Skip to content

Commit

Permalink
Merge pull request #33 from stackhpc/unset_venv_fix
Browse files Browse the repository at this point in the history 
fix for venv override fact
  • Loading branch information
@markgoddard
markgoddard authored Mar 19, 2024
2 parents 147f216 + 9e959f0 commit fab9b06
Show file tree
Hide file tree
Showing 2 changed files with 242 additions and 249 deletions.
252 changes: 3 additions & 249 deletions roles/os_projects/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,253 +3,7 @@
ansible.builtin.set_fact:
old_ansible_python_interpreter: "{{ ansible_python_interpreter | default('/usr/bin/python3') }}"

- name: Set a fact to ensure Ansible uses the python interpreter in the virtualenv
ansible.builtin.set_fact:
ansible_python_interpreter: "{{ os_projects_venv }}/bin/python"
when: os_projects_venv != None

- name: Ensure the domain exists
openstack.cloud.identity_domain:
auth_type: "{{ os_projects_auth_type }}"
auth: "{{ os_projects_admin_auth }}"
cacert: "{{ os_projects_cacert | default(omit) }}"
cloud: "{{ os_projects_cloud | default(omit) }}"
interface: "{{ os_projects_interface | default(omit, true) }}"
name: "{{ item.name }}"
description: "{{ item.description | default(omit) }}"
state: present
enabled: true
wait: true
with_items: "{{ os_projects_domains }}"
environment: "{{ os_projects_environment }}"

# Domains must be specified by UUID in API calls (with the exception of the
# default domain), so build a domain name -> UUID map that allows users to pass
# in domains by name. We might have the information already, but in case any
# domains weren't created by the previous task, let's just grab the whole lot.

# NOTE: We can't use the os_keystone_domain_facts module because ansible
# sanitises variables matching anything found in the auth parameter of os_*
# modules. This will include the name of the domain used to authenticate
# against. Use the openstack CLI directly instead.

- name: List OpenStack domains
ansible.builtin.shell: >
. {{ os_projects_venv }}/bin/activate &&
openstack
{% for auth_name, auth_value in os_projects_admin_auth.items() %}
--os-{{ auth_name | replace('_', '-') }}='{{ auth_value }}'
{% endfor %}
{% if os_projects_cacert is defined %}
--os-cacert='{{ os_projects_cacert }}'
{% endif %}
{% if os_projects_cloud is defined %}
--os-cloud='{{ os_projects_cloud }}'
{% endif %}
--os-interface={{ os_projects_interface | default('public', true) }}
domain list -f json -c Name -c ID
changed_when: false
environment: "{{ os_projects_environment }}"
register: domain_list
check_mode: false

- name: Initialise a fact mapping domain names to IDs
ansible.builtin.set_fact:
os_projects_domain_to_id: {}

- name: Update a fact mapping domain names to IDs
ansible.builtin.set_fact:
os_projects_domain_to_id: >
{{ os_projects_domain_to_id | combine({item.Name: item.ID}) }}
with_items: "{{ domain_list.stdout | from_json }}"
loop_control:
label: "{{ item.Name }}"

- name: Fail if the project's domain was not found
ansible.builtin.fail:
msg: >
OpenStack domain {{ item.project_domain }} for project {{ item.name }}
was not found.
when:
- item.project_domain not in os_projects_domain_to_id
- item.project_domain not in os_projects_domain_to_id.values()
with_items: "{{ os_projects }}"
loop_control:
label: "{{ item.name }}"

- name: Fail if the project's user domain was not found
ansible.builtin.fail:
msg: >
OpenStack domain {{ item.user_domain }} for project {{ item.name }}
was not found.
when:
- item.user_domain is defined
- item.user_domain not in os_projects_domain_to_id
- item.user_domain not in os_projects_domain_to_id.values()
with_items: "{{ os_projects }}"
loop_control:
label: "{{ item.name }}"

- name: Ensure the project exists
openstack.cloud.project:
auth_type: "{{ os_projects_auth_type }}"
auth: "{{ os_projects_admin_auth }}"
cacert: "{{ os_projects_cacert | default(omit) }}"
cloud: "{{ os_projects_cloud | default(omit) }}"
interface: "{{ os_projects_interface | default(omit, true) }}"
name: "{{ item.name }}"
description: "{{ item.description }}"
domain_id: "{{ domain_is_id | ternary(item.project_domain, os_projects_domain_to_id[item.project_domain]) }}"
state: present
enabled: true
wait: true
with_items: "{{ os_projects }}"
environment: "{{ os_projects_environment }}"
vars:
domain_is_id: "{{ item.project_domain in os_projects_domain_to_id.values() }}"
loop_control:
label: "{{ item.name }}"

- name: Ensure the role exists
openstack.cloud.identity_role:
auth_type: "{{ os_projects_auth_type }}"
auth: "{{ os_projects_admin_auth }}"
cacert: "{{ os_projects_cacert | default(omit) }}"
cloud: "{{ os_projects_cloud | default(omit) }}"
interface: "{{ os_projects_interface | default(omit, true) }}"
name: "{{ item }}"
with_items: "{{ all_roles }}"
environment: "{{ os_projects_environment }}"
vars:
users: >
{{ os_projects |
selectattr('users', 'defined') |
map(attribute='users') |
sum(start=[]) |
list }}
project_roles: >
{{ users |
selectattr('roles', 'defined') |
map(attribute='roles') |
sum(start=[]) |
unique |
list }}
domain_roles: >
{{ users |
selectattr('domain_roles', 'defined') |
map(attribute='domain_roles') |
sum(start=[]) |
unique |
list }}
all_roles: "{{ project_roles + domain_roles }}"

