From a91135179dc1ad2c3a657e19f7655207f8fdd0db Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 20 Feb 2020 16:05:06 +0000 Subject: [PATCH] CentOS 8: Use ansible_playbook_python for localhost dependencies Currently we install python dependencies on the Ansible control host each time the ip-allocation and console-allocation roles are executed. This is inefficient, particularly in the case of the ip-allocation role which is run serially for all hosts. It is also unnecessary since we have these packages available in the Python environment used to execute kayobe. The kolla-ansible role also has an implicit dependency on PyYAML for managing kolla passwords. This change uses ansible_playbook_python as the Python interpreter for the necessary tasks in these roles to avoid installing dependencies on the system on CentOS 8 and Ubuntu. For CentOS 7 we still need to use the platform Python, due to needing SELinux bindings. Change-Id: Ic6a1c69a34241f4fbe617a0b12aec9b1528ba352 Story: 2006574 Task: 38825 --- ansible/baremetal-compute-serial-console.yml | 8 +++ ansible/ip-allocation.yml | 17 ++++++ .../roles/console-allocation/tasks/main.yml | 53 +++++++++---------- .../roles/console-allocation/vars/Debian.yml | 7 --- ansible/roles/ip-allocation/tasks/main.yml | 53 +++++++++---------- ansible/roles/ip-allocation/vars/Debian.yml | 8 --- ansible/roles/kolla-ansible/tasks/config.yml | 8 +++ ansible/roles/kolla-ansible/vars/Debian.yml | 1 + ansible/roles/kolla-ansible/vars/RedHat.yml | 1 + requirements.txt | 1 + 10 files changed, 88 insertions(+), 69 deletions(-) delete mode 100644 ansible/roles/console-allocation/vars/Debian.yml delete mode 100644 ansible/roles/ip-allocation/vars/Debian.yml diff --git a/ansible/baremetal-compute-serial-console.yml b/ansible/baremetal-compute-serial-console.yml index d741ae17f..72a42bdef 100644 --- a/ansible/baremetal-compute-serial-console.yml +++ b/ansible/baremetal-compute-serial-console.yml @@ -40,6 +40,14 @@ {{ query('inventory_hostnames', console_compute_node_limit | default('baremetal-compute') ) | unique }} + # NOTE(mgoddard): This task may be removed when CentOS 7 is no longer + # supported. + - name: Gather facts for localhost + setup: + gather_subset: min + delegate_to: localhost + delegate_facts: true + - name: Reserve TCP ports for ironic serial consoles include_role: name: console-allocation diff --git a/ansible/ip-allocation.yml b/ansible/ip-allocation.yml index cb8520f95..e5b446ffc 100644 --- a/ansible/ip-allocation.yml +++ b/ansible/ip-allocation.yml @@ -1,4 +1,21 @@ --- +# NOTE(mgoddard): We use delegate_to rather than specify localhost in the +# hosts list since this playbook is typically called with a limit that does +# not include localhost. This play may be removed when CentOS 7 is no longer +# supported. +- name: Gather facts for localhost + hosts: seed-hypervisor:seed:overcloud + tags: + - ip-allocation + gather_facts: no + tasks: + - name: Gather facts for localhost + setup: + gather_subset: min + delegate_to: localhost + delegate_facts: true + run_once: true + - name: Ensure IP addresses are allocated hosts: seed-hypervisor:seed:overcloud tags: diff --git a/ansible/roles/console-allocation/tasks/main.yml b/ansible/roles/console-allocation/tasks/main.yml index 02587b34d..a4ab2258c 100644 --- a/ansible/roles/console-allocation/tasks/main.yml +++ b/ansible/roles/console-allocation/tasks/main.yml @@ -1,32 +1,23 @@ --- -# Facts may not be available for the Ansible control host, so read the OS -# release manually. -- name: Check the OS release - local_action: - module: shell . /etc/os-release && echo $ID - changed_when: False - register: console_allocation_os_release +- block: + - name: Include OS family-specific variables + include_vars: "{{ hostvars.localhost.ansible_os_family }}.yml" -- name: Include RedHat family-specific variables - include_vars: "RedHat.yml" - when: console_allocation_os_release.stdout in ['centos', 'fedora', 'rhel'] - -- name: Include Debian family-specific variables - include_vars: "Debian.yml" - when: console_allocation_os_release.stdout in ['debian', 'ubuntu'] - -# Note: Currently we install these using the system package manager rather than -# pip to a virtualenv. This is because Yum is required elsewhere and cannot -# easily be installed in a virtualenv. -- name: Ensure package dependencies are installed - local_action: - module: package - name: "{{ item }}" - state: present - use: "{{ console_allocation_package_manager }}" - become: True - with_items: "{{ console_allocation_package_dependencies }}" - run_once: True + # Note: Currently we install these using the system package manager rather than + # pip to a virtualenv. This is because Yum is required elsewhere and cannot + # easily be installed in a virtualenv. + - name: Ensure package dependencies are installed + local_action: + module: package + name: "{{ item }}" + state: present + use: "{{ console_allocation_package_manager }}" + become: True + with_items: "{{ console_allocation_package_dependencies }}" + run_once: True + when: + - hostvars.localhost.ansible_os_family == 'RedHat' + - hostvars.localhost.ansible_distribution_major_version | int == 7 - name: Validate allocation pool start vars: @@ -60,6 +51,14 @@ - (console_allocation_pool_start | int) > (console_allocation_pool_end | int) - name: Ensure Ironic serial console ports are allocated + vars: + # NOTE(mgoddard): Use the Python interpreter used to run ansible-playbook, + # since this has Python dependencies available to it (PyYAML). On CentOS 7 + # we use the system Python to ensure that we can import SELinux bindings. + ansible_python_interpreter: >- + {{ '/usr/libexec/platform-python' + if hostvars.localhost.ansible_os_family == 'RedHat' and hostvars.localhost.ansible_distribution_major_version | int == 7 + else ansible_playbook_python }} local_action: module: console_allocation allocation_file: "{{ console_allocation_filename }}" diff --git a/ansible/roles/console-allocation/vars/Debian.yml b/ansible/roles/console-allocation/vars/Debian.yml deleted file mode 100644 index de0361a96..000000000 --- a/ansible/roles/console-allocation/vars/Debian.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# Package manager to use. -console_allocation_package_manager: apt - -# List of packages to install. -console_allocation_package_dependencies: - - python-yaml diff --git a/ansible/roles/ip-allocation/tasks/main.yml b/ansible/roles/ip-allocation/tasks/main.yml index a5a71dd2d..eeeaca07c 100644 --- a/ansible/roles/ip-allocation/tasks/main.yml +++ b/ansible/roles/ip-allocation/tasks/main.yml @@ -1,34 +1,33 @@ --- -# Facts may not be available for the Ansible control host, so read the OS -# release manually. -- name: Check the OS release - local_action: - module: shell . /etc/os-release && echo $ID - changed_when: False - register: ip_allocation_os_release +- block: + - name: Include OS family-specific variables + include_vars: "{{ hostvars.localhost.ansible_os_family }}.yml" -- name: Include RedHat family-specific variables - include_vars: "RedHat.yml" - when: ip_allocation_os_release.stdout in ['centos', 'fedora', 'rhel'] - -- name: Include Debian family-specific variables - include_vars: "Debian.yml" - when: ip_allocation_os_release.stdout in ['debian', 'ubuntu'] - -# Note: Currently we install these using the system package manager rather than -# pip to a virtualenv. This is because Yum is required elsewhere and cannot -# easily be installed in a virtualenv. -- name: Ensure package dependencies are installed - local_action: - module: package - name: "{{ item }}" - state: present - use: "{{ ip_allocation_package_manager }}" - become: True - with_items: "{{ ip_allocation_package_dependencies }}" - run_once: True + # Note: Currently we install these using the system package manager rather than + # pip to a virtualenv. This is because Yum is required elsewhere and cannot + # easily