Add support for using distribution packages for OpenStack services

Distributions provide packages for the OpenStack services so we add support for using these instead of the pip ones. Change-Id: I1c2b4ad14fb40ce3958ed197115ccf45468544c6 Implements: blueprint openstack-distribution-packages
2018-05-11 10:28:56 +01:00 · 2018-05-11 10:28:56 +01:00 · c9135f8b34
parent d8cc312659
commit c9135f8b34
14 changed files with 247 additions and 112 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -21,6 +21,9 @@ debug: False
 barbican_package_state: "latest"
 barbican_pip_package_state: "latest"

+# Set installation method.
+barbican_install_method: "source"
+
 # Toggle keystone authentication for barbican
 barbican_keystone_auth: no

@ -79,7 +82,7 @@ barbican_developer_constraints:

 # Name of the virtual env to deploy into
 barbican_venv_tag: untagged
-barbican_bin: "/openstack/venvs/barbican-{{ barbican_venv_tag }}/bin"
+barbican_bin: "{{ _barbican_bin }}"

 # venv_download, even when true, will use the fallback method of building the
 # venv from scratch if the venv download fails.
--- a/releasenotes/notes/openstack-distribution-packages-ca14e38bbea872b2.yaml
+++ b/releasenotes/notes/openstack-distribution-packages-ca14e38bbea872b2.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    The role now supports using the distribution packages for the OpenStack
+    services instead of the pip ones. This feature is disabled by default
+    and can be enabled by simply setting the ``barbican_install_method``
+    variable to ``distro``.
--- a/tasks/barbican_init.yml
+++ b/tasks/barbican_init.yml
@ -16,6 +16,7 @@
 - include: barbican_init_common.yml
  vars:
    program_name: "{{ barbican_uwsgi_program_name }}"
+    program_bin: "{{ barbican_uwsgi_bin }}"
    program_config_options: "{{ barbican_uwsgi_options }}"
    service_name: "{{ barbican_service_name }}"
    system_user: "{{ barbican_system_user_name }}"
--- a/tasks/barbican_install.yml
+++ b/tasks/barbican_install.yml
@ -13,9 +13,21 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+- name: Record the installation method
+  ini_file:
+    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
+    section: "barbican"
+    option: "install_method"
+    value: "{{ barbican_install_method }}"
+
+- name: Refresh local facts to ensure the barbican section is present
+  setup:
+    filter: ansible_local
+    gather_subset: "!all"
+
 - name: Install distro packages
  package:
-    name: "{{ barbican_distro_packages }}"
+    name: "{{ barbican_package_list }}"
    state: "{{ barbican_package_state }}"
    update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
    cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
@ -24,112 +36,6 @@
  retries: 5
  delay: 2

