Ensure remote_user and become are consistently implemented

It makes no sense to use become when you're connecting to a
host via the root remote_user. As such, we remove all uses of
'become: true' from the test plays with the exception of the
'test-prepare-keys.yml' playbook which uses a local connection
rather than a remote one and it therefore needs to use become.

We also transition all plays to use 'remote_user' which is the
correct parameter to replace 'user' (since ansible 1.4).

Finally, we switch the horizon nova service setup to its own
playbook using a local connection and the upstream keystone
modules.

Change-Id: I20517c22f07b1bb811a51d8c63741604360fe7f8

destroy_containers.yml

@@ -15,7 +15,7 @@
 
 - name: Playbook for destroying test containers
   hosts: all_containers
-  become: true
+  remote_user: root
   gather_facts: false
   tasks:
     - name: Destroy a container

test-install-cinder.yml

@@ -15,8 +15,7 @@
 
 - name: Deploy cinder API services
   hosts: cinder_api
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:
@@ -50,8 +49,7 @@
 
 - name: Deploy the rest of cinder
   hosts: "cinder_all:!cinder_api"
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-etcd.yml

@@ -15,8 +15,7 @@
 
 - name: Deploy etcd
   hosts: etcd_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-galera.yml

@@ -15,8 +15,7 @@
 
 - name: Deploy galera
   hosts: galera_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-glance.yml

@@ -15,8 +15,7 @@
 
 - name: Playbook for deploying glance
   hosts: glance_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:

test-install-gnocchi.yml

@@ -15,8 +15,7 @@
 
 - name: Deploy gnocchi
   hosts: gnocchi_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-haproxy.yml

@@ -15,7 +15,7 @@
 
 - name: Install haproxy
   hosts: localhost
-  become: true
+  remote_user: root
   any_errors_fatal: true
   roles:
     - role: "haproxy_server"

test-install-heat.yml

@@ -15,8 +15,7 @@
 
 - name: Playbook for deploying heat
   hosts: heat_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:

test-install-horizon.yml

@@ -15,51 +15,54 @@
 
 - name: Playbook for deploying horizon
   hosts: horizon_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   vars_files:
     - test-vars.yml
   roles:
     - role: "os_horizon"
-  post_tasks:
+
-    - name: Ensure nova service
+- name: Playbook to add nova service and endpoint (required by Horizon)
-      keystone:
+  hosts: localhost
-        command: "ensure_service"
+  connection: local
-        endpoint: "{{ keystone_service_adminurl }}"
+  gather_facts: false
-        login_user: "{{ keystone_admin_user_name }}"
+  any_errors_fatal: true
-        login_password: "{{ keystone_auth_admin_password }}"
+  vars:
-        login_project_name: "{{ keystone_admin_tenant_name }}"
+    ansible_python_interpreter: "{{ ansible_playbook_python }}"
-        service_name: "{{ nova_service_name }}"
+  vars_files:
+    - test-vars.yml
+  tasks:
+    - name: Add nova service to the keystone service catalog
+      os_keystone_service:
+        cloud: default
+        state: present
+        name: "{{ nova_service_name }}"
         service_type: "{{ nova_service_type }}"
         description: "{{ nova_service_description }}"
-        insecure: "{{ keystone_service_adminuri_insecure }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
       register: add_service
-      until: add_service|success
+      until: add_service is success
-      retries: 5
-      delay: 2
-      no_log: true
-    - name: Ensure nova endpoint
-      keystone:
-        command: "ensure_endpoint"
-        endpoint: "{{ keystone_service_adminurl }}"
-        login_user: "{{ keystone_admin_user_name }}"
-        login_password: "{{ keystone_auth_admin_password }}"
-        login_project_name: "{{ keystone_admin_tenant_name }}"
-        region_name: "{{ nova_service_region }}"
-        service_name: "{{ nova_service_name }}"
-        service_type: "{{ nova_service_type }}"
-        insecure: "{{ keystone_service_adminuri_insecure }}"
-        endpoint_list:
-          - url: "{{ nova_service_publicurl }}"
-            interface: "public"
-          - url: "{{ nova_service_internalurl }}"
-            interface: "internal"
-          - url: "{{ nova_service_adminurl }}"
-            interface: "admin"
-      register: add_service
-      until: add_service|success
       retries: 5
       delay: 10
-      no_log: true
+
+    - name: Add nova endpoints to keystone endpoint catalog
+      os_keystone_endpoint:
+         cloud: default
+         state: present
+         service: "{{ nova_service_name }}"
+         endpoint_interface: "{{ item.interface }}"
+         url: "{{ item.url }}"
+         region: "{{ nova_service_region }}"
+      register: add_service
+      until: add_service is success
+      retries: 5
+      delay: 10
+      with_items:
+        - interface: "public"
+          url: "{{ nova_service_publicurl }}"
+        - interface: "internal"
+          url: "{{ nova_service_internalurl }}"
+        - interface: "admin"
+          url: "{{ nova_service_adminurl }}"

test-install-ironic.yml

@@ -16,7 +16,6 @@
 - name: Playbook for installing Ironic
   hosts: ironic_all
   remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:

test-install-keystone.yml

@@ -17,8 +17,7 @@
   hosts: keystone_all[0]
   gather_facts: true
   any_errors_fatal: true
-  user: root
+  remote_user: root
-  become: true
   vars_files:
     - test-vars.yml
   tasks:
@@ -49,8 +48,7 @@
 - name: Playbook for deploying keystone
   hosts: keystone_all
   serial: 1
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   vars_files:
@@ -79,8 +77,7 @@
 
