From 7173757a6190f4528d36053d82467c74dbf16b3f Mon Sep 17 00:00:00 2001
From: liyuenan <liyuenan@huawei.com>
Date: Wed, 18 Jan 2017 18:05:27 +0800
Subject: Ansible Module substitute for Shell Commands

JIRA: COMPASS-520

After update ansible version to v3, keystone_user module only support v2 API.
So we use Shell Commands now, but it will failed with high probability.
Those Shell Commands should be instead by ansible modules to manage Identity users,
projects or some other work like crate networks.

Change-Id: I63d38b4a811a9c063ac4404da72787f594411b53
Signed-off-by: liyuenan <liyuenan@huawei.com>
---
 .../ansible/roles/ext-network/tasks/main.yml       |  54 ++++--
 .../ansible/roles/heat/tasks/heat_install.yml      |  38 ++--
 .../roles/keystone/tasks/keystone_create.yml       | 198 ++++++++++-----------
 .../roles/keystone/tasks/keystone_install.yml      |  16 +-
 .../adapters/ansible/roles/keystone/tasks/main.yml |   4 +-
 .../ansible/roles/keystone/templates/clouds.yml.j2 |  12 ++
 .../adapters/ansible/roles/keystone/vars/main.yml  |  30 ++--
 .../roles/nova-controller/tasks/nova_config.yml    |   2 +-
 .../ansible/roles/openstack-post/tasks/main.yml    |  24 +--
 .../ansible/roles/openstack-post/vars/main.yml     |  45 +++++
 10 files changed, 257 insertions(+), 166 deletions(-)
 create mode 100644 deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2
 create mode 100644 deploy/adapters/ansible/roles/openstack-post/vars/main.yml

(limited to 'deploy/adapters/ansible/roles')

diff --git a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
index d212dd99..b73bb0a9 100644
--- a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
@@ -22,25 +22,43 @@
   wait_for: port=9696 delay=10 timeout=60 host={{ internal_ip }}
 
 - name: create external net
-  shell:
-    . /opt/admin-openrc.sh;
-    neutron net-create \
-        {{ public_net_info.network }} \
-        --provider:network_type {{ public_net_info.type }} \
-        --provider:physical_network {{ public_net_info.provider_network }} \
-        --router:external "True"
+  os_network:
+    cloud: opnfv
+    name: "{{ public_net_info.network }}"
+    provider_network_type: "{{ public_net_info.type }}"
+    provider_physical_network: "{{ public_net_info.provider_network }}"
+    shared: false
+    external: "yes"
+    state: present
+  run_once: true
   when: public_net_info.enable == "True"
-        and inventory_hostname == groups['controller'][0]
+        and public_net_info.type == "flat"
+
+- name: create external net
+  os_network:
+    cloud: opnfv
+    name: "{{ public_net_info.network }}"
+    provider_network_type: "{{ public_net_info.type }}"
+    provider_physical_network: "{{ public_net_info.provider_network }}"
+    provider_segmentation_id: "{{ public_net_info.segment_id }}"
+    shared: false
+    external: "yes"
+    state: present
+  run_once: true
+  when: public_net_info.enable == "True"
+        and public_net_info.type != "flat"
 
 - name: create external subnet
-  shell:
-    . /opt/admin-openrc.sh;
-    neutron subnet-create \
-        --name {{ public_net_info.subnet }} \
-        --gateway {{ public_net_info.external_gw }} \
-        --disable-dhcp \
-        --allocation-pool \
-        start={{ public_net_info.floating_ip_start }},end={{ public_net_info.floating_ip_end }} \
-        {{ public_net_info.network }} {{ public_net_info.floating_ip_cidr }}
+  os_subnet:
+    cloud: opnfv
+    name: "{{ public_net_info.subnet }}"
+    network_name: "{{ public_net_info.network }}"
+    cidr: "{{ public_net_info.floating_ip_cidr }}"
+    enable_dhcp: "{{ public_net_info.enable_dhcp }}"
+    no_gateway_ip: "{{ public_net_info.no_gateway }}"
+    gateway_ip: "{{ public_net_info.external_gw }}"
+    allocation_pool_start: "{{ public_net_info.floating_ip_start }}"
+    allocation_pool_end: "{{ public_net_info.floating_ip_end }}"
+    state: present
+  run_once: true
   when: public_net_info.enable == "True"
-        and inventory_hostname == groups['controller'][0]
diff --git a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml
index fd0f6eaa..2803a3e6 100644
--- a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml
+++ b/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml
@@ -17,16 +17,34 @@
   lineinfile: dest=/opt/service create=yes line='{{ item }}'
   with_items: "{{ services | union(services_noarch) }}"
 
