Implement nova venv support

This commit conditionally allows the os_nova role to
install build and deploy within a venv. This is the new
default behavior of the role however the functionality
can be disabled.

Implements: blueprint enable-venv-support-within-the-roles

Change-Id: I13cf36058d08934a41b24ccf4f1700321ab00547
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

defaults/main.yml

@@ -13,15 +13,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Defines that the role will be deployed on a host machine
-is_metal: true
-
 # Enable/Disable ceilometer configurations
 nova_ceilometer_enabled: False
 
 ## Verbosity Options
 debug: False
 verbose: True
+
+# Name of the virtual env to deploy into
+nova_venv_tag: untagged
+nova_venv_bin: "/openstack/venvs/nova-{{ nova_venv_tag }}/bin"
+
+# Set this to enable or disable installing in a venv
+nova_venv_enabled: true
+
+# The bin path defaults to the venv path however if installation in a
+#  venv is disabled the bin path will be dynamically set based on the
+#  system path used when the installing.
+nova_bin: "{{ nova_venv_bin }}"
+
 nova_fatal_deprecations: False
 
 ## System info
@@ -277,6 +287,14 @@ nova_compute_kvm_apt_packages:
   - dosfstools
   - dosfstools-dbg
 
+# nova packages that must be installed before anything else
+nova_requires_pip_packages:
+  - virtualenv
+  - python-keystoneclient # Keystoneclient needed to OSA keystone lib
+
+nova_compute_pip_packages:
+  - libvirt-python
+
 # Common pip packages
 nova_pip_packages:
   - PyMySQL

tasks/nova_compute_kvm_install.yml

@@ -37,3 +37,56 @@
   tags:
     - nova-apt-packages
     - nova-compute-kvm-apt-packages
+
+- name: Install pip packages (venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    virtualenv: "{{ nova_venv_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_compute_pip_packages }}"
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+# TODO(cloudnull): use a package from pypi when its made available
+# This is being done because guestfs is not an installable package at this time.
+#  There is a change in the works to upload the guestfs package to pypi in the
+#  future however that's not been done as of yet.
+#  related thread http://lists.openstack.org/pipermail/openstack-dev/2015-July/070927.html
+- name: Link guestfs into the venv
+  file:
+    src: "{{ item.name }}"
+    dest: "{{ nova_venv_bin | dirname }}/lib/python2.7/{{ item.name | basename }}"
+    state: "{{ item.state }}"
+    force: "yes"
+  with_items:
+    - { state: link, name: "/usr/lib/python2.7/dist-packages/libguestfsmod.so" }
+    - { state: link, name: "/usr/lib/python2.7/dist-packages/guestfs.py" }
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (no venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_compute_pip_packages }}"
+  when: not nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages

tasks/nova_console_novnc_install.yml

@@ -25,6 +25,7 @@
   retries: 5
   delay: 2
   tags:
+    - nova-install
     - nova-novnc-git
 
 - name: Update apt sources
@@ -49,18 +50,40 @@
   delay: 2
   with_items: nova_novnc_apt_packages
   tags:
+    - nova-install
     - nova-apt-packages
     - nova-novnc-apt-packages
 
-- name: Install pip packages
+- name: Install pip packages (venv)
   pip:
     name: "{{ item }}"
     state: present
+    virtualenv: "{{ nova_venv_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options|default('') }}"
   register: install_packages
   until: install_packages|success
   retries: 5
   delay: 2
   with_items:
     - "{{ nova_novnc_pip_packages }}"
+  when: nova_venv_enabled | bool
   tags:
-    - nova-novnc-pip-packages
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (no venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_novnc_pip_packages }}"
+  when: not nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-novnc-pip-packages

tasks/nova_db_setup.yml

@@ -40,9 +40,10 @@
     - nova-db-setup
 
 - name: Perform a Nova DB sync
-  command: nova-manage db sync
+  command: "{{ nova_bin }}/nova-manage db sync"
   sudo: yes
   sudo_user: "{{ nova_system_user_name }}"
   tags:
     - nova-db-setup
     - nova-setup
+    - nova-command-bin

tasks/nova_install.yml

@@ -34,9 +34,43 @@
   delay: 2
   with_items: nova_apt_packages
   tags:
+    - nova-install
     - nova-apt-packages
 