 - name: Playbook for finalising the keystone db migrations
   hosts: keystone_all[0]
-  user: root
+  remote_user: root
-  become: true
   gather_facts: false
   any_errors_fatal: true
   vars_files:

test-install-memcached.yml

@@ -15,8 +15,7 @@
 
 - name: Deploy memcached
   hosts: memcached_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-neutron.yml

@@ -17,8 +17,10 @@
 
 - name: Make /lib/modules accessible on neutron_agent containers
   hosts: neutron_agent
-  user: root
+  # We explicitly do not use 'remote_user: root' here because the
-  become: true
+  # play totally fails to apply the extra container config through
+  # delegation.
+  become: True
   gather_facts: true
   any_errors_fatal: true
   vars:
@@ -53,8 +55,7 @@
 
 - name: Prepare for neutron services
   hosts: neutron_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   vars:
@@ -106,8 +107,7 @@
 
 - name: Deploy neutron server
   hosts: neutron_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-nova.yml

@@ -17,8 +17,7 @@
 
 - name: Prepare for nova services
   hosts: nova_all
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   vars:
@@ -79,8 +78,7 @@
 
 - name: Deploy nova control plane
   hosts: "nova_all:!nova_compute"
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:
@@ -90,8 +88,7 @@
 
 - name: Deploy nova compute
   hosts: "nova_compute"
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-openstack-hosts.yml

@@ -15,7 +15,7 @@
 
 - name: Execute the openstack-host role
   hosts: localhost
-  become: true
+  remote_user: root
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:

test-install-rabbitmq.yml

@@ -18,7 +18,7 @@
 # facts before continuing.
 - name: Gather facts
   hosts: "rabbitmq_all"
-  user: root
+  remote_user: root
   gather_facts: true
 
 # The cluster must be stopped when doing major/minor upgrades
@@ -27,7 +27,7 @@
   hosts: "rabbitmq_all[1:]"
   serial: 1
   any_errors_fatal: true
-  user: root
+  remote_user: root
   tasks:
     - name: "Stop RabbitMQ"
       service:
@@ -39,8 +39,7 @@
 - name: Deploy Rabbitmq
   hosts: rabbitmq_all
   serial: 1
-  user: root
+  remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-sahara.yml

@@ -16,7 +16,6 @@
 - name: Playbook for installing Ironic
   hosts: sahara_all
   remote_user: root
-  become: true
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:

test-install-swift.yml

@@ -17,8 +17,13 @@
 
 - name: Playbook for deploying swift
   hosts: "{{ swift_groups | default('swift_all:swift_remote_all') }}"
-  user: root
+  # We explicitly do not use 'remote_user: root' here because the
-  become: true
+  # role totally fails when we do due to not being able to apply sysctl
+  # settings through delegation.
+  # TODO(odyssey4me):
+  # Figure out whether this issue happens for normal (non localhost)
+  # delegation, and how to resolve the issue.
+  become: True
   gather_facts: true
   any_errors_fatal: true
   roles:

test-install-tempest.yml

@@ -15,8 +15,14 @@
 
 - name: Playbook for deploying tempest
   hosts: utility_all
-  user: root
+  # We explicitly do not use 'remote_user: root' here because the
-  become: true
+  # role totally fails when we do due to the delegation of the
+  # cirros image download into /opt/cache/files due to that path
+  # not being writable.
+  # TODO(odyssey4me):
+  # Figure out whether this issue happens for normal (non localhost)
+  # delegation, and how to resolve the issue.
+  become: True
   gather_facts: true
   any_errors_fatal: true
   roles:

test-prepare-containers.yml

@@ -15,7 +15,7 @@
 
 - name: Gather facts for the LXC hosts
   hosts: localhost
-  become: true
+  remote_user: root
   gather_facts: true
   tasks:
     - include: "common-tasks/test-set-nodepool-vars.yml"
@@ -25,6 +25,13 @@
 
 - name: Playbook for creating containers
   hosts: all_containers
+  # We explicitly do not use 'remote_user: root' here because the
+  # role totally fails when we do due to the delegation of various
+  # tasks to localhost for creating the /openstack and /var/lib/lxc
+  # directories.
+  # TODO(odyssey4me):
+  # Figure out whether this issue happens for normal (non localhost)
+  # delegation, and how to resolve the issue.
   become: True
   gather_facts: False
   any_errors_fatal: true
@@ -47,7 +54,7 @@
 # to optimize serialization
 - name: Execute the openstack-host role on containers
   hosts: all_containers
-  become: true
+  remote_user: root
   gather_facts: true
   pre_tasks:
     - include: "common-tasks/test-set-nodepool-vars.yml"

test-prepare-host.yml

@@ -17,7 +17,7 @@
 
 - name: Playbook for configuring hosts
   hosts: localhost
-  become: true
+  remote_user: root
   vars_files:
     - test-vars.yml
   tasks:
@@ -59,7 +59,7 @@
 
 - name: Playbook for configuring the LXC host
   hosts: localhost
-  become: true
+  remote_user: root
   vars_files:
     - test-vars.yml
   roles:

test-setup-cinder-localhost.yml

@@ -15,7 +15,7 @@
 
 - name: Prepare cinder-volumes volume group
   hosts: localhost
-  become: true
+  remote_user: root
   tasks:
     - name: Install lvm2 package
       package:

test-setup-swifthosts.yml

@@ -15,8 +15,14 @@
 
 - name: Swift setup
   hosts: swift_hosts
-  user: root
+  # We explicitly do not use 'remote_user: root' here because the
-  become: true
+  # role totally fails when we do due to not being able to update
+  # the apt cache when trying to install packages for the ironic
+  # role.
+  # TODO(odyssey4me):
+  # Figure out whether this issue happens for normal (non localhost)
+  # delegation, and how to resolve the issue.
+  become: True
   gather_facts: true
   any_errors_fatal: true
   vars_files: