From 775d8019b61dff3fcefc5c2eeb25a33af240941f Mon Sep 17 00:00:00 2001 From: Eduardo Gonzalez Date: Fri, 18 Nov 2016 17:36:00 +0000 Subject: [PATCH] Add custom policies in service.json Include custom policy.json files in service-api.json.j2 files Change-Id: Ic55bfc6f61131aa72c3497ce8b2282056bcc7f92 Partially-Implements: blueprint custom-policies --- ansible/roles/aodh/templates/aodh-api.json.j2 | 7 +++++++ ansible/roles/aodh/templates/aodh-evaluator.json.j2 | 7 +++++++ ansible/roles/aodh/templates/aodh-listener.json.j2 | 7 +++++++ ansible/roles/aodh/templates/aodh-notifier.json.j2 | 7 +++++++ ansible/roles/barbican/templates/barbican-api.json.j2 | 7 +++++++ .../templates/barbican-keystone-listener.json.j2 | 7 +++++++ ansible/roles/barbican/templates/barbican-worker.json.j2 | 7 +++++++ .../roles/ceilometer/templates/ceilometer-api.json.j2 | 7 +++++++ .../ceilometer/templates/ceilometer-central.json.j2 | 7 +++++++ .../ceilometer/templates/ceilometer-collector.json.j2 | 7 +++++++ .../ceilometer/templates/ceilometer-compute.json.j2 | 7 +++++++ .../ceilometer/templates/ceilometer-notification.json.j2 | 7 +++++++ ansible/roles/cinder/templates/cinder-api.json.j2 | 7 +++++++ ansible/roles/cinder/templates/cinder-backup.json.j2 | 7 +++++++ ansible/roles/cinder/templates/cinder-scheduler.json.j2 | 7 +++++++ ansible/roles/cinder/templates/cinder-volume.json.j2 | 7 +++++++ .../roles/cloudkitty/templates/cloudkitty-api.json.j2 | 7 +++++++ .../cloudkitty/templates/cloudkitty-processor.json.j2 | 7 +++++++ ansible/roles/congress/templates/congress-api.json.j2 | 7 +++++++ .../roles/congress/templates/congress-datasource.json.j2 | 7 +++++++ .../congress/templates/congress-policy-engine.json.j2 | 7 +++++++ ansible/roles/glance/templates/glance-api.json.j2 | 7 +++++++ ansible/roles/glance/templates/glance-registry.json.j2 | 7 +++++++ ansible/roles/gnocchi/templates/gnocchi-api.json.j2 | 7 +++++++ ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2 | 7 +++++++ ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2 | 7 +++++++ ansible/roles/heat/templates/heat-api-cfn.json.j2 | 7 +++++++ ansible/roles/heat/templates/heat-api.json.j2 | 9 ++++++++- ansible/roles/heat/templates/heat-engine.json.j2 | 7 +++++++ ansible/roles/ironic/templates/ironic-api.json.j2 | 7 +++++++ ansible/roles/ironic/templates/ironic-conductor.json.j2 | 7 +++++++ ansible/roles/ironic/templates/ironic-inspector.json.j2 | 7 +++++++ ansible/roles/keystone/templates/keystone-fernet.json.j2 | 7 +++++++ ansible/roles/kuryr/templates/kuryr.json.j2 | 7 +++++++ ansible/roles/magnum/templates/magnum-api.json.j2 | 7 +++++++ ansible/roles/magnum/templates/magnum-conductor.json.j2 | 7 +++++++ ansible/roles/manila/templates/manila-api.json.j2 | 7 +++++++ ansible/roles/manila/templates/manila-data.json.j2 | 7 +++++++ ansible/roles/manila/templates/manila-scheduler.json.j2 | 7 +++++++ ansible/roles/manila/templates/manila-share.json.j2 | 7 +++++++ ansible/roles/mistral/templates/mistral-api.json.j2 | 7 +++++++ ansible/roles/mistral/templates/mistral-engine.json.j2 | 7 +++++++ ansible/roles/mistral/templates/mistral-executor.json.j2 | 7 +++++++ ansible/roles/murano/templates/murano-api.json.j2 | 7 +++++++ ansible/roles/murano/templates/murano-engine.json.j2 | 7 +++++++ .../roles/neutron/templates/neutron-dhcp-agent.json.j2 | 7 +++++++ ansible/roles/neutron/templates/neutron-l3-agent.json.j2 | 7 +++++++ .../roles/neutron/templates/neutron-lbaas-agent.json.j2 | 7 +++++++ .../neutron/templates/neutron-linuxbridge-agent.json.j2 | 7 +++++++ .../neutron/templates/neutron-metadata-agent.json.j2 | 7 +++++++ .../neutron/templates/neutron-openvswitch-agent.json.j2 | 7 +++++++ ansible/roles/neutron/templates/neutron-server.json.j2 | 7 +++++++ .../roles/neutron/templates/neutron-vpnaas-agent.json.j2 | 7 +++++++ ansible/roles/nova/templates/nova-api.json.j2 | 7 +++++++ ansible/roles/nova/templates/nova-compute-ironic.json.j2 | 7 +++++++ ansible/roles/nova/templates/nova-compute.json.j2 | 7 +++++++ ansible/roles/nova/templates/nova-conductor.json.j2 | 7 +++++++ ansible/roles/nova/templates/nova-consoleauth.json.j2 | 7 +++++++ ansible/roles/nova/templates/nova-novncproxy.json.j2 | 7 +++++++ ansible/roles/nova/templates/nova-scheduler.json.j2 | 7 +++++++ .../roles/nova/templates/nova-spicehtml5proxy.json.j2 | 7 +++++++ ansible/roles/rally/templates/rally.json.j2 | 7 +++++++ ansible/roles/sahara/templates/sahara-api.json.j2 | 7 +++++++ ansible/roles/sahara/templates/sahara-engine.json.j2 | 7 +++++++ .../roles/searchlight/templates/searchlight-api.json.j2 | 7 +++++++ .../searchlight/templates/searchlight-listener.json.j2 | 7 +++++++ ansible/roles/senlin/templates/senlin-api.json.j2 | 7 +++++++ ansible/roles/senlin/templates/senlin-engine.json.j2 | 7 +++++++ .../roles/swift/templates/swift-account-auditor.json.j2 | 7 +++++++ .../roles/swift/templates/swift-account-reaper.json.j2 | 7 +++++++ .../swift/templates/swift-account-replicator.json.j2 | 7 +++++++ .../roles/swift/templates/swift-account-server.json.j2 | 7 +++++++ .../swift/templates/swift-container-auditor.json.j2 | 7 +++++++ .../swift/templates/swift-container-replicator.json.j2 | 7 +++++++ .../roles/swift/templates/swift-container-server.json.j2 | 7 +++++++ .../swift/templates/swift-container-updater.json.j2 | 7 +++++++ .../roles/swift/templates/swift-object-auditor.json.j2 | 7 +++++++ .../roles/swift/templates/swift-object-expirer.json.j2 | 7 +++++++ .../swift/templates/swift-object-replicator.json.j2 | 7 +++++++ .../roles/swift/templates/swift-object-server.json.j2 | 7 +++++++ .../roles/swift/templates/swift-object-updater.json.j2 | 7 +++++++ ansible/roles/swift/templates/swift-proxy-server.json.j2 | 7 +++++++ ansible/roles/tempest/templates/tempest.json.j2 | 7 +++++++ ansible/roles/watcher/templates/watcher-api.json.j2 | 7 +++++++ ansible/roles/watcher/templates/watcher-applier.json.j2 | 7 +++++++ ansible/roles/watcher/templates/watcher-engine.json.j2 | 7 +++++++ 86 files changed, 603 insertions(+), 1 deletion(-) diff --git a/ansible/roles/aodh/templates/aodh-api.json.j2 b/ansible/roles/aodh/templates/aodh-api.json.j2 index fc6b0b0815..fc4b127a70 100644 --- a/ansible/roles/aodh/templates/aodh-api.json.j2 +++ b/ansible/roles/aodh/templates/aodh-api.json.j2 @@ -14,6 +14,13 @@ "dest": "/etc/{{ aodh_dir }}/wsgi-aodh.conf", "owner": "root", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/aodh/policy.json", + "owner": "aodh", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/aodh/templates/aodh-evaluator.json.j2 b/ansible/roles/aodh/templates/aodh-evaluator.json.j2 index 220be5a1e0..788915c77c 100644 --- a/ansible/roles/aodh/templates/aodh-evaluator.json.j2 +++ b/ansible/roles/aodh/templates/aodh-evaluator.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/aodh/aodh.conf", "owner": "aodh", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/aodh/policy.json", + "owner": "aodh", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/aodh/templates/aodh-listener.json.j2 b/ansible/roles/aodh/templates/aodh-listener.json.j2 index 3b75e64c80..2f438d139c 100644 --- a/ansible/roles/aodh/templates/aodh-listener.json.j2 +++ b/ansible/roles/aodh/templates/aodh-listener.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/aodh/aodh.conf", "owner": "aodh", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/aodh/policy.json", + "owner": "aodh", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/aodh/templates/aodh-notifier.json.j2 b/ansible/roles/aodh/templates/aodh-notifier.json.j2 index da910cd2ba..63db1f34f6 100644 --- a/ansible/roles/aodh/templates/aodh-notifier.json.j2 +++ b/ansible/roles/aodh/templates/aodh-notifier.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/aodh/aodh.conf", "owner": "aodh", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/aodh/policy.json", + "owner": "aodh", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/barbican/templates/barbican-api.json.j2 b/ansible/roles/barbican/templates/barbican-api.json.j2 index 5fbdea25f6..411d28c119 100644 --- a/ansible/roles/barbican/templates/barbican-api.json.j2 +++ b/ansible/roles/barbican/templates/barbican-api.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/barbican/barbican-api-paste.ini", "owner": "barbican", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/barbican/policy.json", + "owner": "barbican", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 index 15fc7b54d9..5422160a59 100644 --- a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 +++ b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/barbican/barbican.conf", "owner": "barbican", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/barbican/policy.json", + "owner": "barbican", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/barbican/templates/barbican-worker.json.j2 b/ansible/roles/barbican/templates/barbican-worker.json.j2 index 1608df871c..56fb1cf27d 100644 --- a/ansible/roles/barbican/templates/barbican-worker.json.j2 +++ b/ansible/roles/barbican/templates/barbican-worker.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/barbican/barbican.conf", "owner": "barbican", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/barbican/policy.json", + "owner": "barbican", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 index ed8ae5ebe1..500f9979fc 100644 --- a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 @@ -15,6 +15,13 @@ "dest": "/etc/{{ apache_dir }}/{{ apache_file }}", "owner": "ceilometer", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ceilometer/policy.json", + "owner": "ceilometer", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/ceilometer/templates/ceilometer-central.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-central.json.j2 index e879afd594..3468478874 100644 --- a/ansible/roles/ceilometer/templates/ceilometer-central.json.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer-central.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/ceilometer/ceilometer.conf", "owner": "ceilometer", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ceilometer/policy.json", + "owner": "ceilometer", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2 index 32970e1271..99da6248a5 100644 --- a/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/ceilometer/ceilometer.conf", "owner": "ceilometer", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ceilometer/policy.json", + "owner": "ceilometer", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2 index b8ed69455b..9a71849958 100644 --- a/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/ceilometer/ceilometer.conf", "owner": "ceilometer", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ceilometer/policy.json", + "owner": "ceilometer", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2 index 769a8c8ce1..354ecf7a95 100644 --- a/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/ceilometer/pipeline.yaml", "owner": "ceilometer", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ceilometer/policy.json", + "owner": "ceilometer", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/cinder/templates/cinder-api.json.j2 b/ansible/roles/cinder/templates/cinder-api.json.j2 index 27825ed506..4733681256 100644 --- a/ansible/roles/cinder/templates/cinder-api.json.j2 +++ b/ansible/roles/cinder/templates/cinder-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/cinder/cinder.conf", "owner": "cinder", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/cinder/policy.json", + "owner": "cinder", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/cinder/templates/cinder-backup.json.j2 b/ansible/roles/cinder/templates/cinder-backup.json.j2 index d42428ac16..a24b2f062b 100644 --- a/ansible/roles/cinder/templates/cinder-backup.json.j2 +++ b/ansible/roles/cinder/templates/cinder-backup.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/cinder/cinder.conf", "owner": "cinder", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/cinder/policy.json", + "owner": "cinder", + "perm": "0600", + "optional": true }{% if cinder_backend_ceph | bool %}, { "source": "{{ container_config_directory }}/ceph.*", diff --git a/ansible/roles/cinder/templates/cinder-scheduler.json.j2 b/ansible/roles/cinder/templates/cinder-scheduler.json.j2 index b5ef7b5481..84fdfe3d46 100644 --- a/ansible/roles/cinder/templates/cinder-scheduler.json.j2 +++ b/ansible/roles/cinder/templates/cinder-scheduler.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/cinder/cinder.conf", "owner": "cinder", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/cinder/policy.json", + "owner": "cinder", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/cinder/templates/cinder-volume.json.j2 b/ansible/roles/cinder/templates/cinder-volume.json.j2 index 5dc729b145..c00ea1a016 100644 --- a/ansible/roles/cinder/templates/cinder-volume.json.j2 +++ b/ansible/roles/cinder/templates/cinder-volume.json.j2 @@ -27,6 +27,13 @@ "owner": "cinder", "perm": "0600", "optional": {{ (not enable_cinder_backend_nfs | bool) | string | lower }} + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/cinder/policy.json", + "owner": "cinder", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 index 83b37763f7..0b7a828a13 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/cloudkitty/cloudkitty.conf", "owner": "cloudkitty", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/cloudkitty/policy.json", + "owner": "cloudkitty", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 index 8b8d95e076..06f83feada 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/cloudkitty/cloudkitty.conf", "owner": "cloudkitty", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/cloudkitty/policy.json", + "owner": "cloudkitty", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/congress/templates/congress-api.json.j2 b/ansible/roles/congress/templates/congress-api.json.j2 index 85d858aef3..f436301a0e 100644 --- a/ansible/roles/congress/templates/congress-api.json.j2 +++ b/ansible/roles/congress/templates/congress-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/congress/congress.conf", "owner": "congress", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/congress/policy.json", + "owner": "congress", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/congress/templates/congress-datasource.json.j2 b/ansible/roles/congress/templates/congress-datasource.json.j2 index a83c5ffd72..d3edbb9280 100644 --- a/ansible/roles/congress/templates/congress-datasource.json.j2 +++ b/ansible/roles/congress/templates/congress-datasource.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/congress/congress.conf", "owner": "congress", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/congress/policy.json", + "owner": "congress", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/congress/templates/congress-policy-engine.json.j2 b/ansible/roles/congress/templates/congress-policy-engine.json.j2 index 0d6654a243..f3853e96b2 100644 --- a/ansible/roles/congress/templates/congress-policy-engine.json.j2 +++ b/ansible/roles/congress/templates/congress-policy-engine.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/congress/congress.conf", "owner": "congress", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/congress/policy.json", + "owner": "congress", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/glance/templates/glance-api.json.j2 b/ansible/roles/glance/templates/glance-api.json.j2 index 2b6caebbdb..fd15198c0e 100644 --- a/ansible/roles/glance/templates/glance-api.json.j2 +++ b/ansible/roles/glance/templates/glance-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/glance/glance-api.conf", "owner": "glance", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/glance/policy.json", + "owner": "glance", + "perm": "0600", + "optional": true }{% if glance_backend_ceph | bool %}, { "source": "{{ container_config_directory }}/ceph.