-- name: create heat user domain
-  shell: |
-    . /opt/admin-openrc.sh;
-    openstack domain create --description "Stack projects and users" heat;
-    openstack user create --domain heat --password {{ HEAT_PASS }} \
-        heat_domain_admin;
-    openstack role add --domain heat --user-domain heat \
-        --user heat_domain_admin admin;
-    openstack role create heat_stack_owner;
-    openstack role add --project demo --user demo heat_stack_owner;
+- name: create heat domain
+  os_keystone_domain:
+    cloud: opnfv
+    name: heat
+    state: present
+    description: "Stack projects and users"
+  when: inventory_hostname == groups['controller'][0]
+
+- name: create heat user
+  os_user:
+    cloud: opnfv
+    domain: heat
+    name: heat_domain_user
+    password: "{{ HEAT_PASS }}"
+  when: inventory_hostname == groups['controller'][0]
+
+- name: create heat role
+  os_keystone_role:
+    cloud: opnfv
+    name: heat_stack_owner
+  when: inventory_hostname == groups['controller'][0]
+
+- name: grant heat role
+  os_user_role:
+    cloud: opnfv
+    user: demo
+    project: demo
+    role: heat_stack_owner
   when: inventory_hostname == groups['controller'][0]
 
 - name: update heat conf
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
index 2f5aefeb..10228952 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
@@ -7,122 +7,114 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 ---
-- name: set keystone endpoint
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack endpoint set \
-        --interface public \
-        --url {{ item.publicurl }} \
-        $(openstack endpoint list | grep keystone | grep public \
-        | awk '{print $2}');
-    openstack endpoint set \
-        --interface internal \
-        --url {{ item.internalurl }} \
-        $(openstack endpoint list | grep keystone | grep internal \
-        | awk '{print $2}');
-    openstack endpoint set \
-        --interface admin \
-        --url {{ item.adminurl }} \
-        $(openstack endpoint list | grep keystone | grep admin \
-        | awk '{print $2}');
+- name: set admin url for keystone endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: admin
+    region: "{{ item.region}}"
+    url: "{{ item.adminurl }}"
+  with_items: "{{ os_services[0:1] }}"
+
+- name: set internal url for keystone endpointl
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: internal
+    region: "{{ item.region}}"
+    url: "{{ item.internalurl }}"
+  with_items: "{{ os_services[0:1] }}"
+
+- name: set public url for keystone endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: public
+    region: "{{ item.region}}"
+    url: "{{ item.publicurl }}"
   with_items: "{{ os_services[0:1] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
 - name: add service
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack service create \
-        --name "{{ item.name }}"
-        --description "{{ item.description }}" \
-        {{ item.type }}
-  with_items: "{{ os_services[1:] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
+  os_keystone_service:
+    cloud: opnfv
+    name: "{{ item.name }}"
+    description: "{{ item.description }}"
+    service_type: "{{ item.type }}"
+  with_items: "{{ os_services }}"
 
