Only install to virtual environment

Remove all tasks and variables related to toggling between installation
of keystone inside or outside of a Python virtual environment.
Installing within a venv is now the only supported deployment.

Additionally, a few changes have been made to make the creation of the
venv more resistant to interruptions during a run of the role.
* unarchiving a pre-built venv will now also occur when the venv
  directory is created, not only after being downloaded
* virtualenv-tools is run against both pre-built and non pre-built venvs
  to account for interruptions during or prior to unarchiving

Change-Id: Ic0a0dac84a26aba2ef0ce5410dc7c722570cd410
Implements: blueprint only-install-venvs

defaults/main.yml

@@ -29,15 +29,7 @@ keystone_developer_constraints:
 
 # Name of the virtual env to deploy into
 keystone_venv_tag: untagged
-keystone_venv_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin"
+keystone_bin: "/openstack/venvs/keystone-{{ keystone_venv_tag }}/bin"
-
-# Set this to enable or disable installing in a venv
-keystone_venv_enabled: true
-
-# The bin path defaults to the venv path however if installation in a
-#  venv is disabled the bin path will be dynamically set based on the
-#  system path used when the installing.
-keystone_bin: "{{ keystone_venv_bin }}"
 
 keystone_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/keystone.tgz
 

releasenotes/notes/os-keystone-only-install-venv-b766568ee8d40354.yaml

@@ -0,0 +1,5 @@
+---
+upgrade:
+  - Installation of keystone and its dependent pip packages will now only
+    occur within a Python virtual environment. The ``keystone_venv_enabled``
+    variable has been removed.

tasks/keystone_install.yml

@@ -66,7 +66,6 @@
     get_md5: False
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
   register: local_venv_stat
 
 - name: Get remote venv checksum
@@ -75,7 +74,6 @@
     return_content: True
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
   register: remote_venv_checksum
 
 # TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
@@ -92,57 +90,44 @@
   register: get_venv
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
     - (local_venv_stat.stat.exists == False or
         {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
 
 - name: Set keystone get_venv fact
   set_fact:
     keystone_get_venv: "{{ get_venv }}"
-  when: keystone_venv_enabled | bool
 
 - name: Remove existing venv
   file:
-    path: "{{ keystone_venv_bin | dirname }}"
+    path: "{{ keystone_bin | dirname }}"
     state: absent
   when:
-    - keystone_venv_enabled | bool
     - keystone_get_venv | changed
 
 - name: Create keystone venv dir
   file:
-    path: "{{ keystone_venv_bin | dirname }}"
+    path: "{{ keystone_bin | dirname }}"
     state: directory
+  register: keystone_venv_dir
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
-    - keystone_get_venv | changed
 
 - name: Unarchive pre-built venv
   unarchive:
     src: "/var/cache/{{ keystone_venv_download_url | basename }}"
-    dest: "{{ keystone_venv_bin | dirname }}"
+    dest: "{{ keystone_bin | dirname }}"
     copy: "no"
   when:
     - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
+    - keystone_get_venv | changed or keystone_venv_dir | changed
-    - keystone_get_venv | changed
   notify:
     - Restart Apache
 
-- name: Update virtualenv path
+- name: Install pip packages
-  command: >
-    virtualenv-tools --update-path=auto {{ keystone_venv_bin | dirname }}
-  when:
-    - not keystone_developer_mode | bool
-    - keystone_venv_enabled | bool
-    - keystone_get_venv | success
-
-- name: Install pip packages (venv)
   pip:
     name: "{{ item }}"
     state: latest
-    virtualenv: "{{ keystone_venv_bin | dirname }}"
+    virtualenv: "{{ keystone_bin | dirname }}"
     virtualenv_site_packages: "no"
     extra_args: "{{ pip_install_options_fact }}"
   register: install_packages
@@ -151,23 +136,10 @@
   delay: 2
   with_items: keystone_pip_packages
   when:
-    - keystone_venv_enabled | bool
     - keystone_get_venv | failed or keystone_developer_mode | bool
   notify:
     - Restart Apache
 
-- name: Install pip packages (no venv)
+- name: Update virtualenv path
-  pip:
+  command: >
-    name: "{{ item }}"
+    virtualenv-tools --update-path=auto {{ keystone_bin | dirname }}
-    state: latest
-    extra_args: "{{ pip_install_options_fact }}"
-  register: install_packages
-  until: install_packages|success
-  retries: 5
-  delay: 2
-  with_items: keystone_pip_packages
-  when:
-    - not keystone_developer_mode | bool
-    - not keystone_venv_enabled | bool
-  notify:
-    - Restart Apache

tasks/keystone_post_install.yml

@@ -60,15 +60,3 @@
     - { src: "keystone-wsgi.py.j2", dest: "/var/www/cgi-bin/keystone/main", mode: "0755" }
   notify:
     - Restart Apache
-
-- name: Get keystone command path
-  command: which keystone
-  register: keystone_command_path
-  when:
-    - not keystone_venv_enabled | bool
-
-- name: Set keystone command path
-  set_fact:
-    keystone_bin: "{{ keystone_command_path.stdout | dirname }}"
-  when:
-    - not keystone_venv_enabled | bool

tasks/keystone_pre_install.yml

@@ -65,15 +65,6 @@
     - { path: "/var/www/cgi-bin", owner: root, group: root }
     - { path: "/var/www/cgi-bin/keystone" }
 
-- name: Create keystone venv dir
-  file:
-    path: "{{ item.path }}"
-    state: directory
-  with_items:
-    - { path: "/openstack/venvs" }
-    - { path: "{{ keystone_venv_bin }}" }
-  when: keystone_venv_enabled | bool
-
 - name: Test for log directory or link
   shell: |
     if [ -h "/var/log/keystone"  ]; then

templates/keystone-httpd.conf.j2

@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 
 <VirtualHost *:{{ keystone_service_port }}>
-    WSGIDaemonProcess     keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} {% if keystone_venv_enabled | bool %}python-path={{ keystone_venv_bin | dirname }}/lib/python2.7/site-packages{% endif %}
+    WSGIDaemonProcess     keystone-service user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
 
     WSGIProcessGroup      keystone-service
     WSGIScriptAlias       / /var/www/cgi-bin/keystone/main
@@ -59,7 +59,7 @@
 </VirtualHost>
 
 <VirtualHost *:{{ keystone_admin_port }}>
-    WSGIDaemonProcess     keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} {% if keystone_venv_enabled | bool %}python-path={{ keystone_venv_bin | dirname }}/lib/python2.7/site-packages{% endif %}
+    WSGIDaemonProcess     keystone-admin user={{ keystone_system_user_name }} group={{ keystone_system_group_name }} processes={{ keystone_wsgi_processes }} threads={{ keystone_wsgi_threads }} display-name=%{GROUP} python-path={{ keystone_bin | dirname }}/lib/python2.7/site-packages
 
     WSGIProcessGroup      keystone-admin
     WSGIScriptAlias       / /var/www/cgi-bin/keystone/admin