From de54518b341fe784cf3f31265379ab9b6ef901bc Mon Sep 17 00:00:00 2001 From: Dai Dang Van Date: Mon, 8 Jan 2018 17:36:42 +0700 Subject: [PATCH] Support policy.yaml file [part 7] - Vitrage - Watcher - Zun This will copy only yaml or json policy file if they exist. Change-Id: I913b3b067237cc4694894cc00bcc363127dd3806 Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang --- ansible/roles/vitrage/handlers/main.yml | 20 ++++++------ ansible/roles/vitrage/tasks/config.yml | 31 ++++++++++++------ .../vitrage/templates/vitrage-api.json.j2 | 11 +++---- .../templates/vitrage-collector.json.j2 | 11 +++---- .../vitrage/templates/vitrage-graph.json.j2 | 11 +++---- .../vitrage/templates/vitrage-ml.json.j2 | 11 +++---- .../templates/vitrage-notifier.json.j2 | 11 +++---- .../roles/vitrage/templates/vitrage.conf.j2 | 5 +++ ansible/roles/watcher/handlers/main.yml | 12 +++---- ansible/roles/watcher/tasks/config.yml | 32 +++++++++++++------ .../watcher/templates/watcher-api.json.j2 | 11 +++---- .../watcher/templates/watcher-applier.json.j2 | 11 +++---- .../watcher/templates/watcher-engine.json.j2 | 11 +++---- .../roles/watcher/templates/watcher.conf.j2 | 5 +++ ansible/roles/zun/handlers/main.yml | 8 ++--- ansible/roles/zun/tasks/config.yml | 32 +++++++++++++------ ansible/roles/zun/templates/zun-api.json.j2 | 11 +++---- .../roles/zun/templates/zun-compute.json.j2 | 11 +++---- ansible/roles/zun/templates/zun.conf.j2 | 5 +++ 19 files changed, 151 insertions(+), 109 deletions(-) diff --git a/ansible/roles/vitrage/handlers/main.yml b/ansible/roles/vitrage/handlers/main.yml index 24b9c067bf..9862584d69 100644 --- a/ansible/roles/vitrage/handlers/main.yml +++ b/ansible/roles/vitrage/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ vitrage_services[service_name] }}" config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_api_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or vitrage_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or vitrage_api_container.changed | bool - name: Restart vitrage-collector container @@ -28,7 +28,7 @@ service: "{{ vitrage_services[service_name] }}" config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_collector_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,7 +42,7 @@ - service.enabled | bool - config_json.changed | bool or vitrage_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or vitrage_collector_container.changed | bool - name: Restart vitrage-notifier container @@ -51,7 +51,7 @@ service: "{{ vitrage_services[service_name] }}" config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_notifier_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -65,7 +65,7 @@ - service.enabled | bool - config_json.changed | bool or vitrage_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or vitrage_notifier_container.changed | bool - name: Restart vitrage-graph container @@ -74,7 +74,7 @@ service: "{{ vitrage_services[service_name] }}" config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_graph_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -88,7 +88,7 @@ - service.enabled | bool - config_json.changed | bool or vitrage_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or vitrage_graph_container.changed | bool - name: Restart vitrage-ml container @@ -97,7 +97,7 @@ service: "{{ vitrage_services[service_name] }}" config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" vitrage_ml_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -111,5 +111,5 @@ - service.enabled | bool - config_json.changed | bool or vitrage_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or vitrage_ml_container.changed | bool diff --git a/ansible/roles/vitrage/tasks/config.yml b/ansible/roles/vitrage/tasks/config.yml index 63cc3d4d9d..1038c4bfdb 100644 --- a/ansible/roles/vitrage/tasks/config.yml +++ b/ansible/roles/vitrage/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ vitrage_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: vitrage_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/vitrage/" + skip: true + +- name: Set vitrage policy file + set_fact: + vitrage_policy_file: "{{ vitrage_policy.results.0.stat.path | basename }}" + vitrage_policy_file_path: "{{ vitrage_policy.results.0.stat.path }}" + when: + - vitrage_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -58,17 +75,13 @@ notify: - Restart vitrage-api container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/vitrage/policy.json" - register: vitrage_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/vitrage/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: vitrage_policy_jsons + src: "{{ vitrage_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ vitrage_policy_file }}" + register: vitrage_policy_overwriting when: - - vitrage_policy.stat.exists + - vitrage_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ vitrage_services }}" diff --git a/ansible/roles/vitrage/templates/vitrage-api.json.j2 b/ansible/roles/vitrage/templates/vitrage-api.json.j2 index 7f670f5078..34f2a9223e 100644 --- a/ansible/roles/vitrage/templates/vitrage-api.json.j2 +++ b/ansible/roles/vitrage/templates/vitrage-api.json.j2 @@ -15,14 +15,13 @@ "dest": "/etc/{{ apache_dir }}/{{ apache_file }}", "owner": "vitrage", "perm": "0644" - }, + }{% if vitrage_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/vitrage/policy.json", + "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}", + "dest": "/etc/vitrage/{{ vitrage_policy_file }}", "owner": "vitrage", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/vitrage/templates/vitrage-collector.json.j2 b/ansible/roles/vitrage/templates/vitrage-collector.json.j2 index 1a6c262ea9..4da868bf40 100644 --- a/ansible/roles/vitrage/templates/vitrage-collector.json.j2 +++ b/ansible/roles/vitrage/templates/vitrage-collector.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/vitrage/vitrage.conf", "owner": "vitrage", "perm": "0644" - }, + }{% if vitrage_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/vitrage/policy.json", + "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}", + "dest": "/etc/vitrage/{{ vitrage_policy_file }}", "owner": "vitrage", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/vitrage/templates/vitrage-graph.json.j2 b/ansible/roles/vitrage/templates/vitrage-graph.json.j2 index ebbbb201b4..9f576f3e77 100644 --- a/ansible/roles/vitrage/templates/vitrage-graph.json.j2 +++ b/ansible/roles/vitrage/templates/vitrage-graph.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/vitrage/vitrage.conf", "owner": "vitrage", "perm": "0644" - }, + }{% if vitrage_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/vitrage/policy.json", + "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}", + "dest": "/etc/vitrage/{{ vitrage_policy_file }}", "owner": "vitrage", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/vitrage/templates/vitrage-ml.json.j2 b/ansible/roles/vitrage/templates/vitrage-ml.json.j2 index dd8847af42..6c629e4008 100644 --- a/ansible/roles/vitrage/templates/vitrage-ml.json.j2 +++ b/ansible/roles/vitrage/templates/vitrage-ml.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/vitrage/vitrage.conf", "owner": "vitrage", "perm": "0644" - }, + }{% if vitrage_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/vitrage/policy.json", + "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}", + "dest": "/etc/vitrage/{{ vitrage_policy_file }}", "owner": "vitrage", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/vitrage/templates/vitrage-notifier.json.j2 b/ansible/roles/vitrage/templates/vitrage-notifier.json.j2 index 4ebcbcc644..8e0047aa09 100644 --- a/ansible/roles/vitrage/templates/vitrage-notifier.json.j2 +++ b/ansible/roles/vitrage/templates/vitrage-notifier.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/vitrage/vitrage.conf", "owner": "vitrage", "perm": "0644" - }, + }{% if vitrage_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/vitrage/policy.json", + "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}", + "dest": "/etc/vitrage/{{ vitrage_policy_file }}", "owner": "vitrage", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2 index 52dad4eab5..dc4ef48be1 100644 --- a/ansible/roles/vitrage/templates/vitrage.conf.j2 +++ b/ansible/roles/vitrage/templates/vitrage.conf.j2 @@ -61,6 +61,11 @@ driver = messagingv2 [oslo_concurrency] lock_path = /var/lib/vitrage/tmp +{% if vitrage_policy_file is defined %} +[oslo_policy] +policy_file = {{ vitrage_policy_file }} +{% endif %} + {% if enable_osprofiler | bool %} [profiler] enabled = true diff --git a/ansible/roles/watcher/handlers/main.yml b/ansible/roles/watcher/handlers/main.yml index e31dd445b4..96898da0f7 100644 --- a/ansible/roles/watcher/handlers/main.yml +++ b/ansible/roles/watcher/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ watcher_services[service_name] }}" config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" watcher_applier_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or watcher_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or watcher_applier_container.changed | bool - name: Restart watcher-engine container @@ -28,7 +28,7 @@ service: "{{ watcher_services[service_name] }}" config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" watcher_engine_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,7 +42,7 @@ - service.enabled | bool - config_json.changed | bool or watcher_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or watcher_engine_container.changed | bool - name: Restart watcher-api container @@ -51,7 +51,7 @@ service: "{{ watcher_services[service_name] }}" config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" watcher_api_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -65,5 +65,5 @@ - service.enabled | bool - config_json.changed | bool or watcher_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or watcher_api_container.changed | bool diff --git a/ansible/roles/watcher/tasks/config.yml b/ansible/roles/watcher/tasks/config.yml index 5b06d602ff..0c5bace05f 100644 --- a/ansible/roles/watcher/tasks/config.yml +++ b/ansible/roles/watcher/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ watcher_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: watcher_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/watcher/" + skip: true + +- name: Set watcher policy file + set_fact: + watcher_policy_file: "{{ watcher_policy.results.0.stat.path | basename }}" + watcher_policy_file_path: "{{ watcher_policy.results.0.stat.path }}" + when: + - watcher_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -44,18 +61,13 @@ - Restart watcher-engine container - Restart watcher-applier container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/watcher/policy.json" - run_once: True - register: watcher_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/watcher/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: watcher_policy_jsons + src: "{{ watcher_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ watcher_policy_file }}" + register: watcher_policy_overwriting when: - - watcher_policy.stat.exists + - watcher_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ watcher_services }}" diff --git a/ansible/roles/watcher/templates/watcher-api.json.j2 b/ansible/roles/watcher/templates/watcher-api.json.j2 index 2d8233b21c..2ff6ac1427 100644 --- a/ansible/roles/watcher/templates/watcher-api.json.j2 +++ b/ansible/roles/watcher/templates/watcher-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/watcher/watcher.conf", "owner": "watcher", "perm": "0600" - }, + }{% if watcher_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/watcher/policy.json", + "source": "{{ container_config_directory }}/{{ watcher_policy_file }}", + "dest": "/etc/watcher/{{ watcher_policy_file }}", "owner": "watcher", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/watcher/templates/watcher-applier.json.j2 b/ansible/roles/watcher/templates/watcher-applier.json.j2 index 7124824c3a..e8d6ac38a0 100644 --- a/ansible/roles/watcher/templates/watcher-applier.json.j2 +++ b/ansible/roles/watcher/templates/watcher-applier.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/watcher/watcher.conf", "owner": "watcher", "perm": "0600" - }, + }{% if watcher_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/watcher/policy.json", + "source": "{{ container_config_directory }}/{{ watcher_policy_file }}", + "dest": "/etc/watcher/{{ watcher_policy_file }}", "owner": "watcher", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/watcher/templates/watcher-engine.json.j2 b/ansible/roles/watcher/templates/watcher-engine.json.j2 index f1d4d65f9d..080e88f08a 100644 --- a/ansible/roles/watcher/templates/watcher-engine.json.j2 +++ b/ansible/roles/watcher/templates/watcher-engine.