 - name: add project
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack project create --description "Service Project" service;
-    openstack project create --domain default --description "Demo Project" demo;
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
-
-- name: set admin user
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack user set \
-        --email "{{ item.email }}" \
-        --project "{{ item.tenant }}" \
-        --description "{{ item.tenant_description }}" \
-        --password "{{ item.password }}" \
-        {{ item.user }}
+  os_project:
+    cloud: opnfv
+    domain_id: default
+    name: "{{ item.tenant }}"
+    description: "{{ item.tenant_description }}"
   with_items: "{{ os_users }}"
-  when: item["user"] == "admin"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
 - name: add user
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack user create \
-        --email "{{ item.email }}" \
-        --project "{{ item.tenant }}" \
-        --description "{{ item.tenant_description }}" \
-        --password "{{ item.password }}" \
-        {{ item.user }}
-  with_items: "{{ os_users[1:] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
+  os_user:
+    cloud: opnfv
+    domain: default
+    name: "{{ item.user }}"
+    password: "{{ item.password }}"
+    default_project: "{{ item.tenant }}"
+    email: "{{ item.email }}"
+  with_items: "{{ os_users }}"
 
 - name: add roles
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack role create {{ item.role }}
+  os_keystone_role:
+    cloud: opnfv
+    name: "{{ item.role }}"
   with_items: "{{ os_users }}"
-  when: item["user"] == "demo"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
 - name: grant roles
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack role add \
-        --project "{{ item.tenant }}" \
-        --user "{{ item.user }}" \
-        {{ item.role }}
+  os_user_role:
+    cloud: opnfv
+    user: "{{ item.user }}"
+    role: "{{ item.role }}"
+    project: "{{ item.tenant }}"
   with_items: "{{ os_users }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
-- name: add endpoints
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack endpoint create \
-        --region {{ item.region }} \
-        {{ item.name }} public {{ item.publicurl }};
-    openstack endpoint create \
-        --region {{ item.region }} \
-        {{ item.name }} internal {{ item.internalurl }};
-    openstack endpoint create \
-        --region {{ item.region }} \
-        {{ item.name }} admin {{ item.adminurl }};
+- name: create admin url for service's endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: admin
+    region: "{{ item.region}}"
+    url: "{{ item.adminurl }}"
+  with_items: "{{ os_services[1:] }}"
+
+- name: create internal url for service's endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: internal
+    region: "{{ item.region}}"
+    url: "{{ item.internalurl }}"
+  with_items: "{{ os_services[1:] }}"
+
+- name: create public url for service'e endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: public
+    region: "{{ item.region}}"
+    url: "{{ item.publicurl }}"
   with_items: "{{ os_services[1:] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
index 0d3161ed..a390ffca 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -88,11 +88,23 @@
   notify:
     - restart keystone services
 
+- name: install shade
+  pip: name=shade state=present
+
+- name: create path for os-client-config
+  file:
+    path: /etc/openstack
+    state: directory
+    mode: 0755
+
+- name: copy os-client-config
+  template:
+    src: clouds.yml.j2
+    dest: /etc/openstack/clouds.yml
+
 - name: keystone source files
   template: src={{ item }} dest=/opt/{{ item }}
   with_items:
     - admin-openrc.sh
     - admin-openrc-v2.sh
     - demo-openrc.sh
-
-- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
index ad619d40..29b6cd61 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
@@ -20,11 +20,11 @@
     - keystone_config
     - keystone
 
+- meta: flush_handlers
+
 - include: keystone_create.yml
   when: inventory_hostname == groups['controller'][0]
   tags:
     - config
     - keystone_create
     - keystone
-
-- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2
new file mode 100644
index 00000000..b387f7b8
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2
@@ -0,0 +1,12 @@
+---
+clouds:
+  opnfv:
+    auth:
+      username: 'admin'
+      password: {{ ADMIN_PASS }}
+      project_name: 'admin'
+      auth_url: 'http://{{ internal_vip.ip }}:35357/v3'
+      project_domain_name: default
+      user_domain_name: default
+    identity_api_version: 3
+    region_name: RegionOne
diff --git a/deploy/adapters/ansible/roles/keystone/vars/main.yml b/deploy/adapters/ansible/roles/keystone/vars/main.yml
index 65ae4090..2e5f57ca 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/main.yml
@@ -32,9 +32,9 @@ os_services:
     type: compute
     region: RegionOne
     description: "OpenStack Compute"
-    publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s"
 
