Use ansible os_tasks to create OOI service and endpoint. #6
Conversation
No more use OpenStack CLI from remote server. Group tasks in blocks. Shorten some long lines.
There was a problem hiding this comment.
I suggest a few changes, overall.
- Stick to the
var: valuestyle. - Avoid use of
shellmodule in favour of mysql modules.
There are a few other cosmetic and style suggestions which can wait for future releases.
playbooks/keystone_voms.yaml
Outdated
| @@ -6,7 +6,7 @@ | |||
| # XXX This should be configurable | |||
| - name: Add default VOs LSC files | |||
| copy: | |||
| src: ./lsc/ | |||
| src: ./templates/lsc/ | |||
There was a problem hiding this comment.
not to be a pedant, but "copy" takes static files. These should be taken from files/ instead of templates/
I can't find where this is written in the documentation, so perhaps I am remembering incorrectly.
| @@ -1,5 +1,5 @@ | |||
| --- | |||
| - hosts: all | |||
| - hosts: packstack | |||
| become: yes | |||
| become_method: sudo | |||
| tasks: | |||
There was a problem hiding this comment.
In a later version, I would suggest re-using a role for this - AAROC.certificates or something from egi-qc
There was a problem hiding this comment.
Yes we need to have a dedicated role for this, for sure.
@brucellino can you please open an issue for this?
playbooks/keystone_voms.yaml
Outdated
| - name: Add VOMS filter | ||
| blockinfile: | ||
| path: /etc/keystone/keystone-paste.ini | ||
| block: | |
There was a problem hiding this comment.
Shouldn't there be a regexp to say where this block should go ? It seems like this may become non-idempotent.
There was a problem hiding this comment.
It's an inifile and this block is indepedant, so this shouldn't be that much a problem, but I will replace it by some inifile tasks, it will definitely be cleaner/safer.
| gpgcheck: no | ||
| gpgkey: http://repository.egi.eu/community/keys/APPDBCOMM-DEB-PGP-KEY.asc | ||
|
|
||
| - name: Install OOI |
There was a problem hiding this comment.
maintain a common syntax for tasks. instead of one-liner (var=value) you should have one value per line : (var: value)
So instead of yum: name=python-ooi state=installed,
yum:
name: python-ooi
state: instaled
This format also makes it easier to catch what has changed when you do a diff (changes are only one per line)
playbooks/ooi.yaml
Outdated
| section: composite:occi_api_11 | ||
| option: keystone | ||
| # yamllint disable-line rule:line-length | ||
| value: cors http_proxy_to_wsgi compute_req_id faultwrap sizelimit osprofiler authtoken keystonecontext legacy_v2_compatible occi osapi_compute_app_v21 |
There was a problem hiding this comment.
This is quite a long line ! I would keep this in a var file, so that you can manage it easier, and use {{ keystone_vars }} or something like that. Maybe keep this for when this becomes a role.
There was a problem hiding this comment.
Yes, I tried to also use the syntax with a > to allow to split the line, don't know exactly why but the task was changing/reloading all the time.
The fact is also that this line could change on different deployment, it's based on another value of the inifile. Need to find later a better way to manage this.
There was a problem hiding this comment.
can't you just do a with_items: keystone_vars ? then you would see which one specifically changed
There was a problem hiding this comment.
I think the problem was more a bug of ini_file with values split using > so not much we can address. As I said this shouldn't really be a static line, let's plan to update this in the roles and keep it like for the time being.
playbooks/packstack.yaml
Outdated
| @@ -26,11 +29,7 @@ | |||
|
|
|||
| - name: Install OpenStack {{ os_release }} repository | |||
| yum: name=centos-release-openstack-{{ os_release }} state=installed | |||
There was a problem hiding this comment.
Use the var: value style
Make sure to keep the values using variables ( {{ }} ) protected by interveted commas :
name=centos-release-openstack-{{ os_release }} -> name: "centos-release-openstack-{{ os_release }}"
| @@ -287,32 +286,59 @@ | |||
| - name: Fix endpoints in keystone database | |||
| block: | |||
| - name: Look for HTTPS 5000/v2.0 url | |||
| shell: mysql keystone -s -N -e 'select url from endpoint where url LIKE "http://%5000/v2.0"' | wc -l | |||
| shell: > | |||
There was a problem hiding this comment.
AVOID SHELL ! IT IS A WEAK MAN's CRUTCH !
Use something from http://docs.ansible.com/ansible/latest/modules/list_of_database_modules.html#mysql
There was a problem hiding this comment.
I do not see a way with this modules to easily interact with the database apart using mysl_db with state: import and a .sql file.
I think that in fact it would be better to use the native os_ modules to edit the endpoints, could you please add a bug for this, as we will have to clarify what all the endpoints could be?
| mysql keystone | ||
| -e "update endpoint set | ||
| url='https://{{ server_fqdn }}:35357/v3' where | ||
| url='http://{{hostvars[inventory_hostname]['ansible_default_ipv4']['address']}}:35357/v3';" | ||
| when: https_35357_v3.stdout != '0' |
There was a problem hiding this comment.
try to use something from http://docs.ansible.com/ansible/latest/modules/list_of_database_modules.html#mysql for this block
playbooks/packstack.yaml
Outdated
| @@ -388,3 +414,8 @@ | |||
|
|
|||
| - name: restart neutron | |||
| service: name=neutron-server state=restarted | |||
|
|
|||
| @@ -15,12 +15,15 @@ python: | |||
|
|
|||
| install: | |||
| - pip install ansible | |||
| # - pip install shade shade-ansible | |||
There was a problem hiding this comment.
since there's a requirements now, why not simplify install by using it.
There was a problem hiding this comment.
For the time being not everything is needed for the tests and it will speed things to not install shade that has a lot of dependencies.
To be changed once more through tests will be in place.
Use ansible os_tasks to create OOI service and endpoint.
Reorganize files.
Update ansible, travis and yamllint configuration.
Address complaints from yamllint and ansible-lint.