Cleanup/standardize common tasks

All of the common tasks shared across all of the playbooks have been moved into "playbooks/common-tasks" as singular task files which are simply included as needed. * This change will assist developers adding additional playbooks, roles, etc which may need access to common tasks. * This change will guarantee consistency between playbooks when executing common tasks which are generally used to setup services. * This change greatly reduces code duplication across all plays. * The common-task files have comments at the top for developer instructions on how a task file can be used. Change-Id: I399211c139d6388ab56b97b809f93d4936907c7a Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
openstack · Jul 21, 2016 · 91deb13 · 91deb13
1 parent 5455543
commit 91deb13
Show file tree

Hide file tree

Showing 24 changed files with 522 additions and 1,484 deletions.
diff --git a/playbooks/common-tasks/mysql-db-user.yml b/playbooks/common-tasks/mysql-db-user.yml
@@ -0,0 +1,36 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create DB for service
+  mysql_db:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ login_host }}"
+    name: "{{ db_name }}"
+    state: "present"
+  delegate_to: "{{ groups['galera_all'][0] }}"
+
+- name: Grant access to the DB for the service
+  mysql_user:
+    login_user: "{{ galera_root_user }}"
+    login_password: "{{ galera_root_password }}"
+    login_host: "{{ login_host }}"
+    name: "{{ user_name }}"
+    password: "{{ password }}"
+    host: "{{ item }}"
+    state: "present"
+    priv: "{{ db_name }}.*:ALL"
+  delegate_to: "{{ groups['galera_all'][0] }}"
+  with_items: "{{ grant_list | default(['localhost', '%']) }}"
diff --git a/playbooks/common-tasks/os-log-dir-setup.yml b/playbooks/common-tasks/os-log-dir-setup.yml
@@ -0,0 +1,42 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Usage:
+#  This common task is used to create log directories and links
+#  if the "log_dirs" list is passed. "log_dirs" must be used
+#  containing at least one dictionary with the keys "dest" and
+#  "src". Optionally the "owner" and "group" can be provided as well.
+#    * dest = destination
+#    * src = source
+#    * owner = user
+#    * group = group
+
+- name: Create log dir
+  file:
+    path: "{{ item.src }}"
+    state: directory
+  with_items: "{{ log_dirs }}"
+  when: is_metal | bool
+
+- name: Create log aggregation links
+  file:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: "{{ item.owner|default(omit) }}"
+    group: "{{ item.group|default(omit) }}"
+    state: "link"
+    force: "yes"
+  with_items: "{{ log_dirs }}"
+  when: is_metal | bool
diff --git a/playbooks/common-tasks/os-lxc-container-setup.yml b/playbooks/common-tasks/os-lxc-container-setup.yml
@@ -0,0 +1,89 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Usage:
+#  This common task will update lxc containers to use the lxc-openstack
+#  app-armor profile by default however this profile can be changed as needed.
+
+#  This will also load in a list of bind mounts for a given container. To load
+#  in a list of bind mounts the variable, "list_of_bind_mounts" must be used
+#  containing at least one dictionary with the keys "bind_dir_path",
+#  "relative_bind_dir_path", and "mount_path".
+#    * bind_dir_path = Container path used in a bind mount
+#    * mount_path = Local path on the physical host used for a bind mount
+
+#  If extra container configurations are desirable set the
+#  "extra_container_config" list to strings containing the options needed.
+
+- name: Set the LXC app-armor profile
+  lxc_container:
+    name: "{{ inventory_hostname }}"
+    container_config:
+      - "lxc.aa_profile={{ aa_profile | default('lxc-openstack') }}"
+  delegate_to: "{{ physical_host }}"
+  when:
+    - not is_metal | bool
+  register: _cp
+
+- name: Ensure mount directories exists
+  file:
+    path: "{{ item['mount_path'] }}"
+    state: "directory"
+  with_items: "{{ list_of_bind_mounts | default([]) }}"
+  delegate_to: "{{ physical_host }}"
+  when:
+    - list_of_bind_mounts is defined
+    - not is_metal | bool
+
+- name: LXC Directory bind mount
+  lxc_container:
+    name: "{{ inventory_hostname }}"
+    container_command: |
+      [[ ! -d "{{ item['bind_dir_path'] }}" ]] && mkdir -p "{{ item['bind_dir_path'] }}"
+    container_config:
+      - "lxc.mount.entry={{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind 0 0"
+  with_items: "{{ list_of_bind_mounts | default([]) }}"
+  delegate_to: "{{ physical_host }}"
+  register: _bm
+  when:
+    - list_of_bind_mounts is defined
+    - not is_metal | bool
+
+- name: Extra lxc config
+  lxc_container:
+    name: "{{ inventory_hostname }}"
+    container_config: "{{ extra_container_config }}"
+  delegate_to: "{{ physical_host }}"
+  when:
+    - extra_container_config is defined
+    - not is_metal | bool
+  register: _ec
+
+- name: Wait for container ssh
+  wait_for:
+    port: "22"
+    delay: "{{ ssh_delay }}"
+    search_regex: "OpenSSH"
+    host: "{{ ansible_ssh_host }}"
+  delegate_to: "{{ physical_host }}"
+  when:
+    - >
+      (_cp is defined and _cp | changed) or
+      (_bm is defined and _bm | changed) or
+      (_ec is defined and _ec | changed)
+    - not is_metal | bool
+  register: ssh_wait_check
+  until: ssh_wait_check | success
+  retries: 3
diff --git a/playbooks/common-tasks/rabbitmq-servers-sort.yml b/playbooks/common-tasks/rabbitmq-servers-sort.yml
@@ -0,0 +1,33 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Usage:
+#  To use this common task the variable "sort_group_name" needs to be set
+#  This common task will set a fact for "rabbitmq_servers" upon completion.
+
+- name: Sort the rabbitmq servers
+  dist_sort:
+    value_to_lookup: "{{ container_name }}"
+    ref_list: "{{ groups[sort_group_name] }}"
+    src_list: "{{ rabbitmq_servers }}"
+  register: servers
+  tags:
+    - always
+
+- name: Set rabbitmq servers
+  set_fact:
+    rabbitmq_servers: "{{ servers.sorted_list }}"
+  tags:
+    - always
diff --git a/playbooks/common-tasks/rabbitmq-vhost-user.yml b/playbooks/common-tasks/rabbitmq-vhost-user.yml
@@ -0,0 +1,36 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Usage:
+#  To use this common task to create rabbitmq virtual hosts if needed
+#  and to create a user within rabbitmq. To use this common task the
+#  variables "vhost", "user", and "password" must be set.
+
+- name: Ensure Rabbitmq vhost
+  rabbitmq_vhost:
+    name: "{{ vhost }}"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
+
+- name: Ensure rabbitmq user
+  rabbitmq_user:
+    user: "{{ user }}"
+    password: "{{ password }}"
+    vhost: "{{ vhost }}"
+    configure_priv: ".*"
+    read_priv: ".*"
+    write_priv: ".*"
+    state: "present"
+  delegate_to: "{{ groups['rabbitmq_all'][0] }}"
diff --git a/playbooks/galera-install.yml b/playbooks/galera-install.yml
@@ -19,40 +19,11 @@
   gather_facts: "{{ gather_facts | default(True) }}"
   user: root
   tasks:
-    - name: Use the lxc-openstack aa profile
-      lxc_container:
-        name: "{{ container_name }}"
-        container_config:
-          - "lxc.aa_profile=lxc-openstack"
-      delegate_to: "{{ physical_host }}"
-      when: not is_metal | bool
-      register: container_config
-      tags:
-        - lxc-aa-profile
-    - name: Galera extra lxc config
-      lxc_container:
-        name: "{{ container_name }}"
-        container_command: |
-          [[ ! -d "/var/lib/mysql" ]] && mkdir -p "/var/lib/mysql"
-        container_config:
-          - "lxc.mount.entry=/openstack/{{ container_name }} var/lib/mysql none bind 0 0"
-      delegate_to: "{{ physical_host }}"
-      when: not is_metal | bool
-      register: container_extra_config
-      tags:
-        - galera-mysql-dir
-    - name: Wait for container ssh
-      wait_for:
-        port: "22"
-        delay: "{{ ssh_delay }}"
-        search_regex: "OpenSSH"
-        host: "{{ ansible_ssh_host }}"
-      delegate_to: "{{ physical_host }}"
-      when: >
-            (container_config is defined and container_config | changed) or
-            (container_extra_config is defined and container_extra_config | changed)
-      tags:
-        - galera-ssh-wait
+    - include: common-tasks/os-lxc-container-setup.yml
+      vars:
+        list_of_bind_mounts:
+          - bind_dir_path: "/var/lib/mysql"
+            mount_path: "/openstack/{{ inventory_hostname }}"
   vars:
     is_metal: "{{ properties.is_metal|default(false) }}"
   tags:

diff --git a/playbooks/haproxy-install.yml b/playbooks/haproxy-install.yml
@@ -19,31 +19,12 @@
   max_fail_percentage: 0
   user: root
   tasks:
-    - name: Use the lxc-openstack aa profile
-      lxc_container:
-        name: "{{ container_name }}"
-        container_config:
-          - "lxc.aa_profile=lxc-openstack"
-      delegate_to: "{{ physical_host }}"
-      when: not is_metal | bool
-      register: container_config
-      tags:
-        - lxc-aa-profile
-    - name: Wait for container ssh
-      wait_for:
-        port: "22"
-        delay: "{{ ssh_delay }}"
-        search_regex: "OpenSSH"
-        host: "{{ ansible_ssh_host }}"
-      delegate_to: "{{ physical_host }}"
-      when:
-        - container_config is defined
-        - container_config | changed
-      register: ssh_wait_check
-      until: ssh_wait_check | success
-      retries: 3
-      tags:
-        - ssh-wait
+    - include: common-tasks/os-lxc-container-setup.yml
+    - include: common-tasks/os-log-dir-setup.yml
+      vars:
+        log_dirs:
+          - src: "/openstack/log/{{ inventory_hostname }}-haproxy"
+            dest: "/var/log/haproxy"
   vars:
     is_metal: "{{ properties.is_metal|default(false) }}"
   tags:
@@ -73,26 +54,6 @@
       when: internal_lb_vip_address == external_lb_vip_address
       tags:
         - haproxy-service-config
-    - name: Create log dir
-      file:
-        path: "{{ item.path }}"
-        state: directory
-      with_items:
-        - { path: "/openstack/log/{{ inventory_hostname }}-haproxy" }
-      when: is_metal | bool
-      tags:
-        - haproxy-logs
-    - name: Create log aggregation links
-      file:
-        src: "{{ item.src }}"
-        dest: "{{ item.dest }}"
-        state: "{{ item.state }}"
-        force: "yes"
-      with_items:
-        - { src: "/openstack/log/{{ inventory_hostname }}-haproxy", dest: "/var/log/haproxy", state: "link" }
-      when: is_metal | bool
-      tags:
-        - haproxy-logs
     - name: Remove legacy haproxy logging file
       file:
         dest: "/etc/rsyslog.d/haproxy.conf"