- name: Create developer mode constraint file
-  copy:
-    dest: "/opt/developer-pip-constraints.txt"
-    content: |
-      {% for item in barbican_developer_constraints %}
-      {{ item }}
-      {% endfor %}
-  when: barbican_developer_mode | bool
-
- name: Install requires pip packages
-  pip:
-    name: "{{ barbican_requires_pip_packages }}"
-    state: "{{ barbican_pip_package_state }}"
-    extra_args: >-
-      {{ barbican_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-      {{ pip_install_options | default('') }}
-  register: install_packages
-  until: install_packages|success
-  retries: 5
-  delay: 2
-
- name: Retrieve checksum for venv download
-  uri:
-    url: "{{ barbican_venv_download_url | replace('tgz', 'checksum') }}"
-    return_content: yes
-  register: barbican_venv_checksum
-  when: barbican_venv_download | bool
-
- name: Attempt venv download
-  get_url:
-    url: "{{ barbican_venv_download_url }}"
-    dest: "/var/cache/{{ barbican_venv_download_url | basename }}"
-    checksum: "sha1:{{ barbican_venv_checksum.content | trim }}"
-  register: barbican_get_venv
-  when: barbican_venv_download | bool
-
- name: Remove existing venv
-  file:
-    path: "{{ barbican_bin | dirname }}"
-    state: absent
-  when: barbican_get_venv | changed
-
- name: Create barbican venv dir
-  file:
-    path: "{{ barbican_bin | dirname }}"
-    state: directory
-  register: barbican_venv_dir
-  when: barbican_get_venv | changed
-
- name: Unarchive pre-built venv
-  unarchive:
-    src: "/var/cache/{{ barbican_venv_download_url | basename }}"
-    dest: "{{ barbican_bin | dirname }}"
-    copy: "no"
-  when: barbican_get_venv | changed
-  notify: Restart barbican services
-
- name: Install pip packages
-  pip:
-    name: "{{ barbican_pip_packages }}"
-    state: "{{ barbican_pip_package_state }}"
-    virtualenv: "{{ barbican_bin | dirname }}"
-    virtualenv_site_packages: "no"
-    extra_args: >-
-      {{ barbican_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
-      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
-      {{ pip_install_options | default('') }}
-  register: install_packages
-  until: install_packages|success
-  retries: 5
-  delay: 2
-  when: barbican_get_venv | failed or barbican_get_venv | skipped
-  notify: Restart barbican services
-
- name: Remove python from path first (CentOS, openSUSE)
-  file:
-    path:  "{{ barbican_bin | dirname }}/bin/python2.7"
-    state: "absent"
-  when:
-    - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
-    - barbican_get_venv | changed
-
-# NOTE(odyssey4me):
-# We reinitialize the venv to ensure that the right
-# version of python is in the venv, but we do not
-# want virtualenv to also replace pip, setuptools
-# and wheel so we tell it not to.
-# We do not use --always-copy for CentOS/SuSE due
-# to https://github.com/pypa/virtualenv/issues/565
- name: Update virtualenv path
-  shell: |
-    find {{ barbican_bin }} -name \*.pyc -delete
-    sed -si '1s/^.*python.*$/#!{{ barbican_bin | replace ('/','\/') }}\/python/' {{ barbican_bin }}/*
-    virtualenv {{ barbican_bin | dirname }} \
-        {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \
-        --no-pip \
-        --no-setuptools \
-        --no-wheel
-  when: barbican_get_venv | changed
-  tags:
-    - skip_ansible_lint
-
- name: Record the venv tag deployed
-  ini_file:
-    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
-    section: barbican
-    option: venv_tag
-    value: "{{ barbican_venv_tag }}"
+- name: Install barbican packages from PIP
+  include_tasks: barbican_install_source.yml
+  when: barbican_install_method == 'source'
--- a/tasks/barbican_install_source.yml
+++ b/tasks/barbican_install_source.yml
@ -0,0 +1,124 @@
+---
+# Copyright 2018, SUSE Linux GmbH.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create developer mode constraint file
+  copy:
+    dest: "/opt/developer-pip-constraints.txt"
+    content: |
+      {% for item in barbican_developer_constraints %}
+      {{ item }}
+      {% endfor %}
+  when: barbican_developer_mode | bool
+
+- name: Install requires pip packages
+  pip:
+    name: "{{ barbican_requires_pip_packages }}"
+    state: "{{ barbican_pip_package_state }}"
+    extra_args: >-
+      {{ barbican_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
+      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
+      {{ pip_install_options | default('') }}
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+
+- name: Retrieve checksum for venv download
+  uri:
+    url: "{{ barbican_venv_download_url | replace('tgz', 'checksum') }}"
+    return_content: yes
+  register: barbican_venv_checksum
+  when: barbican_venv_download | bool
+
+- name: Attempt venv download
+  get_url:
+    url: "{{ barbican_venv_download_url }}"
+    dest: "/var/cache/{{ barbican_venv_download_url | basename }}"
+    checksum: "sha1:{{ barbican_venv_checksum.content | trim }}"
+  register: barbican_get_venv
+  when: barbican_venv_download | bool
+
+- name: Remove existing venv
+  file:
+    path: "{{ barbican_bin | dirname }}"
+    state: absent
+  when: barbican_get_venv | changed
+
+- name: Create barbican venv dir
+  file:
+    path: "{{ barbican_bin | dirname }}"
+    state: directory
+  register: barbican_venv_dir
+  when: barbican_get_venv | changed
+
+- name: Unarchive pre-built venv
+  unarchive:
+    src: "/var/cache/{{ barbican_venv_download_url | basename }}"
+    dest: "{{ barbican_bin | dirname }}"
+    copy: "no"
+  when: barbican_get_venv | changed
+  notify: Restart barbican services
+
+- name: Install pip packages
+  pip:
+    name: "{{ barbican_pip_packages }}"
+    state: "{{ barbican_pip_package_state }}"
+    virtualenv: "{{ barbican_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: >-
+      {{ barbican_developer_mode | ternary(pip_install_developer_constraints | default('--constraint /opt/developer-pip-constraints.txt'), '') }}
+      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
+      {{ pip_install_options | default('') }}
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  when: barbican_get_venv | failed or barbican_get_venv | skipped
+  notify: Restart barbican services
+
+- name: Remove python from path first (CentOS, openSUSE)
+  file:
+    path:  "{{ barbican_bin | dirname }}/bin/python2.7"
+    state: "absent"
+  when:
+    - ansible_pkg_mgr in ['yum', 'dnf', 'zypper']
+    - barbican_get_venv | changed
+
+# NOTE(odyssey4me):
+# We reinitialize the venv to ensure that the right
+# version of python is in the venv, but we do not
+# want virtualenv to also replace pip, setuptools
+# and wheel so we tell it not to.
+# We do not use --always-copy for CentOS/SuSE due
+# to https://github.com/pypa/virtualenv/issues/565
+- name: Update virtualenv path
+  shell: |
+    find {{ barbican_bin }} -name \*.pyc -delete
+    sed -si '1s/^.*python.*$/#!{{ barbican_bin | replace ('/','\/') }}\/python/' {{ barbican_bin }}/*
+    virtualenv {{ barbican_bin | dirname }} \
+        {{ (ansible_pkg_mgr == 'apt') | ternary('--always-copy', '') }} \
+        --no-pip \
+        --no-setuptools \
+        --no-wheel
+  when: barbican_get_venv | changed
+  tags:
+    - skip_ansible_lint
+
+- name: Record the venv tag deployed
+  ini_file:
+    dest: "/etc/ansible/facts.d/openstack_ansible.fact"
+    section: barbican
+    option: venv_tag
+    value: "{{ barbican_venv_tag }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -26,6 +26,21 @@
  tags:
    - always