be installed in a virtualenv. + - name: Ensure package dependencies are installed + local_action: + module: package + name: "{{ item }}" + state: present + use: "{{ ip_allocation_package_manager }}" + become: True + with_items: "{{ ip_allocation_package_dependencies }}" + run_once: True + when: + - hostvars.localhost.ansible_os_family == 'RedHat' + - hostvars.localhost.ansible_distribution_major_version | int == 7 - name: Ensure IP addresses are allocated + vars: + # NOTE(mgoddard): Use the Python interpreter used to run ansible-playbook, + # since this has Python dependencies available to it (PyYAML). On CentOS 7 + # we use the system Python to ensure that we can import SELinux bindings. + ansible_python_interpreter: >- + {{ '/usr/libexec/platform-python' + if hostvars.localhost.ansible_os_family == 'RedHat' and hostvars.localhost.ansible_distribution_major_version | int == 7 + else ansible_playbook_python }} local_action: module: ip_allocation allocation_file: "{{ ip_allocation_filename }}" diff --git a/ansible/roles/ip-allocation/vars/Debian.yml b/ansible/roles/ip-allocation/vars/Debian.yml deleted file mode 100644 index 00caec722..000000000 --- a/ansible/roles/ip-allocation/vars/Debian.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# Package manager to use. -ip_allocation_package_manager: apt - -# List of packages to install. -ip_allocation_package_dependencies: - - python-netaddr - - python-yaml diff --git a/ansible/roles/kolla-ansible/tasks/config.yml b/ansible/roles/kolla-ansible/tasks/config.yml index 151c1dd94..a195119e4 100644 --- a/ansible/roles/kolla-ansible/tasks/config.yml +++ b/ansible/roles/kolla-ansible/tasks/config.yml @@ -97,6 +97,14 @@ loop_var: host - name: Ensure the Kolla passwords file exists + vars: + # NOTE(mgoddard): Use the Python interpreter used to run ansible-playbook, + # since this has Python dependencies available to it (PyYAML). On CentOS 7 + # we use the system Python to ensure that we can import SELinux bindings. + ansible_python_interpreter: >- + {{ '/usr/libexec/platform-python' + if ansible_os_family == 'RedHat' and ansible_distribution_major_version | int == 7 + else ansible_playbook_python }} kolla_passwords: src: "{{ kolla_ansible_passwords_path }}" dest: "{{ kolla_ansible_passwords_path }}" diff --git a/ansible/roles/kolla-ansible/vars/Debian.yml b/ansible/roles/kolla-ansible/vars/Debian.yml index 22a7de96b..649938a14 100644 --- a/ansible/roles/kolla-ansible/vars/Debian.yml +++ b/ansible/roles/kolla-ansible/vars/Debian.yml @@ -8,3 +8,4 @@ kolla_ansible_package_dependencies: - "python{% if kolla_ansible_venv_python_major_version | int == 3 %}3{% endif %}-dev" - "python{% if kolla_ansible_venv_python_major_version | int == 3 %}3{% endif %}-pip" - "python{% if kolla_ansible_venv_python_major_version | int == 3 %}3-venv{% else %}-virtualenv{% endif %}" + - "{% if kolla_ansible_venv_python_major_version | int == 2 %}python-yaml{% endif %}" diff --git a/ansible/roles/kolla-ansible/vars/RedHat.yml b/ansible/roles/kolla-ansible/vars/RedHat.yml index a7bef2ba1..e05582df5 100644 --- a/ansible/roles/kolla-ansible/vars/RedHat.yml +++ b/ansible/roles/kolla-ansible/vars/RedHat.yml @@ -8,3 +8,4 @@ kolla_ansible_package_dependencies: - "python{% if kolla_ansible_venv_python_major_version | int == 3 %}3{% endif %}-devel" - "python{% if kolla_ansible_venv_python_major_version | int == 3 %}3{% endif %}-pip" - "{% if kolla_ansible_venv_python_major_version | int == 2 %}python-virtualenv{% endif %}" + - "{% if kolla_ansible_venv_python_major_version | int == 2 %}PyYAML{% endif %}" diff --git a/requirements.txt b/requirements.txt index a368d2664..94ea1a95f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,3 +8,4 @@ cliff>=2.5.0,<2.15.0 # Apache netaddr!=0.7.16,>=0.7.13 # BSD PyYAML>=3.10.0 # MIT setuptools!=24.0.0,!=34.0.0,!=34.0.1,!=34.0.2,!=34.0.3,!=34.1.0,!=34.1.1,!=34.2.0,!=34.3.0,!=34.3.1,>=16.0 # PSF/ZPL +selinux;python_version>='3' # MIT