   - name: neutron
     type: network
@@ -64,25 +64,25 @@ os_services:
     type: volume
     region: RegionOne
     description: "OpenStack Block Storage"
-    publicurl: "http://{{ public_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
 
   - name: cinderv2
     type: volumev2
     region: RegionOne
     description: "OpenStack Block Storage v2"
-    publicurl: "http://{{ public_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
 
   - name: heat
     type: orchestration
     region: RegionOne
     description: "OpenStack Orchestration"
-    publicurl: "http://{{ public_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
 
   - name: heat-cfn
     type: cloudformation
@@ -104,9 +104,9 @@ os_services:
 #    type: object-store
 #    region: RegionOne
 #    description: "OpenStack Object Storage"
-#    publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
-#    internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
-#    adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
+#    publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+#    internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+#    adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
 
 os_users:
   - user: admin
diff --git a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
index f3c4687d..6be41aa4 100644
--- a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
+++ b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
@@ -14,7 +14,7 @@
     - restart nova service
 
 - name: nova db sync
-  nova_manage: action=dbsync
+  shell: su -s /bin/sh -c "nova-manage db sync" nova
   notify:
     - restart nova service
 
diff --git a/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml b/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml
index 84b1260a..882f4884 100644
--- a/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml
@@ -7,20 +7,14 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 ---
-
 - name: create openstack flavors
-  shell: |
-    . /opt/admin-openrc.sh;
-    openstack flavor show m1.nano || openstack flavor create \
-        --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
-    openstack flavor show m1.tiny || openstack flavor create \
-        --id 1 --vcpus 1 --ram 512 --disk 1 m1.tiny
-    openstack flavor show m1.small || openstack flavor create \
-        --id 2 --vcpus 1 --ram 2048 --disk 20 m1.small
-    openstack flavor show m1.medium || openstack flavor create \
-        --id 3 --vcpus 2 --ram 4096 --disk 40 m1.medium
-    openstack flavor show m1.large || openstack flavor create \
-        --id 4 --vcpus 4 --ram 8192 --disk 80 m1.large
-    openstack flavor show m1.xlarge || openstack flavor create \
-        --id 5 --vcpus 8 --ram 16384 --disk 160 m1.xlarge
+  os_nova_flavor:
+    cloud: opnfv
+    state: present
+    flavorid: "{{ item.id }}"
+    name: "{{ item.name }}"
+    vcpus: "{{ item.vcpus }}"
+    ram: "{{ item.ram }}"
+    disk: "{{ item.disk }}"
+  with_items: "{{ flavors }}"
   when: inventory_hostname == groups['controller'][0]
diff --git a/deploy/adapters/ansible/roles/openstack-post/vars/main.yml b/deploy/adapters/ansible/roles/openstack-post/vars/main.yml
new file mode 100644
index 00000000..d9c36d42
--- /dev/null
+++ b/deploy/adapters/ansible/roles/openstack-post/vars/main.yml
@@ -0,0 +1,45 @@
+##############################################################################
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+flavors:
+  - id: 0
+    name: m1.nano
+    vcpus: 1
+    ram: 64
+    disk: 1
+
+  - id: 1
+    name: m1.tiny
+    vcpus: 1
+    ram: 512
+    disk: 1
+
+  - id: 2
+    name: m1.small
+    vcpus: 1
+    ram: 2048
+    disk: 20
+
+  - id: 3
+    name: m1.medium
+    vcpus: 2
+    ram: 4096
+    disk: 40
+
+  - id: 4
+    name: m1.large
+    vcpus: 4
+    ram: 8192
+    disk: 80
+
+  - id: 5
+    name: m1.xlarge
+    vcpus: 8
+    ram: 16384
+    disk: 160
-- 
cgit 1.2.3-korg