From 181edc376f887230444549c27052e84dd26e5bfb Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Sun, 20 Jan 2019 21:02:54 +0000 Subject: [PATCH] Allow skydive keystone service setup from an alternate host This patch allows a deployer to override the service setup host and python interpreter path so that the keystone service setup can be done on a different host, typically the first utility container in an openstack-ansible deployment. Overrides can be provided in an integration inventory and an example would be: skydive_service_setup_host: "{{ groups['utility_all'][0] }}" skydive_service_setup_host_python_interpreter: "/openstack/venvs/utility-{{ openstack_release }}/bin/python" Change-Id: Id4faf605fd1f0de1262ed48166a8801b7e24a528 --- .../roles/skydive_common/defaults/main.yml | 6 + skydive/roles/skydive_common/tasks/main.yml | 33 ++- .../skydive_common/tasks/skydive_keystone.yml | 190 +++++++++--------- 3 files changed, 128 insertions(+), 101 deletions(-) diff --git a/skydive/roles/skydive_common/defaults/main.yml b/skydive/roles/skydive_common/defaults/main.yml index 06270faa..84ed14f9 100644 --- a/skydive/roles/skydive_common/defaults/main.yml +++ b/skydive/roles/skydive_common/defaults/main.yml @@ -13,6 +13,12 @@ # See the License for the specific language governing permissions and # limitations under the License. +# Set the host which will execute the shade modules +# for the skydive openstack service setup. The host must already have +# clouds.yaml properly configured. +skydive_service_setup_host: "{{ openstack_service_setup_host | default(ansible_play_hosts[0]) }}" +skydive_service_setup_host_python_interpreter: "{{ (openstack_service_setup_host is undefined) | ternary('/opt/skydive/bin/python', ansible_python['executable']) }}" + # Set the analyzer port skydive_analyzer_port: 8082 diff --git a/skydive/roles/skydive_common/tasks/main.yml b/skydive/roles/skydive_common/tasks/main.yml index a998b36f..39d4db3b 100644 --- a/skydive/roles/skydive_common/tasks/main.yml +++ b/skydive/roles/skydive_common/tasks/main.yml @@ -68,13 +68,35 @@ tags: - package_install -- name: Check for openstack deployment +# NOTE(cloudnull): Locate a clouds.yaml file on the service setup host or localhost. +- name: Check for OpenStack deployment block: - name: Slurp clouds file slurp: src: "{{ skydive_os_cloud_file }}" register: clouds_file + delegate_to: "{{ skydive_service_setup_host }}" + rescue: + - name: Slurp clouds file (fallback to localhost) + slurp: + src: "{{ skydive_os_cloud_file }}" + register: clouds_file + delegate_to: "localhost" + failed_when: false + when: + - not (skydive_service_setup_host in ['localhost', '127.0.0.1']) + - name: OpenStack integration notice + debug: + msg: >- + No clouds file found, running without OpenStack integration. + when: + - not (clouds_file is success) + +# NOTE(cloudnull): If a clouds file is found the facts for the clouds file will be delegated +# to all hosts throughout the skydive deployment. +- name: Run OpenStack ingetration deployment + block: - name: Enable OpenStack integration set_fact: clouds_yaml: "{{ clouds_file['content'] | b64decode | from_yaml }}" @@ -87,12 +109,7 @@ - include_tasks: skydive_keystone.yml run_once: true - rescue: - - name: Notice - debug: - msg: >- - OpenStack setup is not possible, running in without it. - when: - - not (skydive_openstack_enabled | bool) + when: + - clouds_file is success - include_tasks: skydive_setup.yml diff --git a/skydive/roles/skydive_common/tasks/skydive_keystone.yml b/skydive/roles/skydive_common/tasks/skydive_keystone.yml index f4189de0..9c5ecdfc 100644 --- a/skydive/roles/skydive_common/tasks/skydive_keystone.yml +++ b/skydive/roles/skydive_common/tasks/skydive_keystone.yml @@ -28,104 +28,108 @@ - default: "skydive_os_auth_url" cfg: "auth_url" -- name: Create skydive venv - command: "/usr/bin/virtualenv --no-site-packages --no-setuptools /opt/skydive" - args: - creates: /opt/skydive/bin/pip +- name: Create service setup environment when localhost is the service setup host + delegate_to: "{{ skydive_service_setup_host }}" + run_once: yes + when: + - skydive_service_setup_host_python_interpreter == '/opt/skydive/bin/python' + block: + - name: Create skydive venv + command: "/usr/bin/virtualenv --no-site-packages --no-setuptools /opt/skydive" + args: + creates: /opt/skydive/bin/pip -- name: Setup skydive venv - pip: - name: - - pip - - setuptools - extra_args: "-U" - virtualenv: /opt/skydive + - name: Setup skydive venv + pip: + name: + - pip + - setuptools + extra_args: "-U" + virtualenv: /opt/skydive -- name: Ensure the openstacksdk is installed - pip: - name: - - openstacksdk - extra_args: "-U" - virtualenv: /opt/skydive + - name: Ensure the openstacksdk is installed + pip: + name: + - openstacksdk + extra_args: "-U" + virtualenv: /opt/skydive -- name: Capture current ansible python interpreter - set_fact: - old_ansible_python_interpreter: "{{ ansible_python_interpreter | default('/usr/bin/python') }}" +- name: Show ansible interpreter + debug: + var: skydive_service_setup_host_python_interpreter -- name: Set ansible python interpreter to skydive venv - set_fact: - ansible_python_interpreter: "/opt/skydive/bin/python" +- name: Setup the skydive service + delegate_to: "{{ skydive_service_setup_host }}" + run_once: yes + vars: + ansible_python_interpreter: "{{ skydive_service_setup_host_python_interpreter }}" + block: + - name: Add skydive project + os_project: + cloud: "{{ skydive_os_cloud }}" + state: present + name: "{{ skydive_os_project_name }}" + description: "Skydive admin project" + domain_id: "{{ skydive_os_domain_name }}" + verify: "{{ not (skydive_os_service_insecure | bool) }}" + enabled: true + register: keystone_api + until: keystone_api is success + retries: 5 + delay: 10 -- name: Add skydive project - os_project: - cloud: "{{ skydive_os_cloud }}" - state: present - name: "{{ skydive_os_project_name }}" - description: "Skydive admin project" - domain_id: "{{ skydive_os_domain_name }}" - verify: "{{ not (skydive_os_service_insecure | bool) }}" - enabled: true - register: keystone_api - until: keystone_api is success - retries: 5 - delay: 10 + - name: Add skydive user + os_user: + cloud: "{{ skydive_os_cloud }}" + state: present + name: "{{ skydive_os_user_name }}" + password: "{{ skydive_password }}" + update_password: on_create + domain: "{{ skydive_os_domain_name }}" + default_project: "{{ skydive_os_project_name }}" + verify: "{{ not (skydive_os_service_insecure | bool) }}" + enabled: true + register: keystone_api + until: keystone_api is success + retries: 5 + delay: 10 -- name: Add skydive user - os_user: - cloud: "{{ skydive_os_cloud }}" - state: present - name: "{{ skydive_os_user_name }}" - password: "{{ skydive_password }}" - update_password: on_create - domain: "{{ skydive_os_domain_name }}" - default_project: "{{ skydive_os_project_name }}" - verify: "{{ not (skydive_os_service_insecure | bool) }}" - enabled: true - register: keystone_api - until: keystone_api is success - retries: 5 - delay: 10 + - name: Assign skydive user role + os_user_role: + cloud: "{{ skydive_os_cloud }}" + state: present + user: "{{ skydive_os_user_name }}" + role: "{{ skydive_os_user_role }}" + project: "{{ skydive_os_project_name }}" + verify: "{{ not (skydive_os_service_insecure | bool) }}" + register: keystone_api + until: keystone_api is success + retries: 5 + delay: 10 -- name: Assign skydive user role - os_user_role: - cloud: "{{ skydive_os_cloud }}" - state: present - user: "{{ skydive_os_user_name }}" - role: "{{ skydive_os_user_role }}" - project: "{{ skydive_os_project_name }}" - verify: "{{ not (skydive_os_service_insecure | bool) }}" - register: keystone_api - until: keystone_api is success - retries: 5 - delay: 10 + - name: Add skydive service user + os_user: + cloud: "{{ skydive_os_cloud }}" + state: present + name: "{{ skydive_os_service_user }}" + password: "{{ skydive_os_service_password }}" + domain: "{{ skydive_os_domain_name }}" + default_project: "{{ skydive_os_project_name }}" + verify: "{{ not (skydive_os_service_insecure | bool) }}" + register: keystone_api + until: keystone_api is success + retries: 5 + delay: 10 -- name: Add skydive service user - os_user: - cloud: "{{ skydive_os_cloud }}" - state: present - name: "{{ skydive_os_service_user }}" - password: "{{ skydive_os_service_password }}" - domain: "{{ skydive_os_domain_name }}" - default_project: "{{ skydive_os_project_name }}" - verify: "{{ not (skydive_os_service_insecure | bool) }}" - register: keystone_api - until: keystone_api is success - retries: 5 - delay: 10 - -- name: Assign skydive service user role - os_user_role: - cloud: "{{ skydive_os_cloud }}" - state: present - user: "{{ skydive_os_service_user }}" - role: "{{ skydive_os_service_user_role }}" - project: "{{ skydive_os_project_name }}" - verify: "{{ not (skydive_os_service_insecure | bool) }}" - register: keystone_api - until: keystone_api is success - retries: 5 - delay: 10 - -- name: Reset ansible python - set_fact: - ansible_python_interpreter: "{{ old_ansible_python_interpreter }}" + - name: Assign skydive service user role + os_user_role: + cloud: "{{ skydive_os_cloud }}" + state: present + user: "{{ skydive_os_service_user }}" + role: "{{ skydive_os_service_user_role }}" + project: "{{ skydive_os_project_name }}" + verify: "{{ not (skydive_os_service_insecure | bool) }}" + register: keystone_api + until: keystone_api is success + retries: 5 + delay: 10