- name: Include users.yml
ansible.builtin.include_tasks: users.yml
with_items: "{{ os_projects }}"
when: project.users is defined
loop_control:
loop_var: project

- name: Ensure SSH keypairs are registered
openstack.cloud.keypair:
auth_type: "{{ os_projects_auth_type }}"
auth: "{{ os_projects_admin_auth | combine(os_projects_user_auth_overrides) }}"
cacert: "{{ os_projects_cacert | default(omit) }}"
cloud: "{{ os_projects_cloud | default(omit) }}"
interface: "{{ os_projects_interface | default(omit, true) }}"
name: "{{ item.1.name }}"
public_key_file: "{{ item.1.public_key_file | default(omit) }}"
public_key: "{{ item.1.public_key | default(omit) }}"
state: present
with_subelements:
- "{{ os_projects }}"
- keypairs
- skip_missing: true
environment: "{{ os_projects_environment }}"
- name: Import projects.yml
ansible.builtin.import_tasks: projects.yml
vars:
# Authentication option overrides for non-admin user as used by os_*
# modules' 'auth' argument.
os_projects_user_auth_overrides:
project_domain_name: "{{ item.0.project_domain }}"
user_domain_name: "{{ item.0.user_domain }}"
project_name: "{{ item.0.name }}"
username: "{{ item.0.users[0].name }}"
password: "{{ item.0.users[0].password }}"
loop_control:
label:
project: "{{ item.0.name }}"
keypair: "{{ item.1.name }}"

- name: Ensure quotas are set
openstack.cloud.quota:
auth_type: "{{ os_projects_auth_type }}"
auth: "{{ os_projects_admin_auth }}"
cacert: "{{ os_projects_cacert | default(omit) }}"
cloud: "{{ os_projects_cloud | default(omit) }}"
interface: "{{ os_projects_interface | default(omit, true) }}"
name: "{{ item.name }}"
state: present
# Quotas:
backup_gigabytes: "{{ quotas.backup_gigabytes | default(omit) }}"
backups: "{{ quotas.backups | default(omit) }}"
cores: "{{ quotas.cores | default(omit) }}"
fixed_ips: "{{ quotas.fixed_ips | default(omit) }}"
floating_ips: "{{ quotas.floating_ips | default(omit) }}"
floatingip: "{{ quotas.floatingip | default(omit) }}"
gigabytes: "{{ quotas.gigabytes | default(omit) }}"
gigabytes_lvm: "{{ quotas.gigabytes_lvm | default(omit) }}"
injected_file_size: "{{ quotas.injected_file_size | default(omit) }}"
injected_files: "{{ quotas.injected_files | default(omit) }}"
injected_path_size: "{{ quotas.injected_path_size | default(omit) }}"
instances: "{{ quotas.instances | default(omit) }}"
key_pairs: "{{ quotas.key_pairs | default(omit) }}"
loadbalancer: "{{ quotas.loadbalancer | default(omit) }}"
network: "{{ quotas.network | default(omit) }}"
per_volume_gigabytes: "{{ quotas.per_volume_gigabytes | default(omit) }}"
pool: "{{ quotas.pool | default(omit) }}"
port: "{{ quotas.port | default(omit) }}"
properties: "{{ quotas.properties | default(omit) }}"
ram: "{{ quotas.ram | default(omit) }}"
rbac_policy: "{{ quotas.rbac_policy | default(omit) }}"
router: "{{ quotas.router | default(omit) }}"
security_group: "{{ quotas.security_group | default(omit) }}"
security_group_rule: "{{ quotas.security_group_rule | default(omit) }}"
server_group_members: "{{ quotas.server_group_members | default(omit) }}"
server_groups: "{{ quotas.server_groups | default(omit) }}"
snapshots: "{{ quotas.snapshots | default(omit) }}"
snapshots_lvm: "{{ quotas.snapshots_lvm | default(omit) }}"
subnet: "{{ quotas.subnet | default(omit) }}"
subnetpool: "{{ quotas.subnetpool | default(omit) }}"
volumes: "{{ quotas.volumes | default(omit) }}"
volumes_lvm: "{{ quotas.volumes_lvm | default(omit) }}"
when:
- item.quotas is defined
with_items: "{{ os_projects }}"
environment: "{{ os_projects_environment }}"
vars:
quotas: "{{ item.quotas }}"
loop_control:
label: "{{ item.name }}"

# This variable is unset before we set it, and it does not appear to be
# possible to unset a variable in Ansible.
- name: Set a fact to reset the Ansible python interpreter
ansible.builtin.set_fact:
ansible_python_interpreter: "{{ old_ansible_python_interpreter }}"
when: os_projects_venv != None

- name: Ensure openrc environment file exists
ansible.builtin.template:
src: openrc.j2
dest: "{{ item.1.openrc_file }}"
mode: "0600"
with_subelements:
- "{{ os_projects }}"
- users
- skip_missing: true
when: item.1.openrc_file is defined
loop_control:
label:
project: "{{ item.0.name }}"
user: "{{ item.1.name }}"
delegate_to: localhost
ansible_python_interpreter: "{{ os_projects_venv ~ '/bin/python' if os_projects_venv != None else old_ansible_python_interpreter }}"
Loading

0 comments on commit fab9b06

Please sign in to comment.