*", diff --git a/ansible/roles/glance/templates/glance-registry.json.j2 b/ansible/roles/glance/templates/glance-registry.json.j2 index bfd60c507a..46dd517364 100644 --- a/ansible/roles/glance/templates/glance-registry.json.j2 +++ b/ansible/roles/glance/templates/glance-registry.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/glance/glance-registry.conf", "owner": "glance", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/glance/policy.json", + "owner": "glance", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 index 583e6e9a29..1547d155b2 100644 --- a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 @@ -20,6 +20,13 @@ "dest": "/etc/{{ gnocchi_dir }}/wsgi-gnocchi.conf", "owner": "gnocchi", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/gnocchi/policy.json", + "owner": "gnocchi", + "perm": "0600", + "optional": true }{% if gnocchi_backend_storage == 'ceph' %}, { "source": "{{ container_config_directory }}/ceph.conf", diff --git a/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2 index 9188a1c8e8..25e63ac232 100644 --- a/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/gnocchi/gnocchi.conf", "owner": "gnocchi", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/gnocchi/policy.json", + "owner": "gnocchi", + "perm": "0600", + "optional": true }{% if gnocchi_backend_storage == 'ceph' %}, { "source": "{{ container_config_directory }}/ceph.conf", diff --git a/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2 index 83073147b3..0fad3b6e14 100644 --- a/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/gnocchi/gnocchi.conf", "owner": "gnocchi", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/gnocchi/policy.json", + "owner": "gnocchi", + "perm": "0600", + "optional": true }{% if gnocchi_backend_storage == 'ceph' %}, { "source": "{{ container_config_directory }}/ceph.conf", diff --git a/ansible/roles/heat/templates/heat-api-cfn.json.j2 b/ansible/roles/heat/templates/heat-api-cfn.json.j2 index 30f266582d..40d7987c94 100644 --- a/ansible/roles/heat/templates/heat-api-cfn.json.j2 +++ b/ansible/roles/heat/templates/heat-api-cfn.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/heat/heat.conf", "owner": "heat", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/heat/policy.json", + "owner": "heat", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/heat/templates/heat-api.json.j2 b/ansible/roles/heat/templates/heat-api.json.j2 index c198cbf4be..bc11a53e01 100644 --- a/ansible/roles/heat/templates/heat-api.json.j2 +++ b/ansible/roles/heat/templates/heat-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/heat/heat.conf", "owner": "heat", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/heat/policy.json", + "owner": "heat", + "perm": "0600", + "optional": true } ], "permissions": [ @@ -14,5 +21,5 @@ "owner": "heat:heat", "recurse": true } - ] + ] } diff --git a/ansible/roles/heat/templates/heat-engine.json.j2 b/ansible/roles/heat/templates/heat-engine.json.j2 index 40d76a08f0..c9bda6aaf7 100644 --- a/ansible/roles/heat/templates/heat-engine.json.j2 +++ b/ansible/roles/heat/templates/heat-engine.json.j2 @@ -12,6 +12,13 @@ "dest": "/etc/heat/environment.d/_deprecated.yaml", "owner": "heat", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/heat/policy.json", + "owner": "heat", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/ironic/templates/ironic-api.json.j2 b/ansible/roles/ironic/templates/ironic-api.json.j2 index bf10f31058..ff0917118f 100644 --- a/ansible/roles/ironic/templates/ironic-api.json.j2 +++ b/ansible/roles/ironic/templates/ironic-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/ironic/ironic.conf", "owner": "ironic", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ironic/policy.json", + "owner": "ironic", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/ironic/templates/ironic-conductor.json.j2 b/ansible/roles/ironic/templates/ironic-conductor.json.j2 index 46aa5ed6b8..969b1f7496 100644 --- a/ansible/roles/ironic/templates/ironic-conductor.json.j2 +++ b/ansible/roles/ironic/templates/ironic-conductor.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/ironic/ironic.conf", "owner": "ironic", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ironic/policy.json", + "owner": "ironic", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2 index fee13e3e45..e4c362050a 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.json.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/ironic-inspector/ironic.conf", "owner": "ironic", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/ironic/policy.json", + "owner": "ironic", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/keystone/templates/keystone-fernet.json.j2 b/ansible/roles/keystone/templates/keystone-fernet.json.j2 index 9078977b5e..f1019a5374 100644 --- a/ansible/roles/keystone/templates/keystone-fernet.json.j2 +++ b/ansible/roles/keystone/templates/keystone-fernet.json.j2 @@ -36,6 +36,13 @@ "dest": "/var/lib/keystone/.ssh/id_rsa", "owner": "keystone", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/keystone/policy.json", + "owner": "keystone", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/kuryr/templates/kuryr.json.j2 b/ansible/roles/kuryr/templates/kuryr.json.j2 index 373c25a767..76602c1943 100644 --- a/ansible/roles/kuryr/templates/kuryr.json.j2 +++ b/ansible/roles/kuryr/templates/kuryr.json.j2 @@ -12,6 +12,13 @@ "dest": "/usr/lib/docker/plugins/kuryr/kuryr.spec", "owner": "root", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/kuryr/policy.json", + "owner": "kuryr", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/magnum/templates/magnum-api.json.j2 b/ansible/roles/magnum/templates/magnum-api.json.j2 index b79de70053..e191b862f1 100644 --- a/ansible/roles/magnum/templates/magnum-api.json.j2 +++ b/ansible/roles/magnum/templates/magnum-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/magnum/magnum.conf", "owner": "magnum", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/magnum/policy.json", + "owner": "magnum", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/magnum/templates/magnum-conductor.json.j2 b/ansible/roles/magnum/templates/magnum-conductor.json.j2 index 40a6fa2657..ecf1d74c0a 100644 --- a/ansible/roles/magnum/templates/magnum-conductor.json.j2 +++ b/ansible/roles/magnum/templates/magnum-conductor.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/magnum/magnum.conf", "owner": "magnum", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/magnum/policy.json", + "owner": "magnum", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/manila/templates/manila-api.json.j2 b/ansible/roles/manila/templates/manila-api.json.j2 index 2d6196459d..9155783078 100644 --- a/ansible/roles/manila/templates/manila-api.json.j2 +++ b/ansible/roles/manila/templates/manila-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/manila/policy.json", + "owner": "manila", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/manila/templates/manila-data.json.j2 b/ansible/roles/manila/templates/manila-data.json.j2 index b5a8ce2bba..715f7dc0e4 100644 --- a/ansible/roles/manila/templates/manila-data.json.j2 +++ b/ansible/roles/manila/templates/manila-data.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/manila/policy.json", + "owner": "manila", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/manila/templates/manila-scheduler.json.j2 b/ansible/roles/manila/templates/manila-scheduler.json.j2 index e59e85b5bd..d814133885 100644 --- a/ansible/roles/manila/templates/manila-scheduler.json.j2 +++ b/ansible/roles/manila/templates/manila-scheduler.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/manila/policy.json", + "owner": "manila", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/manila/templates/manila-share.json.j2 b/ansible/roles/manila/templates/manila-share.json.j2 index 3108156554..974169063d 100644 --- a/ansible/roles/manila/templates/manila-share.json.j2 +++ b/ansible/roles/manila/templates/manila-share.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/manila/policy.json", + "owner": "manila", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/mistral/templates/mistral-api.json.j2 b/ansible/roles/mistral/templates/mistral-api.json.j2 index 3fdb470826..2b5c5c4022 100644 --- a/ansible/roles/mistral/templates/mistral-api.json.j2 +++ b/ansible/roles/mistral/templates/mistral-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/mistral/mistral.conf", "owner": "mistral", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/mistral/policy.json", + "owner": "mistral", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/mistral/templates/mistral-engine.json.j2 b/ansible/roles/mistral/templates/mistral-engine.json.j2 index a37250facd..bf3df91863 100644 --- a/ansible/roles/mistral/templates/mistral-engine.json.j2 +++ b/ansible/roles/mistral/templates/mistral-engine.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/mistral/mistral.conf", "owner": "mistral", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/mistral/policy.json", + "owner": "mistral", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/mistral/templates/mistral-executor.json.j2 b/ansible/roles/mistral/templates/mistral-executor.json.j2 index 405a20183d..091818ad59 100644 --- a/ansible/roles/mistral/templates/mistral-executor.json.j2 +++ b/ansible/roles/mistral/templates/mistral-executor.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/mistral/mistral.conf", "owner": "mistral", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/mistral/policy.json", + "owner": "mistral", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/murano/templates/murano-api.json.j2 b/ansible/roles/murano/templates/murano-api.json.j2 index 07a6b8693d..b1a9f59c6a 100644 --- a/ansible/roles/murano/templates/murano-api.json.j2 +++ b/ansible/roles/murano/templates/murano-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/murano/murano.conf", "owner": "murano", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/murano/policy.json", + "owner": "murano", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/murano/templates/murano-engine.json.j2 b/ansible/roles/murano/templates/murano-engine.json.j2 index 98a328e72b..dd25aea65f 100644 --- a/ansible/roles/murano/templates/murano-engine.json.j2 +++ b/ansible/roles/murano/templates/murano-engine.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/murano/murano.conf", "owner": "murano", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/murano/policy.json", + "owner": "murano", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 index f5eed2a526..5244a5b7e9 100644 --- a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/neutron/dnsmasq.conf", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 index d3ef7653fb..03fcadb12e 100644 --- a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/neutron/l3_agent.ini", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2 b/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2 index 0955c30514..3ad6253b62 100644 --- a/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 index 6055414af3..6dfd44811f 100644 --- a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 @@ -12,6 +12,13 @@ "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 index 205ad3bd34..f4b48ac763 100644 --- a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/neutron/metadata_agent.ini", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 index 853db81085..e5dfd784c7 100644 --- a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 @@ -12,6 +12,13 @@ "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2 index 36402f0a5e..3305eb4fa1 100644 --- a/ansible/roles/neutron/templates/neutron-server.json.j2 +++ b/ansible/roles/neutron/templates/neutron-server.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 b/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 index 2c0853d488..265c935a62 100644 --- a/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 @@ -30,6 +30,13 @@ "dest": "/etc/neutron/vpnaas_agent.ini", "owner": "neutron", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/neutron/policy.json", + "owner": "neutron", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-api.json.j2 b/ansible/roles/nova/templates/nova-api.json.j2 index 28642bd593..d669bfdaf8 100644 --- a/ansible/roles/nova/templates/nova-api.json.j2 +++ b/ansible/roles/nova/templates/nova-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-compute-ironic.json.j2 b/ansible/roles/nova/templates/nova-compute-ironic.json.j2 index 94e2b5faef..92c0ee71b7 100644 --- a/ansible/roles/nova/templates/nova-compute-ironic.json.j2 +++ b/ansible/roles/nova/templates/nova-compute-ironic.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-compute.json.j2 b/ansible/roles/nova/templates/nova-compute.json.j2 index 018bf7a809..d37f071573 100644 --- a/ansible/roles/nova/templates/nova-compute.json.j2 +++ b/ansible/roles/nova/templates/nova-compute.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true }{% if nova_backend == "rbd" %}, { "source": "{{ container_config_directory }}/ceph.*", diff --git a/ansible/roles/nova/templates/nova-conductor.json.j2 b/ansible/roles/nova/templates/nova-conductor.json.j2 index 6a7328713d..50bcd53693 100644 --- a/ansible/roles/nova/templates/nova-conductor.json.j2 +++ b/ansible/roles/nova/templates/nova-conductor.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-consoleauth.json.j2 b/ansible/roles/nova/templates/nova-consoleauth.json.j2 index 9cc3240d7d..af6a6c992c 100644 --- a/ansible/roles/nova/templates/nova-consoleauth.json.j2 +++ b/ansible/roles/nova/templates/nova-consoleauth.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-novncproxy.json.j2 b/ansible/roles/nova/templates/nova-novncproxy.json.j2 index d34efb3d69..11e2bbf06b 100644 --- a/ansible/roles/nova/templates/nova-novncproxy.json.j2 +++ b/ansible/roles/nova/templates/nova-novncproxy.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-scheduler.json.j2 b/ansible/roles/nova/templates/nova-scheduler.json.j2 index 36638987a0..b59f2f0e47 100644 --- a/ansible/roles/nova/templates/nova-scheduler.json.j2 +++ b/ansible/roles/nova/templates/nova-scheduler.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2 b/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2 index e12354bf43..b1a218bb82 100644 --- a/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2 +++ b/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/nova/nova.conf", "owner": "nova", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/nova/policy.json", + "owner": "nova", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/rally/templates/rally.json.j2 b/ansible/roles/rally/templates/rally.json.j2 index 3db0d88109..99cf576253 100644 --- a/ansible/roles/rally/templates/rally.json.j2 +++ b/ansible/roles/rally/templates/rally.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/rally/rally.conf", "owner": "rally", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/rally/policy.json", + "owner": "rally", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/sahara/templates/sahara-api.json.j2 b/ansible/roles/sahara/templates/sahara-api.json.j2 index 33e45f49ec..8b28d30c99 100644 --- a/ansible/roles/sahara/templates/sahara-api.json.j2 +++ b/ansible/roles/sahara/templates/sahara-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/sahara/sahara.conf", "owner": "sahara", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/sahara/policy.json", + "owner": "sahara", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/sahara/templates/sahara-engine.json.j2 b/ansible/roles/sahara/templates/sahara-engine.json.j2 index f677b503d5..3e3a70de3b 100644 --- a/ansible/roles/sahara/templates/sahara-engine.json.j2 +++ b/ansible/roles/sahara/templates/sahara-engine.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/sahara/sahara.conf", "owner": "sahara", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/sahara/policy.json", + "owner": "sahara", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/searchlight/templates/searchlight-api.json.j2 b/ansible/roles/searchlight/templates/searchlight-api.json.j2 index a003291ba8..bab8e9963a 100644 --- a/ansible/roles/searchlight/templates/searchlight-api.json.j2 +++ b/ansible/roles/searchlight/templates/searchlight-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/searchlight/searchlight.conf", "owner": "searchlight", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/searchlight/policy.json", + "owner": "searchlight", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/searchlight/templates/searchlight-listener.json.j2 b/ansible/roles/searchlight/templates/searchlight-listener.json.j2 index 5f06a04993..18ec8e51b1 100644 --- a/ansible/roles/searchlight/templates/searchlight-listener.json.j2 +++ b/ansible/roles/searchlight/templates/searchlight-listener.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/searchlight/searchlight.conf", "owner": "searchlight", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/searchlight/policy.json", + "owner": "searchlight", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/senlin/templates/senlin-api.json.j2 b/ansible/roles/senlin/templates/senlin-api.json.j2 index 0e287719b8..ce59e5d7ff 100644 --- a/ansible/roles/senlin/templates/senlin-api.json.j2 +++ b/ansible/roles/senlin/templates/senlin-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/senlin/senlin.conf", "owner": "senlin", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/senlin/policy.json", + "owner": "senlin", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/senlin/templates/senlin-engine.json.j2 b/ansible/roles/senlin/templates/senlin-engine.json.j2 index bc643475ed..f05f8f6fe6 100644 --- a/ansible/roles/senlin/templates/senlin-engine.json.j2 +++ b/ansible/roles/senlin/templates/senlin-engine.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/senlin/senlin.conf", "owner": "senlin", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/senlin/policy.json", + "owner": "senlin", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/swift/templates/swift-account-auditor.json.j2 b/ansible/roles/swift/templates/swift-account-auditor.json.j2 index ccdd21a429..38e65d81aa 100644 --- a/ansible/roles/swift/templates/swift-account-auditor.json.j2 +++ b/ansible/roles/swift/templates/swift-account-auditor.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/swift/account-auditor.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-account-reaper.json.j2 b/ansible/roles/swift/templates/swift-account-reaper.json.j2 index 9471bfd502..b93ccf36cf 100644 --- a/ansible/roles/swift/templates/swift-account-reaper.json.j2 +++ b/ansible/roles/swift/templates/swift-account-reaper.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/swift/account-reaper.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-account-replicator.json.j2 b/ansible/roles/swift/templates/swift-account-replicator.json.j2 index a079cd13af..a49731935b 100644 --- a/ansible/roles/swift/templates/swift-account-replicator.json.j2 +++ b/ansible/roles/swift/templates/swift-account-replicator.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/swift/account-replicator.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-account-server.json.j2 b/ansible/roles/swift/templates/swift-account-server.json.j2 index 516c836d88..998e06b138 100644 --- a/ansible/roles/swift/templates/swift-account-server.json.j2 +++ b/ansible/roles/swift/templates/swift-account-server.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/swift/account-server.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-container-auditor.json.j2 b/ansible/roles/swift/templates/swift-container-auditor.json.j2 index 05ed8105a2..7044109718 100644 --- a/ansible/roles/swift/templates/swift-container-auditor.json.j2 +++ b/ansible/roles/swift/templates/swift-container-auditor.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/swift/container-auditor.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-container-replicator.json.j2 b/ansible/roles/swift/templates/swift-container-replicator.json.j2 index 5821930a29..76d0a190df 100644 --- a/ansible/roles/swift/templates/swift-container-replicator.json.j2 +++ b/ansible/roles/swift/templates/swift-container-replicator.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/swift/container-replicator.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-container-server.json.j2 b/ansible/roles/swift/templates/swift-container-server.json.j2 index 538001ee3d..a9870e5bd2 100644 --- a/ansible/roles/swift/templates/swift-container-server.json.j2 +++ b/ansible/roles/swift/templates/swift-container-server.json.j2 @@ -18,6 +18,13 @@ "dest": "/etc/swift/container-server.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-container-updater.json.j2 b/ansible/roles/swift/templates/swift-container-updater.json.j2 index 123c911cea..0f59961b6f 100644 --- a/ansible/roles/swift/templates/swift-container-updater.json.j2 +++ b/ansible/roles/swift/templates/swift-container-updater.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/swift/container-updater.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-object-auditor.json.j2 b/ansible/roles/swift/templates/swift-object-auditor.json.j2 index 46b1ad5463..3dc84a49cf 100644 --- a/ansible/roles/swift/templates/swift-object-auditor.json.j2 +++ b/ansible/roles/swift/templates/swift-object-auditor.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/swift/object-auditor.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-object-expirer.json.j2 b/ansible/roles/swift/templates/swift-object-expirer.json.j2 index 5ebb4889e9..a87390ee7f 100644 --- a/ansible/roles/swift/templates/swift-object-expirer.json.j2 +++ b/ansible/roles/swift/templates/swift-object-expirer.json.j2 @@ -30,6 +30,13 @@ "dest": "/etc/swift/object-expirer.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-object-replicator.json.j2 b/ansible/roles/swift/templates/swift-object-replicator.json.j2 index 8fc5eb1594..8b6b42a8e1 100644 --- a/ansible/roles/swift/templates/swift-object-replicator.json.j2 +++ b/ansible/roles/swift/templates/swift-object-replicator.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/swift/object-replicator.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-object-server.json.j2 b/ansible/roles/swift/templates/swift-object-server.json.j2 index 31913d4bb3..dcccab7011 100644 --- a/ansible/roles/swift/templates/swift-object-server.json.j2 +++ b/ansible/roles/swift/templates/swift-object-server.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/swift/object-server.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-object-updater.json.j2 b/ansible/roles/swift/templates/swift-object-updater.json.j2 index d34130640a..5d1347c9c5 100644 --- a/ansible/roles/swift/templates/swift-object-updater.json.j2 +++ b/ansible/roles/swift/templates/swift-object-updater.json.j2 @@ -24,6 +24,13 @@ "dest": "/etc/swift/object-updater.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/swift/templates/swift-proxy-server.json.j2 b/ansible/roles/swift/templates/swift-proxy-server.json.j2 index 39e43fb5b8..b695210a8f 100644 --- a/ansible/roles/swift/templates/swift-proxy-server.json.j2 +++ b/ansible/roles/swift/templates/swift-proxy-server.json.j2 @@ -30,6 +30,13 @@ "dest": "/etc/swift/proxy-server.conf", "owner": "swift", "perm": "0640" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/swift/policy.json", + "owner": "swift", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/tempest/templates/tempest.json.j2 b/ansible/roles/tempest/templates/tempest.json.j2 index 3ff5ea788e..36ddc9ac56 100644 --- a/ansible/roles/tempest/templates/tempest.json.j2 +++ b/ansible/roles/tempest/templates/tempest.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/tempest/tempest.conf", "owner": "root", "perm": "0600" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/tempest/policy.json", + "owner": "tempest", + "perm": "0600", + "optional": true } ] } diff --git a/ansible/roles/watcher/templates/watcher-api.json.j2 b/ansible/roles/watcher/templates/watcher-api.json.j2 index 422313e777..149ceb16f7 100644 --- a/ansible/roles/watcher/templates/watcher-api.json.j2 +++ b/ansible/roles/watcher/templates/watcher-api.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/watcher/watcher.conf", "owner": "watcher", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/watcher/policy.json", + "owner": "watcher", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/watcher/templates/watcher-applier.json.j2 b/ansible/roles/watcher/templates/watcher-applier.json.j2 index 2fae81a0e7..63292e2d78 100644 --- a/ansible/roles/watcher/templates/watcher-applier.json.j2 +++ b/ansible/roles/watcher/templates/watcher-applier.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/watcher/watcher.conf", "owner": "watcher", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/watcher/policy.json", + "owner": "watcher", + "perm": "0600", + "optional": true } ], "permissions": [ diff --git a/ansible/roles/watcher/templates/watcher-engine.json.j2 b/ansible/roles/watcher/templates/watcher-engine.json.j2 index acf60e9305..deb285889b 100644 --- a/ansible/roles/watcher/templates/watcher-engine.json.j2 +++ b/ansible/roles/watcher/templates/watcher-engine.json.j2 @@ -6,6 +6,13 @@ "dest": "/etc/watcher/watcher.conf", "owner": "watcher", "perm": "0644" + }, + { + "source": "{{ container_config_directory }}/policy.json", + "dest": "/etc/watcher/policy.json", + "owner": "watcher", + "perm": "0600", + "optional": true } ], "permissions": [