Implement nova venv support

This commit conditionally allows the os_nova role to install build and deploy within a venv. This is the new default behavior of the role however the functionality can be disabled. Implements: blueprint enable-venv-support-within-the-roles Change-Id: I13cf36058d08934a41b24ccf4f1700321ab00547 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2015-10-03 00:45:05 -05:00 · 2015-10-03 00:45:05 -05:00 · 0d8a6c888d
commit 0d8a6c888d
parent 4eb840a924
10 changed files with 179 additions and 11 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -13,15 +13,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-# Defines that the role will be deployed on a host machine
-is_metal: true
-
 # Enable/Disable ceilometer configurations
 nova_ceilometer_enabled: False

 ## Verbosity Options
 debug: False
 verbose: True
+
+# Name of the virtual env to deploy into
+nova_venv_tag: untagged
+nova_venv_bin: "/openstack/venvs/nova-{{ nova_venv_tag }}/bin"
+
+# Set this to enable or disable installing in a venv
+nova_venv_enabled: true
+
+# The bin path defaults to the venv path however if installation in a
+#  venv is disabled the bin path will be dynamically set based on the
+#  system path used when the installing.
+nova_bin: "{{ nova_venv_bin }}"
+
 nova_fatal_deprecations: False

 ## System info
@ -277,6 +287,14 @@ nova_compute_kvm_apt_packages:
  - dosfstools
  - dosfstools-dbg

+# nova packages that must be installed before anything else
+nova_requires_pip_packages:
+  - virtualenv
+  - python-keystoneclient # Keystoneclient needed to OSA keystone lib
+
+nova_compute_pip_packages:
+  - libvirt-python
+
 # Common pip packages
 nova_pip_packages:
  - PyMySQL
--- a/tasks/nova_compute_kvm_install.yml
+++ b/tasks/nova_compute_kvm_install.yml
@ -37,3 +37,56 @@
  tags:
    - nova-apt-packages
    - nova-compute-kvm-apt-packages
+
+- name: Install pip packages (venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    virtualenv: "{{ nova_venv_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_compute_pip_packages }}"
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+# TODO(cloudnull): use a package from pypi when its made available
+# This is being done because guestfs is not an installable package at this time.
+#  There is a change in the works to upload the guestfs package to pypi in the
+#  future however that's not been done as of yet.
+#  related thread http://lists.openstack.org/pipermail/openstack-dev/2015-July/070927.html
+- name: Link guestfs into the venv
+  file:
+    src: "{{ item.name }}"
+    dest: "{{ nova_venv_bin | dirname }}/lib/python2.7/{{ item.name | basename }}"
+    state: "{{ item.state }}"
+    force: "yes"
+  with_items:
+    - { state: link, name: "/usr/lib/python2.7/dist-packages/libguestfsmod.so" }
+    - { state: link, name: "/usr/lib/python2.7/dist-packages/guestfs.py" }
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (no venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_compute_pip_packages }}"
+  when: not nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages
--- a/tasks/nova_console_novnc_install.yml
+++ b/tasks/nova_console_novnc_install.yml
@ -25,6 +25,7 @@
  retries: 5
  delay: 2
  tags:
+    - nova-install
    - nova-novnc-git

 - name: Update apt sources
@ -49,18 +50,40 @@
  delay: 2
  with_items: nova_novnc_apt_packages
  tags:
+    - nova-install
    - nova-apt-packages
    - nova-novnc-apt-packages

- name: Install pip packages
+- name: Install pip packages (venv)
  pip:
    name: "{{ item }}"
    state: present
+    virtualenv: "{{ nova_venv_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options|default('') }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items:
    - "{{ nova_novnc_pip_packages }}"
+  when: nova_venv_enabled | bool
  tags:
-    - nova-novnc-pip-packages
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (no venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_novnc_pip_packages }}"
+  when: not nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-novnc-pip-packages
--- a/tasks/nova_db_setup.yml
+++ b/tasks/nova_db_setup.yml
@ -40,9 +40,10 @@
    - nova-db-setup

