Merge "Support Neutron policy file in both .json and .yaml format"

2020-04-16 13:32:01 +00:00 · 2020-04-16 13:32:01 +00:00 · b6801477db
commit b6801477db
parent a679bf5c65 92deddca88
13 changed files with 112 additions and 114 deletions
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@ -34,6 +34,39 @@
  notify:
    - "Restart {{ item.key }} container"

+- name: Check if policies shall be overwritten
+  stat:
+    path: "{{ item }}"
+  delegate_to: localhost
+  run_once: True
+  register: neutron_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/neutron/"
+      skip: true
+
+- name: Set neutron policy file
+  set_fact:
+    neutron_policy_file: "{{ neutron_policy.results.0.stat.path | basename }}"
+    neutron_policy_file_path: "{{ neutron_policy.results.0.stat.path }}"
+  when:
+    - neutron_policy.results
+
+- name: Copying over existing policy file
+  template:
+    src: "{{ neutron_policy_file_path }}"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ neutron_policy_file }}"
+    mode: "0660"
+  become: true
+  when:
+    - neutron_policy_file is defined
+    - item.value.enabled | bool
+    - item.value.host_in_groups | bool
+  with_dict: "{{ neutron_services }}"
+  notify:
+    - "Restart {{ item.key }} container"
+
 - name: Copying over config.json files for services
  become: true
  template:
@ -369,13 +402,6 @@
  notify:
    - "Restart {{ service_name }} container"

- name: Check if policies shall be overwritten
-  stat:
-    path: "{{ node_custom_config }}/neutron/policy.json"
-  delegate_to: localhost
-  run_once: True
-  register: neutron_policy
-
 - name: Copying over nsx.ini
  vars:
    service_name: "neutron-server"
@ -394,33 +420,6 @@
  notify:
    - "Restart {{ service_name }} container"

- name: Copying over existing policy.json
-  become: true
-  vars:
-    service_name: "{{ item.key }}"
-    services_need_policy_json:
-      - "neutron-dhcp-agent"
-      - "neutron-l3-agent"
-      - "neutron-linuxbridge-agent"
-      - "neutron-metadata-agent"
-      - "neutron-metering-agent"
-      - "neutron-openvswitch-agent"
-      - "neutron-openvswitch-agent-xenapi"
-      - "neutron-server"
-      - "neutron-bgp-dragent"
-      - "neutron-sriov-agent"
-  template:
-    src: "{{ node_custom_config }}/neutron/policy.json"
-    dest: "{{ node_config_directory }}/{{ service_name }}/policy.json"
-    mode: "0660"
-  when:
-    - neutron_policy.stat.exists
-    - item.value.enabled | bool
-    - item.value.host_in_groups | bool
-  with_dict: "{{ neutron_services }}"
-  notify:
-    - "Restart {{ item.key }} container"
-
 - name: Copy neutron-l3-agent-wrapper script
  become: true
  vars:
--- a/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2
@ -12,14 +12,13 @@
            "dest": "/etc/neutron/bgp_dragent.ini",
            "owner": "neutron",
            "perm": "0600"
-        },
+        }{% if neutron_policy_file is defined %},
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
@ -18,14 +18,13 @@
            "dest": "/etc/neutron/dnsmasq.conf",
            "owner": "neutron",
            "perm": "0600"
-        },
+        }{% if neutron_policy_file is defined %},
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
@ -30,14 +30,13 @@
            "dest": "/etc/neutron/l3_agent.ini",
            "owner": "neutron",
            "perm": "0600"
-        },
+        }{% if neutron_policy_file is defined %},
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
@ -7,12 +7,12 @@
            "owner": "neutron",
            "perm": "0600"
        },
-        {
-            "source": "{{ container_config_directory }}/linuxbridge_agent.ini",
-            "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
+        {% if neutron_policy_file is defined %}{
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
            "perm": "0600"
-        },
+        },{% endif %}
 {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
        {
            "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@ -22,11 +22,10 @@
        },
 {% endfor %}{% endif %}
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/linuxbridge_agent.ini",
+            "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
+            "perm": "0600"
        }
    ],
    "permissions": [
--- a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
@ -12,14 +12,13 @@
            "dest": "/etc/neutron/metadata_agent.ini",
            "owner": "neutron",
            "perm": "0600"
-        },
+        }{% if neutron_policy_file is defined %},
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron-metering-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-metering-agent.json.j2
@ -12,14 +12,13 @@
            "dest": "/etc/neutron/metering_agent.ini",
            "owner": "neutron",
            "perm": "0600"
-        },
+        }{% if neutron_policy_file is defined %},
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2
+++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2
@ -12,14 +12,13 @@
            "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
            "owner": "neutron",
            "perm": "0600"
-        },
+        }{% if neutron_policy_file is defined %},
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
@ -7,12 +7,6 @@
            "owner": "neutron",
            "perm": "0600"
        },
-        {
-            "source": "{{ container_config_directory }}/openvswitch_agent.ini",
-            "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
-            "owner": "neutron",
-            "perm": "0600"
-        },
 {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
        {
            "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@ -21,12 +15,17 @@
            "perm": "0600"
        },
 {% endfor %}{% endif %}
-        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+        {% if neutron_policy_file is defined %}{
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
+            "perm": "0600"
+        },{% endif %}
+        {
+            "source": "{{ container_config_directory }}/openvswitch_agent.ini",
+            "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
+            "owner": "neutron",
+            "perm": "0600"
        }
    ],
    "permissions": [
--- a/ansible/roles/neutron/templates/neutron-server.json.j2
+++ b/ansible/roles/neutron/templates/neutron-server.json.j2
@ -19,27 +19,13 @@
            "owner": "neutron",
            "perm": "0600"
        },
-        {
-            "source": "{{ container_config_directory }}/ml2_conf.ini",
-            "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
+        {% if neutron_policy_file is defined %}{
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
            "perm": "0600"
-        },
-{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
-        {
-            "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
-            "dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}",
-            "owner": "neutron",
-            "perm": "0600"
-        },
-{% endfor %}{% endif %}
-        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
-            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%},
+        },{% endif %}
+{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%}
        {
            "source": "{{ container_config_directory }}/nsx.ini",
            "dest": "/etc/neutron/plugins/vmware/nsx.ini",
@ -47,6 +33,19 @@
            "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }},
            "perm": "0600"
        }{% endif %}
+{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
+        {
+            "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
+            "dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}",
+            "owner": "neutron",
+            "perm": "0600"
+        },{% endfor %}{% endif %}
+        {
+            "source": "{{ container_config_directory }}/ml2_conf.ini",
+            "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
+            "owner": "neutron",
+            "perm": "0600"
+        }
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2
@ -12,14 +12,13 @@
            "dest": "/etc/neutron/plugins/ml2/sriov_agent.ini",
            "owner": "neutron",
            "perm": "0600"
-        },
+        }{% if neutron_policy_file is defined %},
        {
-            "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/neutron/policy.json",
+            "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+            "dest": "/etc/neutron/{{ neutron_policy_file }}",
            "owner": "neutron",
-            "perm": "0600",
-            "optional": true
-        }
+            "perm": "0600"
+        }{% endif %}
    ],
    "permissions": [
        {
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@ -124,6 +124,11 @@ topics = {{ neutron_enabled_notification_topics | map(attribute='name') | join('
 driver = noop
 {% endif %}

+{% if neutron_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ neutron_policy_file }}
+{% endif %}
+
 {% if enable_neutron_sfc | bool %}
 [sfc]
 drivers = ovs
--- a/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml
+++ b/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Adds support for the Neutron policy file in both .json and .yaml format.