From 22bf7997b96359e424494727362daa85cf8cb3ec Mon Sep 17 00:00:00 2001
From: Dai Dang Van <daikk115@gmail.com>
Date: Fri, 7 Sep 2018 22:21:59 +0700
Subject: [PATCH] Support Octavia custom policy

Change-Id: I542b06be75991412f8e2a931ea2e40f0a0c317e4
Closes-Bug: #1758903
---
 ansible/roles/octavia/handlers/main.yml       |  8 +++++
 ansible/roles/octavia/tasks/config.yml        | 32 +++++++++++++++++++
 .../octavia/templates/octavia-api.json.j2     |  8 ++++-
 .../roles/octavia/templates/octavia.conf.j2   |  5 +++
 ...ctavia-custom-policy-6a55d8cd951ce639.yaml |  3 ++
 5 files changed, 55 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/add-octavia-custom-policy-6a55d8cd951ce639.yaml

diff --git a/ansible/roles/octavia/handlers/main.yml b/ansible/roles/octavia/handlers/main.yml
index 139f63bad6..44372f3506 100644
--- a/ansible/roles/octavia/handlers/main.yml
+++ b/ansible/roles/octavia/handlers/main.yml
@@ -5,6 +5,7 @@
     service: "{{ octavia_services[service_name] }}"
     config_json: "{{ octavia_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_conf: "{{ octavia_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ octavia_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_api_container: "{{ check_octavia_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   become: true
   kolla_docker:
@@ -20,6 +21,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or octavia_conf.changed | bool
+      or policy_overwriting.changed | bool
       or octavia_api_container.changed | bool
 
 - name: Restart octavia-health-manager container
@@ -28,6 +30,7 @@
     service: "{{ octavia_services[service_name] }}"
     config_json: "{{ octavia_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_conf: "{{ octavia_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ octavia_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_health_manager_container: "{{ check_octavia_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   become: true
   kolla_docker:
@@ -43,6 +46,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or octavia_conf.changed | bool
+      or policy_overwriting.changed | bool
       or octavia_health_manager_certificate.changed | bool
       or octavia_health_manager_container.changed | bool
 
@@ -52,6 +56,7 @@
     service: "{{ octavia_services[service_name] }}"
     config_json: "{{ octavia_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_conf: "{{ octavia_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ octavia_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_housekeeping_container: "{{ check_octavia_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   become: true
   kolla_docker:
@@ -67,6 +72,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or octavia_conf.changed | bool
+      or policy_overwriting.changed | bool
       or octavia_housekeeping_certificate.changed | bool
       or octavia_housekeeping_container.changed | bool
 
@@ -76,6 +82,7 @@
     service: "{{ octavia_services[service_name] }}"
     config_json: "{{ octavia_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_conf: "{{ octavia_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ octavia_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     octavia_worker_container: "{{ check_octavia_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   become: true
   kolla_docker:
@@ -91,5 +98,6 @@
     - service.enabled | bool
     - config_json.changed | bool
       or octavia_conf.changed | bool
+      or policy_overwriting.changed | bool
       or octavia_worker_certificate.changed | bool
       or octavia_worker_container.changed | bool
diff --git a/ansible/roles/octavia/tasks/config.yml b/ansible/roles/octavia/tasks/config.yml
index 435bf46eb5..e811c4aa09 100644
--- a/ansible/roles/octavia/tasks/config.yml
+++ b/ansible/roles/octavia/tasks/config.yml
@@ -12,6 +12,38 @@
     - item.value.enabled | bool
   with_dict: "{{ octavia_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: octavia_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/octavia/"
+      skip: true
+
+- name: Set octavia policy file
+  set_fact:
+    octavia_policy_file: "{{ octavia_policy.results.0.stat.path | basename }}"
+    octavia_policy_file_path: "{{ octavia_policy.results.0.stat.path }}"
+  when:
+    - octavia_policy.results
+
+- name: Copying over existing policy file
+  template:
+    src: "{{ octavia_policy_file_path }}"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ octavia_policy_file }}"
+    mode: "0660"
+  become: true
+  register: octavia_policy_overwriting
+  when:
+    - octavia_policy_file is defined
+    - inventory_hostname in groups[item.value.group]
+    - item.value.enabled | bool
+  with_dict: "{{ octavia_services }}"
+  notify:
+    - "Restart {{ item.key }} container"
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
diff --git a/ansible/roles/octavia/templates/octavia-api.json.j2 b/ansible/roles/octavia/templates/octavia-api.json.j2
index ede67a722b..0e315bebc8 100644
--- a/ansible/roles/octavia/templates/octavia-api.json.j2
+++ b/ansible/roles/octavia/templates/octavia-api.json.j2
@@ -6,6 +6,12 @@
             "dest": "/etc/octavia/octavia.conf",
             "owner": "octavia",
             "perm": "0600"
-        }
+        }{% if octavia_policy_file is defined %},
+        {
+            "source": "{{ container_config_directory }}/{{ octavia_policy_file }}",
+            "dest": "/etc/octavia/{{ octavia_policy_file }}",
+            "owner": "octavia",
+            "perm": "0600"
+        }{% endif %}
     ]
 }
diff --git a/ansible/roles/octavia/templates/octavia.conf.j2 b/ansible/roles/octavia/templates/octavia.conf.j2
index 468417a36a..da03227ada 100644
--- a/ansible/roles/octavia/templates/octavia.conf.j2
+++ b/ansible/roles/octavia/templates/octavia.conf.j2
@@ -74,3 +74,8 @@ rpc_thread_pool_size = 2
 
 [oslo_messaging_notifications]
 transport_url = {{ notify_transport_url }}
+
+{% if octavia_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ octavia_policy_file }}
+{% endif %}
diff --git a/releasenotes/notes/add-octavia-custom-policy-6a55d8cd951ce639.yaml b/releasenotes/notes/add-octavia-custom-policy-6a55d8cd951ce639.yaml
new file mode 100644
index 0000000000..67c2aef405
--- /dev/null
+++ b/releasenotes/notes/add-octavia-custom-policy-6a55d8cd951ce639.yaml
@@ -0,0 +1,3 @@
+---
+features:
+  - Add support Octavia custom policy.