From d25da0560a2fe27aa5374bc31026c358cddf3170 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Sat, 19 Sep 2015 21:31:31 -0500
Subject: [PATCH] Implement cinder venv support

This commit conditionally allows the os_cinder role to
install build and deploy within a venv. This is the new
default behavior of the role however the functionality
can be disabled.

Implements: blueprint enable-venv-support-within-the-roles

Change-Id: Icd764b78ee887f4fe2ecd4bb67b97ae4651e6fa3
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 defaults/main.yml                | 25 +++++++++++++++++++++
 tasks/cinder_backends.yml        |  4 ++--
 tasks/cinder_db_setup.yml        |  3 ++-
 tasks/cinder_install.yml         | 38 +++++++++++++++++++++++++++++++-
 tasks/cinder_post_install.yml    | 16 ++++++++++++++
 tasks/cinder_pre_install.yml     | 14 ++++++++++++
 templates/cinder-upstart-init.j2 |  7 +++++-
 templates/cinder.conf.j2         |  8 +++----
 templates/rootwrap.conf.j2       |  2 +-
 templates/sudoers.j2             |  6 +++--
 10 files changed, 111 insertions(+), 12 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 07c41497..96b23d1e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -16,6 +16,18 @@
 # Defines that the role will be deployed on a host machine
 is_metal: true
 
+# Name of the virtual env to deploy into
+cinder_venv_tag: untagged
+cinder_venv_bin: "/openstack/venvs/cinder-{{ cinder_venv_tag }}/bin"
+
+# Set this to enable or disable installing in a venv
+cinder_venv_enabled: true
+
+# The bin path defaults to the venv path however if installation in a
+#  venv is disabled the bin path will be dynamically set based on the
+#  system path used when the installing.
+cinder_bin: "{{ cinder_venv_bin }}"
+
 # Enable/Disable Ceilometer
 cinder_ceilometer_enabled: False
 
@@ -188,6 +200,14 @@ cinder_quota_backup_gigabytes: 1000
 #  "volume:create": ""
 #  "volume:delete": ""
 
+# Potential locations of glance
+# the variable cinder_glance_api_servers is a list of servers that can service glance
+# by default this variable is undefined
+#cinder_glance_api_servers:
+
+cinder_glance_host: 127.0.0.1
+cinder_glance_service_port: 9292
+
 # Common apt packages
 cinder_apt_packages:
   - dmeventd
@@ -203,6 +223,11 @@ cinder_apt_packages:
   - zlib1g
   - zlibc
 
+# Cinder packages that must be installed before anything else
+cinder_requires_pip_packages:
+  - virtualenv
+  - python-keystoneclient # Keystoneclient needed to OSA keystone lib
+
 # Common pip packages
 cinder_pip_packages:
   - cinder
diff --git a/tasks/cinder_backends.yml b/tasks/cinder_backends.yml
index 31192f0c..f5591943 100644
--- a/tasks/cinder_backends.yml
+++ b/tasks/cinder_backends.yml
@@ -24,8 +24,8 @@
 - name: Add in cinder devices types
   shell: |
     . {{ ansible_env.HOME }}/openrc
-    cinder type-create "{{ item.0 }}"
-    cinder type-key "{{ item.0 }}" set volume_backend_name="{{ item.1.volume_backend_name }}"
+    {{ cinder_bin }}/cinder type-create "{{ item.0 }}"
+    {{ cinder_bin }}/cinder type-key "{{ item.0 }}" set volume_backend_name="{{ item.1.volume_backend_name }}"
   with_items: cinder_backends|dictsort
   when: cinder_backends is defined
   tags:
diff --git a/tasks/cinder_db_setup.yml b/tasks/cinder_db_setup.yml
index 635c4a77..09bcd24c 100644
--- a/tasks/cinder_db_setup.yml
+++ b/tasks/cinder_db_setup.yml
@@ -40,9 +40,10 @@
     - cinder-db-setup
 
 - name: Perform a cinder DB sync
-  command: cinder-manage db sync
+  command: "{{ cinder_bin }}/cinder-manage db sync"
   sudo: yes
   sudo_user: "{{ cinder_system_user_name }}"
   tags:
     - cinder-db-sync
     - cinder-setup
+    - cinder-command-bin
diff --git a/tasks/cinder_install.yml b/tasks/cinder_install.yml
index eac778d1..9eb0f27b 100644
--- a/tasks/cinder_install.yml
+++ b/tasks/cinder_install.yml
@@ -34,9 +34,43 @@
   delay: 2
   with_items: cinder_apt_packages
   tags:
+    - cinder-install
     - cinder-apt-packages
 
