Support policy.yaml file [part 3]

- Heat
- Ironic
- Magum
- Manila
- Mistral

This will copy only yaml or json policy file if they exist.

Change-Id: I1ab71e2758dc99dd6654d433ece79600f0c44ce8
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>

ansible/roles/heat/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ heat_services[service_name] }}"
     config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     heat_api_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or heat_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or heat_api_container.changed | bool
 
 - name: Restart heat-api-cfn container
@@ -28,7 +28,7 @@
     service: "{{ heat_services[service_name] }}"
     config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     heat_api_cfn_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or heat_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or heat_api_cfn_container.changed | bool
 
 - name: Restart heat-engine container
@@ -51,7 +51,7 @@
     service: "{{ heat_services[service_name] }}"
     config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     heat_engine_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -65,5 +65,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or heat_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or heat_engine_container.changed | bool

ansible/roles/heat/tasks/config.yml

@@ -13,6 +13,23 @@
     - item.value.enabled | bool
   with_dict: "{{ heat_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: heat_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/heat/"
+      skip: true
+
+- name: Set heat policy file
+  set_fact:
+    heat_policy_file: "{{ heat_policy.results.0.stat.path | basename }}"
+    heat_policy_file_path: "{{ heat_policy.results.0.stat.path }}"
+  when:
+    - heat_policy.results
+
 - name: Copying over config.json files for services
   become: true
   template:
@@ -61,20 +78,15 @@
     - Restart heat-api-cfn container
     - Restart heat-engine container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/heat/policy.json"
-  run_once: True
-  register: heat_policy
-
-- name: Copying over existing policy.json
   become: true
   template:
-    src: "{{ node_custom_config }}/heat/policy.json"
+    src: "{{ heat_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ heat_policy_file }}"
     mode: "0660"
-  register: heat_policy_jsons
+  register: heat_policy_overwriting
   when:
-    - heat_policy.stat.exists
+    - heat_policy_file is defined
     - inventory_hostname in groups[item.value.group]
   with_dict: "{{ heat_services }}"
   notify:

ansible/roles/heat/templates/heat-api-cfn.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/heat/heat.conf",
             "owner": "heat",
             "perm": "0600"
-        },
+        }{% if heat_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ heat_policy_file }}",
-            "dest": "/etc/heat/policy.json",
+            "dest": "/etc/heat/{{ heat_policy_file }}",
             "owner": "heat",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/heat/templates/heat-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/heat/heat.conf",
             "owner": "heat",
             "perm": "0600"
-        },
+        }{% if heat_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ heat_policy_file }}",
-            "dest": "/etc/heat/policy.json",
+            "dest": "/etc/heat/{{ heat_policy_file }}",
             "owner": "heat",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/heat/templates/heat-engine.json.j2

@@ -12,14 +12,13 @@
             "dest": "/etc/heat/environment.d/_deprecated.yaml",
             "owner": "heat",
             "perm": "0600"
-        },
+        }{% if heat_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ heat_policy_file }}",
-            "dest": "/etc/heat/policy.json",
+            "dest": "/etc/heat/{{ heat_policy_file }}",
             "owner": "heat",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/heat/templates/heat.conf.j2

@@ -84,6 +84,11 @@ topics = 'notifications'
 driver = noop
 {% endif %}
 
+{% if heat_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ heat_policy_file }}
+{% endif %}
+
 [clients]
 endpoint_type = internalURL
 

ansible/roles/ironic/tasks/config.yml

@@ -11,6 +11,23 @@
     - "ironic-pxe"
     - "ironic-dnsmasq"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: ironic_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/ironic/"
+      skip: true
+
+- name: Set ironic policy file
+  set_fact:
+    ironic_policy_file: "{{ ironic_policy.results.0.stat.path | basename }}"
+    ironic_policy_file_path: "{{ ironic_policy.results.0.stat.path }}"
+  when:
+    - ironic_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item }}.json.j2"
@@ -99,19 +116,14 @@
     - inventory_hostname in groups['ironic-pxe']
     - not enable_ironic_pxe_uefi
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/ironic/policy.json"
-  run_once: True
-  register: ironic_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/ironic/policy.json"
+    src: "{{ ironic_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item }}/{{ ironic_policy_file }}"
   with_items:
     - "ironic-api"
     - "ironic-conductor"
     - "ironic-inspector"
     - "ironic-pxe"
   when:
-    ironic_policy.stat.exists
+    ironic_policy_file is defined