-- name: Install pip packages
+- name: Install requires pip packages
+  pip:
+    name: "{{ item }}"
+    state: present
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_requires_pip_packages }}"
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (venv)
+  pip:
+    name: "{{ item }}"
+    state: present
+    virtualenv: "{{ nova_venv_bin | dirname }}"
+    virtualenv_site_packages: "no"
+    extra_args: "{{ pip_install_options|default('') }}"
+  register: install_packages
+  until: install_packages|success
+  retries: 5
+  delay: 2
+  with_items:
+    - "{{ nova_pip_packages }}"
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-install
+    - nova-pip-packages
+
+- name: Install pip packages (no venv)
   pip:
     name: "{{ item }}"
     state: present
@@ -47,5 +81,7 @@
   delay: 2
   with_items:
     - "{{ nova_pip_packages }}"
+  when: not nova_venv_enabled | bool
   tags:
+    - nova-install
     - nova-pip-packages

tasks/nova_post_install.yml

@@ -60,3 +60,19 @@
   tags:
     - nova-config
     - nova-post-install
+
+- name: Get nova command path
+  command: which nova
+  register: nova_command_path
+  when:
+    - not nova_venv_enabled | bool
+  tags:
+    - nova-command-bin
+
+- name: Set nova command path
+  set_fact:
+    nova_bin: "{{ nova_command_path.stdout | dirname }}"
+  when:
+    - not nova_venv_enabled | bool
+  tags:
+    - nova-command-bin

tasks/nova_pre_install.yml

@@ -57,6 +57,7 @@
     group: "{{ item.group|default(nova_system_group_name) }}"
     mode: "{{ item.mode|default('0755') }}"
   with_items:
+    - { path: "/openstack", mode: "0755", owner: "root", group: "root" }
     - { path: "/etc/nova" }
     - { path: "/etc/nova/rootwrap.d" }
     - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
@@ -70,6 +71,19 @@
   tags:
     - nova-dirs
 
+- name: Create nova venv dir
+  file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner|default(nova_system_user_name) }}"
+    group: "{{ item.group|default(nova_system_group_name) }}"
+  with_items:
+    - { path: "/openstack/venvs", mode: "0755", owner: "root", group: "root" }
+    - { path: "{{ nova_venv_bin }}" }
+  when: nova_venv_enabled | bool
+  tags:
+    - nova-dirs
+
 - name: Test for log directory or link
   shell: |
     if [ -h "/var/log/nova"  ]; then

templates/nova-upstart-init.j2

@@ -12,7 +12,7 @@ respawn
 respawn limit 10 5
 
 # Set the RUNBIN environment variable
-env RUNBIN="/usr/local/bin/{{ program_name }}"
+env RUNBIN="{{ nova_bin }}/{{ program_name }}"
 
 # Change directory to service users home
 chdir "{{ service_home }}"
@@ -24,6 +24,11 @@ pre-start script
 
   mkdir -p "/var/lock/{{ program_name }}"
   chown {{ system_user }}:{{ system_group }} "/var/lock/{{ program_name }}"
+
+  {% if nova_venv_enabled | bool -%}
+  . {{ nova_venv_bin }}/activate
+  {%- endif %}
+
 end script
 
 # Post stop actions

templates/rootwrap.conf.j2

@@ -10,7 +10,7 @@ filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
 # explicitely specify a full path (separated by ',')
 # If not specified, defaults to system PATH environment variable.
 # These directories MUST all be only writeable by root !
-exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
+exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,{{ nova_bin }}
 
 # Enable logging to syslog
 # Default value is False

templates/sudoers.j2

@@ -1,4 +1,6 @@
 # {{ ansible_managed }}
 
-# Defaults:{{ nova_system_user_name }}!requiretty
+Defaults:{{ nova_system_user_name }} !requiretty
-{{ nova_system_user_name }} ALL = (root) NOPASSWD: /usr/local/bin/{{ nova_service_name }}-rootwrap
+Defaults:{{ nova_system_user_name }} secure_path="{{ nova_bin }}:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+{{ nova_system_user_name }} ALL = (root) NOPASSWD: {{ nova_bin }}/{{ nova_service_name }}-rootwrap