From 4f8eb892c73d488d9cd853ea4fbd3cf5ff959dae Mon Sep 17 00:00:00 2001 From: Dai Dang Van Date: Mon, 8 Jan 2018 16:51:41 +0700 Subject: [PATCH] Support policy.yaml file [part 5] - Freezer - Gnocchi - Kuryr - Murano - Panko This will copy only yaml or json policy file if they exist. Change-Id: I5450839cb06c515f2be445883421f8f987ca834d Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang --- ansible/roles/freezer/handlers/main.yml | 4 +-- ansible/roles/freezer/tasks/config.yml | 32 +++++++++++++------ .../freezer/templates/freezer-api.conf.j2 | 5 +++ .../freezer/templates/freezer-api.json.j2 | 11 +++---- ansible/roles/kuryr/handlers/main.yml | 4 +-- ansible/roles/kuryr/tasks/config.yml | 32 +++++++++++++------ ansible/roles/kuryr/templates/kuryr.conf.j2 | 5 +++ ansible/roles/kuryr/templates/kuryr.json.j2 | 11 +++---- ansible/roles/murano/tasks/config.yml | 31 ++++++++++++------ .../roles/murano/templates/murano-api.json.j2 | 11 +++---- .../murano/templates/murano-engine.json.j2 | 11 +++---- ansible/roles/murano/templates/murano.conf.j2 | 5 +++ ansible/roles/panko/handlers/main.yml | 4 +-- ansible/roles/panko/tasks/config.yml | 32 +++++++++++++------ .../roles/panko/templates/panko-api.json.j2 | 11 +++---- ansible/roles/panko/templates/panko.conf.j2 | 5 +++ 16 files changed, 139 insertions(+), 75 deletions(-) diff --git a/ansible/roles/freezer/handlers/main.yml b/ansible/roles/freezer/handlers/main.yml index 77bd202379..e5c7ac507f 100644 --- a/ansible/roles/freezer/handlers/main.yml +++ b/ansible/roles/freezer/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ freezer_services[service_name] }}" config_json: "{{ freezer_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" freezer_conf: "{{ freezer_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ freezer_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ freezer_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" freezer_api_container: "{{ check_freezer_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -20,5 +20,5 @@ - config_json.changed | bool or wsgi_freezer_api.changed | bool or freezer_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or freezer_api_container.changed | bool diff --git a/ansible/roles/freezer/tasks/config.yml b/ansible/roles/freezer/tasks/config.yml index 832bdd18cb..211aeed518 100644 --- a/ansible/roles/freezer/tasks/config.yml +++ b/ansible/roles/freezer/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ freezer_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: freezer_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/freezer/" + skip: true + +- name: Set freezer policy file + set_fact: + freezer_policy_file: "{{ freezer_policy.results.0.stat.path | basename }}" + freezer_policy_file_path: "{{ freezer_policy.results.0.stat.path }}" + when: + - freezer_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -52,18 +69,13 @@ notify: - Restart freezer-api container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_config_directory }}/freezer/policy.json" - run_once: True - register: freezer_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/freezer/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: freezer_policy_jsons + src: "{{ freezer_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ freezer_policy_file }}" + register: freezer_policy_overwriting when: - - freezer_policy.stat.exists + - freezer_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ freezer_services }}" diff --git a/ansible/roles/freezer/templates/freezer-api.conf.j2 b/ansible/roles/freezer/templates/freezer-api.conf.j2 index d20cccdba8..eb4c59562e 100644 --- a/ansible/roles/freezer/templates/freezer-api.conf.j2 +++ b/ansible/roles/freezer/templates/freezer-api.conf.j2 @@ -22,6 +22,11 @@ memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} +{% if freezer_policy_file is defined %} +[oslo_policy] +policy_file = {{ freezer_policy_file }} +{% endif %} + [paste_deploy] config_file = /etc/freezer/freezer-paste.ini diff --git a/ansible/roles/freezer/templates/freezer-api.json.j2 b/ansible/roles/freezer/templates/freezer-api.json.j2 index 2e65910b74..afc8fa913d 100644 --- a/ansible/roles/freezer/templates/freezer-api.json.j2 +++ b/ansible/roles/freezer/templates/freezer-api.json.j2 @@ -14,14 +14,13 @@ "dest": "/etc/{{ apache_dir }}/wsgi-freezer.conf", "owner": "freezer", "perm": "0600" - }, + }{% if freezer_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/freezer/policy.json", + "source": "{{ container_config_directory }}/{{ freezer_policy_file }}", + "dest": "/etc/freezer/{{ freezer_policy_file }}", "owner": "freezer", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/kuryr/handlers/main.yml b/ansible/roles/kuryr/handlers/main.yml index df37073aaa..b7710994dc 100644 --- a/ansible/roles/kuryr/handlers/main.yml +++ b/ansible/roles/kuryr/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ kuryr_services[service_name] }}" config_json: "{{ kuryr_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" kuryr_conf: "{{ kuryr_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ kuryr_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ kuryr_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" kuryr_container: "{{ check_kuryr_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -22,5 +22,5 @@ - config_json.changed | bool or kuryr_conf.changed | bool or kuryr_spec.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or kuryr_container.changed | bool diff --git a/ansible/roles/kuryr/tasks/config.yml b/ansible/roles/kuryr/tasks/config.yml index dd596b3724..86cdd4a3b3 100644 --- a/ansible/roles/kuryr/tasks/config.yml +++ b/ansible/roles/kuryr/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ kuryr_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: kuryr_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/kuryr/" + skip: true + +- name: Set kuryr policy file + set_fact: + kuryr_policy_file: "{{ kuryr_policy.results.0.stat.path | basename }}" + kuryr_policy_file_path: "{{ kuryr_policy.results.0.stat.path }}" + when: + - kuryr_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -55,18 +72,13 @@ notify: - Restart kuryr container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/kuryr/policy.json" - run_once: True - register: kuryr_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/kuryr/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: kuryr_policy_jsons + src: "{{ kuryr_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ kuryr_policy_file }}" + register: kuryr_policy_overwriting when: - - kuryr_policy.stat.exists + - kuryr_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ kuryr_services }}" diff --git a/ansible/roles/kuryr/templates/kuryr.conf.j2 b/ansible/roles/kuryr/templates/kuryr.conf.j2 index bc996f498f..caa61963ea 100644 --- a/ansible/roles/kuryr/templates/kuryr.conf.j2 +++ b/ansible/roles/kuryr/templates/kuryr.conf.j2 @@ -20,3 +20,8 @@ project_domain_id = {{ default_project_domain_id }} user_domain_id = {{ default_user_domain_id }} password = {{ kuryr_keystone_password }} username = {{ kuryr_keystone_user }} + +{% if kuryr_policy_file is defined %} +[oslo_policy] +policy_file = {{ kuryr_policy_file }} +{% endif %} diff --git a/ansible/roles/kuryr/templates/kuryr.json.j2 b/ansible/roles/kuryr/templates/kuryr.json.j2 index 5a8d709266..bff4724a64 100644 --- a/ansible/roles/kuryr/templates/kuryr.json.j2 +++ b/ansible/roles/kuryr/templates/kuryr.json.j2 @@ -12,14 +12,13 @@ "dest": "/usr/lib/docker/plugins/kuryr/kuryr.spec", "owner": "root", "perm": "0600" - }, + }{% if kuryr_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/kuryr/policy.json", + "source": "{{ container_config_directory }}/{{ kuryr_policy_file }}", + "dest": "/etc/kuryr/{{ kuryr_policy_file }}", "owner": "kuryr", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/murano/tasks/config.yml b/ansible/roles/murano/tasks/config.yml index c1e2a76240..91db61fd33 100644 --- a/ansible/roles/murano/tasks/config.yml +++ b/ansible/roles/murano/tasks/config.yml @@ -8,6 +8,23 @@ - "murano-api" - "murano-engine" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: murano_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/murano/" + skip: true + +- name: Set murano policy file + set_fact: + murano_policy_file: "{{ murano_policy.results.0.stat.path | basename }}" + murano_policy_file_path: "{{ murano_policy.results.0.stat.path }}" + when: + - murano_policy.results + - name: Copying over config.json files for services template: src: "{{ item }}.json.j2" @@ -31,17 +48,13 @@ - "murano-api" - "murano-engine" -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/murano/policy.json" - run_once: True - register: murano_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/murano/policy.json" - dest: "{{ node_config_directory }}/{{ item }}/policy.json" + src: "{{ murano_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ murano_policy_file }}" + register: murano_policy_overwriting with_items: - "murano-api" - "murano-engine" when: - murano_policy.stat.exists + murano_policy_file is defined diff --git a/ansible/roles/murano/templates/murano-api.json.j2 b/ansible/roles/murano/templates/murano-api.json.j2 index b1a9f59c6a..6b30be2fc7 100644 --- a/ansible/roles/murano/templates/murano-api.json.j2 +++ b/ansible/roles/murano/templates/murano-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/murano/murano.conf", "owner": "murano", "perm": "0600" - }, + }{% if murano_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/murano/policy.json", + "source": "{{ container_config_directory }}/{{ murano_policy_file }}", + "dest": "/etc/murano/{{ murano_policy_file }}", "owner": "murano", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/murano/templates/murano-engine.json.j2 b/ansible/roles/murano/templates/murano-engine.json.j2 index dd25aea65f..a42329e002 100644 --- a/ansible/roles/murano/templates/murano-engine.json.j2 +++ b/ansible/roles/murano/templates/murano-engine.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/murano/murano.conf", "owner": "murano", "perm": "0600" - }, + }{% if murano_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/murano/policy.json", + "source": "{{ container_config_directory }}/{{ murano_policy_file }}", + "dest": "/etc/murano/{{ murano_policy_file }}", "owner": "murano", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/murano/templates/murano.conf.j2 b/ansible/roles/murano/templates/murano.conf.j2 index 8b5435a979..6e3c4441e3 100644 --- a/ansible/roles/murano/templates/murano.conf.j2 +++ b/ansible/roles/murano/templates/murano.conf.j2 @@ -41,6 +41,11 @@ api_workers = {{ openstack_service_workers }} transport_url = {{ notify_transport_url }} driver = messagingv2 +{% if murano_policy_file is defined %} +[oslo_policy] +policy_file = {{ murano_policy_file }} +{% endif %} + {% if service_name == 'murano-engine' %} [rabbitmq] host = {{ kolla_external_fqdn }} diff --git a/ansible/roles/panko/handlers/main.yml b/ansible/roles/panko/handlers/main.yml index 90c323ba61..2a19666ec8 100644 --- a/ansible/roles/panko/handlers/main.yml +++ b/ansible/roles/panko/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ panko_services[service_name] }}" config_json: "{{ panko_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" panko_conf: "{{ panko_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ panko_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ panko_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" panko_api_container: "{{ check_panko_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -20,5 +20,5 @@ - config_json.changed | bool or panko_conf.changed | bool or panko_wsgi.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or panko_api_container.changed | bool diff --git a/ansible/roles/panko/tasks/config.yml b/ansible/roles/panko/tasks/config.yml index 6cfca51f63..e57430fe22 100644 --- a/ansible/roles/panko/tasks/config.yml +++ b/ansible/roles/panko/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ panko_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: panko_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/panko/" + skip: true + +- name: Set panko policy file + set_fact: + panko_policy_file: "{{ panko_policy.results.0.stat.path | basename }}" + panko_policy_file_path: "{{ panko_policy.results.0.stat.path }}" + when: + - panko_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -53,18 +70,13 @@ notify: - Restart panko-api container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/panko/policy.json" - run_once: True - register: panko_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/panko/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: panko_policy_jsons + src: "{{ panko_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ panko_policy_file }}" + register: panko_policy_overwriting when: - - panko_policy.stat.exists + - panko_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ panko_services }}" diff --git a/ansible/roles/panko/templates/panko-api.json.j2 b/ansible/roles/panko/templates/panko-api.json.j2 index 9331ca2083..d286eb5212 100644 --- a/ansible/roles/panko/templates/panko-api.json.j2 +++ b/ansible/roles/panko/templates/panko-api.json.j2 @@ -8,14 +8,13 @@ "dest": "/etc/panko/panko.conf", "owner": "panko", "perm": "0600" - }, + }{% if panko_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/panko/policy.json", + "source": "{{ container_config_directory }}/{{ panko_policy_file }}", + "dest": "/etc/panko/{{ panko_policy_file }}", "owner": "panko", - "perm": "0600", - "optional": true - }, + "perm": "0600" + }{% endif %}, { "source": "{{ container_config_directory }}/wsgi-panko.conf", "dest": "/etc/{{ panko_dir }}/wsgi-panko.conf", diff --git a/ansible/roles/panko/templates/panko.conf.j2 b/ansible/roles/panko/templates/panko.conf.j2 index 56a315cb3d..0dc96369ea 100644 --- a/ansible/roles/panko/templates/panko.conf.j2 +++ b/ansible/roles/panko/templates/panko.conf.j2 @@ -30,3 +30,8 @@ auth_type = password memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} + +{% if panko_policy_file is defined %} +[oslo_policy] +policy_file = {{ panko_policy_file }} +{% endif %}