ansible/roles/ironic/templates/ironic-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/ironic/ironic.conf",
             "owner": "ironic",
             "perm": "0600"
-        },
+        }{% if ironic_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
-            "dest": "/etc/ironic/policy.json",
+            "dest": "/etc/ironic/{{ ironic_policy_file }}",
             "owner": "ironic",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/ironic/templates/ironic-conductor.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/ironic/ironic.conf",
             "owner": "ironic",
             "perm": "0600"
-        },
+        }{% if ironic_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
-            "dest": "/etc/ironic/policy.json",
+            "dest": "/etc/ironic/{{ ironic_policy_file }}",
             "owner": "ironic",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/ironic/templates/ironic-inspector.conf.j2

@@ -29,6 +29,11 @@ memcache_security_strategy = ENCRYPT
 memcache_secret_key = {{ memcache_secret_key }}
 memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
 
+{% if ironic_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ ironic_policy_file }}
+{% endif %}
+
 [firewall]
 dnsmasq_interface = {{ ironic_dnsmasq_interface }}
 

ansible/roles/ironic/templates/ironic-inspector.json.j2

@@ -6,13 +6,12 @@
             "dest": "/etc/ironic-inspector/inspector.conf",
             "owner": "ironic-inspector",
             "perm": "0600"
-        },
+        }{% if ironic_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
-            "dest": "/etc/ironic-inspector/policy.json",
+            "dest": "/etc/ironic/{{ ironic_policy_file }}",
-            "owner": "ironic-inspector",
+            "owner": "ironic",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ]
 }

ansible/roles/ironic/templates/ironic.conf.j2

@@ -20,6 +20,11 @@ transport_url = {{ rpc_transport_url }}
 [oslo_messaging_notifications]
 transport_url = {{ notify_transport_url }}
 
+{% if ironic_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ ironic_policy_file }}
+{% endif %}
+
 {% if service_name == 'ironic-api' %}
 [api]
 host_ip = {{ api_interface_address }}

ansible/roles/magnum/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ magnum_services[service_name] }}"
     config_json: "{{ magnum_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     magnum_conf: "{{ magnum_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ magnum_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ magnum_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     magnum_api_container: "{{ check_magnum_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -20,7 +20,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or magnum_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or magnum_api_container.changed | bool
 
 - name: Restart magnum-conductor container
@@ -29,7 +29,7 @@
     service: "{{ magnum_services[service_name] }}"
     config_json: "{{ magnum_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     magnum_conf: "{{ magnum_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ magnum_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ magnum_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     magnum_conductor_container: "{{ check_magnum_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -44,5 +44,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or magnum_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or magnum_conductor_container.changed | bool

ansible/roles/magnum/tasks/config.yml

@@ -9,6 +9,23 @@
     - item.value.enabled | bool
   with_dict: "{{ magnum_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: magnum_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/magnum/"
+      skip: true
+
+- name: Set magnum policy file
+  set_fact:
+    magnum_policy_file: "{{ magnum_policy.results.0.stat.path | basename }}"
+    magnum_policy_file_path: "{{ magnum_policy.results.0.stat.path }}"
+  when:
+    - magnum_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -42,18 +59,13 @@
     - Restart magnum-api container
     - Restart magnum-conductor container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/magnum/policy.json"
-  run_once: True
-  register: magnum_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/magnum/policy.json"
+    src: "{{ magnum_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ magnum_policy_file }}"
-  register: magnum_policy_jsons
+  register: magnum_policy_overwriting
   when:
-    - magnum_policy.stat.exists
+    - magnum_policy_file is defined
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool
   with_dict: "{{ magnum_services }}"

ansible/roles/magnum/templates/magnum-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/magnum/magnum.conf",
             "owner": "magnum",
             "perm": "0600"
-        },
+        }{% if magnum_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ magnum_policy_file }}",
-            "dest": "/etc/magnum/policy.json",
+            "dest": "/etc/magnum/{{ magnum_policy_file }}",
             "owner": "magnum",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/magnum/templates/magnum-conductor.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/magnum/magnum.conf",
             "owner": "magnum",
             "perm": "0600"
-        },
+        }{% if magnum_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ magnum_policy_file }}",
-            "dest": "/etc/magnum/policy.json",
+            "dest": "/etc/magnum/{{ magnum_policy_file }}",
             "owner": "magnum",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/magnum/templates/magnum.conf.j2

@@ -93,6 +93,11 @@ topics = 'notifications'
 driver = noop
 {% endif %}
 
+{% if magnum_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ magnum_policy_file }}
+{% endif %}
+
 {% if enable_osprofiler | bool %}
 [profiler]
 enabled = true

ansible/roles/manila/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ manila_services[service_name] }}"
     config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     manila_api_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or manila_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or manila_api_container.changed | bool
 
 - name: Restart manila-data container
@@ -28,7 +28,7 @@
     service: "{{ manila_services[service_name] }}"
     config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     manila_data_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -43,7 +43,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or manila_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or manila_data_container.changed | bool
 
 - name: Restart manila-scheduler container
@@ -52,7 +52,7 @@
     service: "{{ manila_services[service_name] }}"
     config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     manila_scheduler_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -66,7 +66,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or manila_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or manila_scheduler_container.changed | bool
 
 - name: Restart manila-share container
@@ -74,7 +74,7 @@
     service_name: "manila-share"
     service: "{{ manila_services[service_name] }}"
     config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     manila_share_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -89,5 +89,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or manila_conf_share.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or manila_share_container.changed | bool

ansible/roles/manila/tasks/config.yml

@@ -9,6 +9,23 @@
     - item.value.enabled | bool
   with_dict: "{{ manila_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: manila_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/manila/"
+      skip: true
+
+- name: Set manila policy file
+  set_fact:
+    manila_policy_file: "{{ manila_policy.results.0.stat.path | basename }}"
+    manila_policy_file_path: "{{ manila_policy.results.0.stat.path }}"
+  when:
+    - manila_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -66,18 +83,13 @@
   notify:
     - Restart manila-share container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/manila/policy.json"
-  run_once: True
-  register: manila_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/manila/policy.json"
+    src: "{{ manila_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ manila_policy_file }}"
-  register: policy_jsons
+  register: manila_policy_overwriting
   when:
-    - manila_policy.stat.exists
+    - manila_policy_file is defined
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool
   with_dict: "{{ manila_services }}"

ansible/roles/manila/templates/manila-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/manila/manila.conf",
             "owner": "manila",
             "perm": "0600"
-        },
+        }{% if manila_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
-            "dest": "/etc/manila/policy.json",
+            "dest": "/etc/manila/{{ manila_policy_file }}",
             "owner": "manila",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/manila/templates/manila-data.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/manila/manila.conf",
             "owner": "manila",
             "perm": "0600"
-        },
+        }{% if manila_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
-            "dest": "/etc/manila/policy.json",
+            "dest": "/etc/manila/{{ manila_policy_file }}",
             "owner": "manila",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/manila/templates/manila-scheduler.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/manila/manila.conf",
             "owner": "manila",
             "perm": "0600"
-        },
+        }{% if manila_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
-            "dest": "/etc/manila/policy.json",
+            "dest": "/etc/manila/{{ manila_policy_file }}",
             "owner": "manila",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/manila/templates/manila-share.conf.j2

@@ -72,6 +72,11 @@ service_image_name = manila-service-image
 share_backend_name = GENERIC
 {% endif %}
 
+{% if manila_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ manila_policy_file }}
+{% endif %}
+
 {% if enable_manila_backend_hnas | bool %}
 [hnas1]
 share_backend_name = HNAS1

ansible/roles/manila/templates/manila-share.json.j2

@@ -12,14 +12,13 @@
             "dest": "/etc/ceph/",
             "owner": "manila",
             "perm": "0600"
-        }{% endif %},
+        }{% endif %}{% if manila_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
-            "dest": "/etc/manila/policy.json",
+            "dest": "/etc/manila/{{ manila_policy_file }}",
             "owner": "manila",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/manila/templates/manila.conf.j2

@@ -44,3 +44,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 
 [oslo_messaging_notifications]
 transport_url = {{ notify_transport_url }}
+
+{% if manila_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ manila_policy_file }}
+{% endif %}

ansible/roles/mistral/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ mistral_services[service_name] }}"
     config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     mistral_api_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or mistral_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or mistral_api_container.changed | bool
 
 - name: Restart mistral-engine container
@@ -28,7 +28,7 @@
     service: "{{ mistral_services[service_name] }}"
     config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     mistral_engine_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or mistral_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or mistral_engine_container.changed | bool
 
 - name: Restart mistral-executor container
@@ -51,7 +51,7 @@
     service: "{{ mistral_services[service_name] }}"
     config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     mistral_executor_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -65,5 +65,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or mistral_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or mistral_executor_container.changed | bool

ansible/roles/mistral/tasks/config.yml

@@ -7,6 +7,23 @@
   when: inventory_hostname in groups[item.value.group]
   with_dict: "{{ mistral_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: mistral_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/mistral/"
+      skip: true
+
+- name: Set mistral policy file
+  set_fact:
+    mistral_policy_file: "{{ mistral_policy.results.0.stat.path | basename }}"
+    mistral_policy_file_path: "{{ mistral_policy.results.0.stat.path }}"
+  when:
+    - mistral_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -38,18 +55,15 @@
   notify:
     - Restart {{ item.key }} container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/mistral/policy.json"
-  run_once: True
-  register: mistral_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/mistral/policy.json"
+    src: "{{ mistral_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ mistral_policy_file }}"
-  register: mistral_policy_jsons
+    mode: "0660"
+  become: true
+  register: mistral_policy_overwriting
   when:
-    - mistral_policy.stat.exists
+    - mistral_policy_file is defined
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool
   with_dict: "{{ mistral_services }}"

ansible/roles/mistral/templates/mistral-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/mistral/mistral.conf",
             "owner": "mistral",
             "perm": "0600"
-        },
+        }{% if mistral_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ mistral_policy_file }}",
-            "dest": "/etc/mistral/policy.json",
+            "dest": "/etc/mistral/{{ mistral_policy_file }}",
             "owner": "mistral",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/mistral/templates/mistral-engine.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/mistral/mistral.conf",
             "owner": "mistral",
             "perm": "0600"
-        },
+        }{% if mistral_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ mistral_policy_file }}",
-            "dest": "/etc/mistral/policy.json",
+            "dest": "/etc/mistral/{{ mistral_policy_file }}",
             "owner": "mistral",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/mistral/templates/mistral-executor.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/mistral/mistral.conf",
             "owner": "mistral",
             "perm": "0600"
-        },
+        }{% if mistral_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ mistral_policy_file }}",
-            "dest": "/etc/mistral/policy.json",
+            "dest": "/etc/mistral/{{ mistral_policy_file }}",
             "owner": "mistral",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/mistral/templates/mistral.conf.j2

@@ -57,6 +57,11 @@ default_region = {{ openstack_region_name }}
 transport_url = {{ notify_transport_url }}
 driver = noop
 
+{% if mistral_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ mistral_policy_file }}
+{% endif %}
+
 {% if enable_osprofiler | bool %}
 [profiler]
 enabled = true