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/watcher/watcher.conf", "owner": "watcher", "perm": "0600" - }, + }{% if watcher_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/watcher/policy.json", + "source": "{{ container_config_directory }}/{{ watcher_policy_file }}", + "dest": "/etc/watcher/{{ watcher_policy_file }}", "owner": "watcher", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2 index 377225432c..78ac3d607b 100644 --- a/ansible/roles/watcher/templates/watcher.conf.j2 +++ b/ansible/roles/watcher/templates/watcher.conf.j2 @@ -46,3 +46,8 @@ lock_path = /var/lib/watcher/tmp [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} + +{% if watcher_policy_file is defined %} +[oslo_policy] +policy_file = {{ watcher_policy_file }} +{% endif %} diff --git a/ansible/roles/zun/handlers/main.yml b/ansible/roles/zun/handlers/main.yml index beab820d5e..739ce01822 100644 --- a/ansible/roles/zun/handlers/main.yml +++ b/ansible/roles/zun/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ zun_services[service_name] }}" config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ zun_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" zun_api_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -21,7 +21,7 @@ - config_json.changed | bool or zun_conf.changed | bool or zun_conf_wsgi.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or zun_api_container.changed | bool - name: Restart zun-compute container @@ -30,7 +30,7 @@ service: "{{ zun_services[service_name] }}" config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ zun_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" zun_compute_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -45,5 +45,5 @@ - service.enabled | bool - config_json.changed | bool or zun_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or zun_compute_container.changed | bool diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml index 5787f3e395..5d58cc5a04 100644 --- a/ansible/roles/zun/tasks/config.yml +++ b/ansible/roles/zun/tasks/config.yml @@ -7,6 +7,23 @@ when: inventory_hostname in groups[item.value.group] with_dict: "{{ zun_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: zun_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/zun/" + skip: true + +- name: Set zun policy file + set_fact: + zun_policy_file: "{{ zun_policy.results.0.stat.path | basename }}" + zun_policy_file_path: "{{ zun_policy.results.0.stat.path }}" + when: + - zun_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -53,18 +70,13 @@ notify: - Restart zun-api container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/zun/policy.json" - run_once: True - register: zun_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/zun/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: zun_policy_jsons + src: "{{ zun_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ zun_policy_file }}" + register: zun_policy_overwriting when: - - zun_policy.stat.exists + - zun_policy_file is defined - inventory_hostname in groups[item.value.group] with_dict: "{{ zun_services }}" notify: diff --git a/ansible/roles/zun/templates/zun-api.json.j2 b/ansible/roles/zun/templates/zun-api.json.j2 index db42aa81ba..99322c93f0 100644 --- a/ansible/roles/zun/templates/zun-api.json.j2 +++ b/ansible/roles/zun/templates/zun-api.json.j2 @@ -14,14 +14,13 @@ "dest": "/etc/{{ zun_dir }}/wsgi-zun.conf", "owner": "root", "perm": "0600" - }, + }{% if zun_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/zun/policy.json", + "source": "{{ container_config_directory }}/{{ zun_policy_file }}", + "dest": "/etc/zun/{{ zun_policy_file }}", "owner": "zun", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/zun/templates/zun-compute.json.j2 b/ansible/roles/zun/templates/zun-compute.json.j2 index 21b04d7900..1e4e09fc85 100644 --- a/ansible/roles/zun/templates/zun-compute.json.j2 +++ b/ansible/roles/zun/templates/zun-compute.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/zun/zun.conf", "owner": "zun", "perm": "0600" - }, + }{% if zun_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/zun/policy.json", + "source": "{{ container_config_directory }}/{{ zun_policy_file }}", + "dest": "/etc/zun/{{ zun_policy_file }}", "owner": "zun", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2 index a2508770b3..627b0e7e23 100644 --- a/ansible/roles/zun/templates/zun.conf.j2 +++ b/ansible/roles/zun/templates/zun.conf.j2 @@ -101,3 +101,8 @@ connection_string = elasticsearch://{{ elasticsearch_address }}:{{ elasticsearch [oslo_concurrency] lock_path = /var/lib/zun/tmp + +{% if zun_policy_file is defined %} +[oslo_policy] +policy_file = {{ zun_policy_file }} +{% endif %}