 - name: Perform a Nova DB sync
-  command: nova-manage db sync
+  command: "{{ nova_bin }}/nova-manage db sync"
  sudo: yes
  sudo_user: "{{ nova_system_user_name }}"
  tags:
    - nova-db-setup
    - nova-setup
+    - nova-command-bin
--- a/tasks/nova_install.yml
+++ b/tasks/nova_install.yml
@ -34,9 +34,43 @@
  delay: 2
  with_items: nova_apt_packages
  tags:
+    - nova-install
    - nova-apt-packages

- name: Install pip packages
+- name: Install requires pip packages
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_requires_pip_packages }}"
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    virtualenv: "{{ nova_venv_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_pip_packages }}"
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (no venv)
  pip:
    name: "{{ item }}"
    state: present
@ -47,5 +81,7 @@
  delay: 2
  with_items:
    - "{{ nova_pip_packages }}"
+  when: not nova_venv_enabled | bool
  tags:
+    - nova-install
    - nova-pip-packages
--- a/tasks/nova_post_install.yml
+++ b/tasks/nova_post_install.yml
@ -60,3 +60,19 @@
  tags:
    - nova-config
    - nova-post-install
+
+- name: Get nova command path
+  command: which nova
+  register: nova_command_path
+  when:
+    - not nova_venv_enabled | bool
+  tags:
+    - nova-command-bin
+
+- name: Set nova command path
+  set_fact:
+    nova_bin: "{{ nova_command_path.stdout | dirname }}"
+  when:
+    - not nova_venv_enabled | bool
+  tags:
+    - nova-command-bin
--- a/tasks/nova_pre_install.yml
+++ b/tasks/nova_pre_install.yml
@ -57,6 +57,7 @@
    group: "{{ item.group|default(nova_system_group_name) }}"
    mode: "{{ item.mode|default('0755') }}"
  with_items:
+    - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
    - { path: "/etc/nova" }
    - { path: "/etc/nova/rootwrap.d" }
    - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
@ -70,6 +71,19 @@
  tags:
    - nova-dirs

+- name: Create nova venv dir
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner|default(nova_system_user_name) }}"
+    group: "{{ item.group|default(nova_system_group_name) }}"
+  with_items:
+    - { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" }
+    - { path: "{{ nova_venv_bin }}" }
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-dirs
+
 - name: Test for log directory or link
  shell: |
    if [ -h "/var/log/nova"  ]; then
--- a/templates/nova-upstart-init.j2
+++ b/templates/nova-upstart-init.j2
@ -12,7 +12,7 @@ respawn
 respawn limit 10 5

 # Set the RUNBIN environment variable
-env RUNBIN="/usr/local/bin/{{ program_name }}"
+env RUNBIN="{{ nova_bin }}/{{ program_name }}"

 # Change directory to service users home
 chdir "{{ service_home }}"
@ -24,6 +24,11 @@ pre-start script

  mkdir -p "/var/lock/{{ program_name }}"
  chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
+
+  {% if nova_venv_enabled | bool -%}
+  . {{ nova_venv_bin }}/activate
+  {%- endif %}
+
 end script

 # Post stop actions
--- a/templates/rootwrap.conf.j2
+++ b/templates/rootwrap.conf.j2
@ -10,7 +10,7 @@ filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
 # explicitely specify a full path (separated by ',')
 # If not specified, defaults to system PATH environment variable.
 # These directories MUST all be only writeable by root !
-exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
+exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,{{ nova_bin }}

 # Enable logging to syslog
 # Default value is False
--- a/templates/sudoers.j2
+++ b/templates/sudoers.j2
@ -1,4 +1,6 @@
 # {{ ansible_managed }}

-# Defaults:{{ nova_system_user_name }}!requiretty
-{{ nova_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ nova_service_name }}-rootwrap
+Defaults:{{ nova_system_user_name }} !requiretty
+Defaults:{{ nova_system_user_name }} secure_path="{{ nova_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+{{ nova_system_user_name }} ALL = (root) NOPASSWD: {{ nova_bin }}/{{ nova_service_name }}-rootwrap