role. + # TODO(odyssey4me): + # Figure out whether this issue happens for normal (non localhost) + # delegation, and how to resolve the issue. + become: True gather_facts: true any_errors_fatal: true vars_files: