Support policy.yaml file [part 8]
- Horizon This will copy only yaml or json policy file if they exist. Change-Id: Ib8875ca54dc9dc69abc8338413f7724d9d4ecc45 Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This commit is contained in:
parent
574c68b375
commit
6d49dbb48a
@ -12,6 +12,39 @@
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ horizon_services }}"
|
||||
|
||||
- set_fact:
|
||||
custom_policy: []
|
||||
|
||||
- include: policy_item.yml
|
||||
vars:
|
||||
project_name: "{{ item.name }}"
|
||||
when: item.enabled | bool
|
||||
with_items:
|
||||
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
|
||||
- { name: "cinder", enabled: "{{ enable_cinder }}" }
|
||||
- { name: "congress", enabled: "{{ enable_congress }}" }
|
||||
- { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
|
||||
- { name: "designate", enabled: "{{ enable_horizon_designate }}" }
|
||||
- { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
|
||||
- { name: "glance", enabled: "{{ enable_glance }}" }
|
||||
- { name: "heat", enabled: "{{ enable_heat }}" }
|
||||
- { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
|
||||
- { name: "keystone", enabled: "{{ enable_keystone }}" }
|
||||
- { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
|
||||
- { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
|
||||
- { name: "manila", enabled: "{{ enable_horizon_manila }}" }
|
||||
- { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
|
||||
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
|
||||
- { name: "neutron", enabled: "{{ enable_neutron }}" }
|
||||
- { name: "nova", enabled: "{{ enable_nova }}" }
|
||||
- { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
|
||||
- { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
|
||||
- { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
|
||||
- { name: "solum", enabled: "{{ enable_horizon_solum }}" }
|
||||
- { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
|
||||
- { name: "trove", enabled: "{{ enable_horizon_trove }}" }
|
||||
- { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
become: true
|
||||
vars:
|
||||
@ -65,51 +98,19 @@
|
||||
notify:
|
||||
- Restart horizon container
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_custom_config }}/horizon/{{ item.name }}_policy.json"
|
||||
run_once: True
|
||||
register: custom_policy
|
||||
when: item.enabled | bool
|
||||
with_items:
|
||||
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
|
||||
- { name: "cinder", enabled: "{{ enable_cinder }}" }
|
||||
- { name: "cloudkitty", enabled: "{{ enable_horizon_cloudkitty }}" }
|
||||
- { name: "designate", enabled: "{{ enable_horizon_designate }}" }
|
||||
- { name: "freezer", enabled: "{{ enable_horizon_freezer }}" }
|
||||
- { name: "glance", enabled: "{{ enable_glance }}" }
|
||||
- { name: "heat", enabled: "{{ enable_heat }}" }
|
||||
- { name: "ironic", enabled: "{{ enable_horizon_ironic }}" }
|
||||
- { name: "keystone", enabled: "{{ enable_keystone }}" }
|
||||
- { name: "karbor", enabled: "{{ enable_horizon_karbor }}" }
|
||||
- { name: "magnum", enabled: "{{ enable_horizon_magnum }}" }
|
||||
- { name: "manila", enabled: "{{ enable_horizon_manila }}" }
|
||||
- { name: "mistral", enabled: "{{ enable_horizon_mistral }}" }
|
||||
- { name: "murano", enabled: "{{ enable_horizon_murano }}" }
|
||||
- { name: "neutron", enabled: "{{ enable_neutron }}" }
|
||||
- { name: "nova", enabled: "{{ enable_nova }}" }
|
||||
- { name: "sahara", enabled: "{{ enable_horizon_sahara }}" }
|
||||
- { name: "searchlight", enabled: "{{ enable_horizon_searchlight }}" }
|
||||
- { name: "senlin", enabled: "{{ enable_horizon_senlin }}" }
|
||||
- { name: "solum", enabled: "{{ enable_horizon_solum }}" }
|
||||
- { name: "tacker", enabled: "{{ enable_horizon_tacker }}" }
|
||||
- { name: "trove", enabled: "{{ enable_horizon_trove }}" }
|
||||
- { name: "watcher", enabled: "{{ enable_horizon_watcher }}" }
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
become: true
|
||||
vars:
|
||||
horizon: "{{ horizon_services['horizon'] }}"
|
||||
template:
|
||||
src: "{{ node_custom_config }}/horizon/{{ item.item.name }}_policy.json"
|
||||
dest: "{{ node_config_directory }}/horizon/{{ item.item.name }}_policy.json"
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/horizon/{{ item | basename }}"
|
||||
mode: "0660"
|
||||
register: policy_jsons
|
||||
when:
|
||||
- horizon.enabled | bool
|
||||
- inventory_hostname in groups[horizon.group]
|
||||
- item.item.enabled | bool
|
||||
- item.stat.exists
|
||||
with_items: "{{ custom_policy.results }}"
|
||||
with_items: "{{ custom_policy }}"
|
||||
notify:
|
||||
- Restart horizon container
|
||||
|
||||
|
22
ansible/roles/horizon/tasks/policy_item.yml
Normal file
22
ansible/roles/horizon/tasks/policy_item.yml
Normal file
@ -0,0 +1,22 @@
|
||||
---
|
||||
|
||||
# Update policy file name
|
||||
- set_fact:
|
||||
supported_policy_files: "{{ supported_policy_format_list | map('regex_replace', '(.*)', '{{ project_name }}_\\1') | list }}"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ fullpath }}"
|
||||
run_once: True
|
||||
register: overwritten_files
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_files }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/horizon/"
|
||||
skip: true
|
||||
loop_control:
|
||||
loop_var: fullpath
|
||||
|
||||
- set_fact:
|
||||
custom_policy: "{{ custom_policy }} + [ '{{ overwritten_files.results.0.stat.path }}' ]"
|
||||
when:
|
||||
- overwritten_files.results
|
@ -36,13 +36,12 @@
|
||||
"owner": "horizon",
|
||||
"perm": "0600"
|
||||
},
|
||||
{% for service, enabled in services if enabled | bool %}
|
||||
{% for path in custom_policy %}
|
||||
{
|
||||
"source": "{{ container_config_directory }}/{{ service }}_policy.json",
|
||||
"dest": "/etc/openstack-dashboard/{{ service }}_policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ path | basename }}",
|
||||
"dest": "/etc/openstack-dashboard/{{ path | basename }}",
|
||||
"owner": "horizon",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
"perm": "0600"
|
||||
},
|
||||
{% endfor %}
|
||||
{
|
||||
|
@ -70,6 +70,9 @@ def check_json_j2():
|
||||
def bool_filter(value):
|
||||
return True
|
||||
|
||||
def basename_filter(text):
|
||||
return text.split('\\')[-1]
|
||||
|
||||
# Mock ansible hostvars variable, which is a nested dict
|
||||
def hostvars():
|
||||
return collections.defaultdict(hostvars)
|
||||
@ -82,6 +85,7 @@ def check_json_j2():
|
||||
env = jinja2.Environment( # nosec: not used to render HTML
|
||||
loader=jinja2.FileSystemLoader(root))
|
||||
env.filters['bool'] = bool_filter
|
||||
env.filters['basename'] = basename_filter
|
||||
template = env.get_template(filename)
|
||||
# Mock ansible variables.
|
||||
context = {
|
||||
|
Loading…
x
Reference in New Issue
Block a user