-- name: Install pip packages
+- name: Install requires pip packages
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ cinder_requires_pip_packages }}"
+  tags:
+    - cinder-install
+    - cinder-pip-packages
+
+- name: Install pip packages (venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    virtualenv: "{{ cinder_venv_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ cinder_pip_packages }}"
+  when: cinder_venv_enabled | bool
+  tags:
+    - cinder-install
+    - cinder-pip-packages
+
+- name: Install pip packages (no venv)
   pip:
     name: "{{ item }}"
     state: present
@@ -47,5 +81,7 @@
   delay: 2
   with_items:
     - "{{ cinder_pip_packages }}"
+  when: not cinder_venv_enabled | bool
   tags:
+    - cinder-install
     - cinder-pip-packages
diff --git a/tasks/cinder_post_install.yml b/tasks/cinder_post_install.yml
index 263fd99b..e0d6bc08 100644
--- a/tasks/cinder_post_install.yml
+++ b/tasks/cinder_post_install.yml
@@ -73,3 +73,19 @@
   when: cinder_nfs_client is defined
   tags:
     - cinder-nfs
+
+- name: Get cinder command path
+  command: which cinder
+  register: cinder_command_path
+  when:
+    - not cinder_venv_enabled | bool
+  tags:
+    - cinder-command-bin
+
+- name: Set cinder command path
+  set_fact:
+    cinder_bin: "{{ cinder_command_path.stdout | dirname }}"
+  when:
+    - not cinder_venv_enabled | bool
+  tags:
+    - cinder-command-bin
diff --git a/tasks/cinder_pre_install.yml b/tasks/cinder_pre_install.yml
index e0cfdcb2..9f016484 100644
--- a/tasks/cinder_pre_install.yml
+++ b/tasks/cinder_pre_install.yml
@@ -40,6 +40,7 @@
     owner: "{{ item.owner|default(cinder_system_user_name) }}"
     group: "{{ item.group|default(cinder_system_group_name) }}"
   with_items:
+    - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
     - { path: "/var/cache/cinder", mode: "0700" }
     - { path: "/etc/cinder" }
     - { path: "/etc/cinder/rootwrap.d" }
@@ -48,6 +49,19 @@
   tags:
     - cinder-dirs
 
+- name: Create cinder venv dir
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner|default(cinder_system_user_name) }}"
+    group: "{{ item.group|default(cinder_system_group_name) }}"
+  with_items:
+    - { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" }
+    - { path: "{{ cinder_venv_bin }}" }
+  when: cinder_venv_enabled | bool
+  tags:
+    - cinder-dirs
+
 - name: Test for log directory or link
   shell: |
     if [ -h "/var/log/cinder"  ]; then
diff --git a/templates/cinder-upstart-init.j2 b/templates/cinder-upstart-init.j2
index dc3ca016..b0235b77 100644
--- a/templates/cinder-upstart-init.j2
+++ b/templates/cinder-upstart-init.j2
@@ -12,7 +12,7 @@ respawn
 respawn limit 10 5
 
 # Set the RUNBIN environment variable
-env RUNBIN="/usr/local/bin/{{ program_name }}"
+env RUNBIN="{{ cinder_bin }}/{{ program_name }}"
 
 # Change directory to service users home
 chdir "{{ service_home }}"
@@ -24,6 +24,11 @@ pre-start script
 
   mkdir -p "/var/lock/{{ program_name }}"
   chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
+
+  {% if cinder_venv_enabled | bool -%}
+  . {{ cinder_venv_bin }}/activate
+  {%- endif %}
+
 end script
 
 # Post stop actions
diff --git a/templates/cinder.conf.j2 b/templates/cinder.conf.j2
index f99c2880..2a60891c 100644
--- a/templates/cinder.conf.j2
+++ b/templates/cinder.conf.j2
@@ -61,11 +61,11 @@ nova_catalog_info = {{ cinder_nova_catalog_info }}
 nova_catalog_admin_info = {{ cinder_nova_catalog_admin_info }}
 
 ## Glance
-{% if glance_api_servers is defined %}
-glance_api_servers = {{ glance_api_servers }}
+{% if cinder_glance_api_servers is defined %}
+glance_api_servers = {{ cinder_glance_api_servers }}
 {% else %}
-glance_host = {{ glance_host }}
-glance_port = {{ glance_service_port }}
+glance_host = {{ cinder_glance_host }}
+glance_port = {{ cinder_glance_service_port }}
 {% endif %}
 glance_num_retries = 0
 
diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2
index 4d280eae..8ec5bde4 100644
--- a/templates/rootwrap.conf.j2
+++ b/templates/rootwrap.conf.j2
@@ -10,7 +10,7 @@ filters_path=/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap
 # explicitely specify a full path (separated by ',')
 # If not specified, defaults to system PATH environment variable.
 # These directories MUST all be only writeable by root !
-exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
+exec_dirs={{ cinder_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin
 
 # Enable logging to syslog
 # Default value is False
diff --git a/templates/sudoers.j2 b/templates/sudoers.j2
index 625e2521..b8a60392 100644
--- a/templates/sudoers.j2
+++ b/templates/sudoers.j2
@@ -1,4 +1,6 @@
 # {{ ansible_managed }}
 
-# Defaults:{{ cinder_system_user_name }}!requiretty
-{{ cinder_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ cinder_service_name }}-rootwrap
+Defaults:{{ cinder_system_user_name }} !requiretty
+Defaults:{{ cinder_system_user_name }} secure_path="{{ cinder_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+{{ cinder_system_user_name }} ALL = (root) NOPASSWD: {{ cinder_bin }}/{{ cinder_service_name }}-rootwrap