+- name: Fail if service was deployed using a different installation method
+  fail:
+    msg: "Switching installation methods for OpenStack services is not supported"
+  when:
+    - ansible_local is defined
+    - ansible_local.openstack_ansible is defined
+    - ansible_local.openstack_ansible.barbican is defined
+    - ansible_local.openstack_ansible.barbican.install_method is defined
+    - ansible_local.openstack_ansible.barbican.install_method != barbican_install_method
+
+- name: Gather variables for installation method
+  include_vars: "{{ barbican_install_method }}_install.yml"
+  tags:
+    - always
+
 - include: barbican_pre_install.yml
  tags:
    - barbican-install
--- a/templates/barbican-systemd-init.j2
+++ b/templates/barbican-systemd-init.j2
@ -13,7 +13,7 @@ Group={{ system_group }}
 {% if program_override is defined %}
 ExecStart={{ program_override }} {{ program_config_options|default('') }}
 {% else %}
-ExecStart={{ barbican_bin }}/{{ program_name }} {{ program_config_options|default('') }}
+ExecStart={{ program_bin }}/{{ program_name }} {{ program_config_options|default('') }}
 {% endif %}

 # Give a reasonable amount of time for the server to start up/shut down
--- a/tox.ini
+++ b/tox.ini
@ -100,6 +100,14 @@ deps =
 commands =
    bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"

+[testenv:distro_install]
+deps =
+    {[testenv:ansible]deps}
+setenv =
+    {[testenv]setenv}
+    ANSIBLE_PARAMETERS=-e barbican_install_method=distro
+commands =
+    bash -c "{toxinidir}/tests/common/test-ansible-functional.sh"

 [testenv:ssl]
 deps =
--- a/vars/debian.yml
+++ b/vars/debian.yml
@ -20,3 +20,13 @@ barbican_distro_packages:
  - libffi-dev
  - gettext
  - build-essential
+
+barbican_service_distro_packages:
+  - barbican-api
+  - barbican-keystone-listener
+  - barbican-worker
+  - python-pymysql # needed by /usr/bin/barbican-manage db upgrade.
+  - uwsgi
+  - uwsgi-plugin-python
+
+barbican_uwsgi_bin: '/usr/bin'
--- a/vars/distro_install.yml
+++ b/vars/distro_install.yml
@ -0,0 +1,16 @@
+# Copyright 2017, SUSE Linux GmbH.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+barbican_package_list: "{{ barbican_service_distro_packages }}"
+_barbican_bin: "/usr/bin"
--- a/vars/redhat.yml
+++ b/vars/redhat.yml
@ -21,3 +21,13 @@ barbican_distro_packages:
  - openssl-devel
  - postgresql-libs
  - python-devel
+
+barbican_service_distro_packages:
+  - openstack-barbican
+  - openstack-barbican-api
+  - openstack-barbican-keystone-listener
+  - openstack-barbican-worker
+  - uwsgi
+  - uwsgi-plugin-python
+
+barbican_uwsgi_bin: '/usr/sbin'
--- a/vars/source_install.yml
+++ b/vars/source_install.yml
@ -0,0 +1,17 @@
+# Copyright 2019, SUSE Linux GmbH.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+barbican_package_list: "{{ barbican_distro_packages }}"
+_barbican_bin: "/openstack/venvs/barbican-{{ barbican_venv_tag }}/bin"
+barbican_uwsgi_bin: "{{ _barbican_bin }}"
--- a/vars/suse.yml
+++ b/vars/suse.yml
@ -19,3 +19,14 @@ barbican_distro_packages:
  - libopenssl-devel
  - postgresql-devel
  - python-devel
+
+barbican_service_distro_packages:
+  - openstack-barbican
+  - openstack-barbican-api
+  - openstack-barbican-keystone-listener
+  - openstack-barbican-retry
+  - openstack-barbican-worker
+  - uwsgi
+  - uwsgi-python
+
+barbican_uwsgi_bin: '/usr/sbin'
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@ -19,6 +19,11 @@
        - openstack-ansible-functional-centos-7
        - openstack-ansible-functional-opensuse-423
        - openstack-ansible-functional-ubuntu-xenial
+        - openstack-ansible-functional-distro_install-ubuntu-xenial
+          # NOTE(hwoarang) Centos7 is having some troubles with repo dependencies
+          # so disabling until it's investigated.
+        - openstack-ansible-functional-distro_install-centos-7-nv
+        - openstack-ansible-functional-distro_install-opensuse-423
        - openstack-ansible-barbican-ssl-nv
    experimental:
      jobs:
@ -29,3 +34,5 @@
        - openstack-ansible-functional-centos-7
        - openstack-ansible-functional-opensuse-423
        - openstack-ansible-functional-ubuntu-xenial
+        - openstack-ansible-functional-distro_install-ubuntu-xenial
+        - openstack-ansible-functional-distro_install-opensuse-423