From 92deddca88ab289cf9bb7e6fc5d5c3011f49874a Mon Sep 17 00:00:00 2001 From: Scott Solkhon Date: Wed, 15 Jan 2020 10:54:30 +0000 Subject: [PATCH] Support Neutron policy file in both .json and .yaml format Change-Id: I22a995195a1d12bb759cba9777527c23475124f2 --- ansible/roles/neutron/tasks/config.yml | 67 +++++++++---------- .../templates/neutron-bgp-dragent.json.j2 | 11 ++- .../templates/neutron-dhcp-agent.json.j2 | 11 ++- .../templates/neutron-l3-agent.json.j2 | 11 ++- .../neutron-linuxbridge-agent.json.j2 | 15 ++--- .../templates/neutron-metadata-agent.json.j2 | 11 ++- .../templates/neutron-metering-agent.json.j2 | 11 ++- .../neutron-openvswitch-agent-xenapi.json.j2 | 11 ++- .../neutron-openvswitch-agent.json.j2 | 21 +++--- .../neutron/templates/neutron-server.json.j2 | 37 +++++----- .../templates/neutron-sriov-agent.json.j2 | 11 ++- .../roles/neutron/templates/neutron.conf.j2 | 5 ++ ...-support-policy-yaml-d573149c4efee7ad.yaml | 4 ++ 13 files changed, 112 insertions(+), 114 deletions(-) create mode 100644 releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index bf8b3bcb4d..1f70bb1afe 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -34,6 +34,39 @@ notify: - "Restart {{ item.key }} container" +- name: Check if policies shall be overwritten + stat: + path: "{{ item }}" + delegate_to: localhost + run_once: True + register: neutron_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/neutron/" + skip: true + +- name: Set neutron policy file + set_fact: + neutron_policy_file: "{{ neutron_policy.results.0.stat.path | basename }}" + neutron_policy_file_path: "{{ neutron_policy.results.0.stat.path }}" + when: + - neutron_policy.results + +- name: Copying over existing policy file + template: + src: "{{ neutron_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ neutron_policy_file }}" + mode: "0660" + become: true + when: + - neutron_policy_file is defined + - item.value.enabled | bool + - item.value.host_in_groups | bool + with_dict: "{{ neutron_services }}" + notify: + - "Restart {{ item.key }} container" + - name: Copying over config.json files for services become: true template: @@ -351,13 +384,6 @@ notify: - "Restart {{ service_name }} container" -- name: Check if policies shall be overwritten - stat: - path: "{{ node_custom_config }}/neutron/policy.json" - delegate_to: localhost - run_once: True - register: neutron_policy - - name: Copying over nsx.ini vars: service_name: "neutron-server" @@ -376,33 +402,6 @@ notify: - "Restart {{ service_name }} container" -- name: Copying over existing policy.json - become: true - vars: - service_name: "{{ item.key }}" - services_need_policy_json: - - "neutron-dhcp-agent" - - "neutron-l3-agent" - - "neutron-linuxbridge-agent" - - "neutron-metadata-agent" - - "neutron-metering-agent" - - "neutron-openvswitch-agent" - - "neutron-openvswitch-agent-xenapi" - - "neutron-server" - - "neutron-bgp-dragent" - - "neutron-sriov-agent" - template: - src: "{{ node_custom_config }}/neutron/policy.json" - dest: "{{ node_config_directory }}/{{ service_name }}/policy.json" - mode: "0660" - when: - - neutron_policy.stat.exists - - item.value.enabled | bool - - item.value.host_in_groups | bool - with_dict: "{{ neutron_services }}" - notify: - - "Restart {{ item.key }} container" - - name: Copy neutron-l3-agent-wrapper script become: true vars: diff --git a/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2 b/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2 index bfc514ffb5..cfce2042d2 100644 --- a/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2 @@ -12,14 +12,13 @@ "dest": "/etc/neutron/bgp_dragent.ini", "owner": "neutron", "perm": "0600" - }, + }{% if neutron_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 index a727bc7f14..f913957a10 100644 --- a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 @@ -18,14 +18,13 @@ "dest": "/etc/neutron/dnsmasq.conf", "owner": "neutron", "perm": "0600" - }, + }{% if neutron_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 index b856c0932f..81654edaab 100644 --- a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 @@ -30,14 +30,13 @@ "dest": "/etc/neutron/l3_agent.ini", "owner": "neutron", "perm": "0600" - }, + }{% if neutron_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 index cf82cc602e..2ea1dff2a5 100644 --- a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 @@ -7,12 +7,12 @@ "owner": "neutron", "perm": "0600" }, - { - "source": "{{ container_config_directory }}/linuxbridge_agent.ini", - "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini", + {% if neutron_policy_file is defined %}{ + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", "perm": "0600" - }, + },{% endif %} {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} { "source": "{{ container_config_directory }}/{{ plugin.path | basename }}", @@ -22,11 +22,10 @@ }, {% endfor %}{% endif %} { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/linuxbridge_agent.ini", + "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini", "owner": "neutron", - "perm": "0600", - "optional": true + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 index 531bf6ed0c..8d96067228 100644 --- a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 @@ -12,14 +12,13 @@ "dest": "/etc/neutron/metadata_agent.ini", "owner": "neutron", "perm": "0600" - }, + }{% if neutron_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron-metering-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metering-agent.json.j2 index ad8272975e..6a1d6cef81 100644 --- a/ansible/roles/neutron/templates/neutron-metering-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-metering-agent.json.j2 @@ -12,14 +12,13 @@ "dest": "/etc/neutron/metering_agent.ini", "owner": "neutron", "perm": "0600" - }, + }{% if neutron_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2 b/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2 index 83be24eb76..66e969c8ae 100644 --- a/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2 +++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2 @@ -12,14 +12,13 @@ "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini", "owner": "neutron", "perm": "0600" - }, + }{% if neutron_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 index b59632bc64..2cca76036c 100644 --- a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 @@ -7,12 +7,6 @@ "owner": "neutron", "perm": "0600" }, - { - "source": "{{ container_config_directory }}/openvswitch_agent.ini", - "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini", - "owner": "neutron", - "perm": "0600" - }, {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} { "source": "{{ container_config_directory }}/{{ plugin.path | basename }}", @@ -21,12 +15,17 @@ "perm": "0600" }, {% endfor %}{% endif %} - { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + {% if neutron_policy_file is defined %}{ + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true + "perm": "0600" + },{% endif %} + { + "source": "{{ container_config_directory }}/openvswitch_agent.ini", + "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini", + "owner": "neutron", + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2 index 77ea2f2dda..91064c577f 100644 --- a/ansible/roles/neutron/templates/neutron-server.json.j2 +++ b/ansible/roles/neutron/templates/neutron-server.json.j2 @@ -19,27 +19,13 @@ "owner": "neutron", "perm": "0600" }, - { - "source": "{{ container_config_directory }}/ml2_conf.ini", - "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + {% if neutron_policy_file is defined %}{ + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", "perm": "0600" - }, -{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} - { - "source": "{{ container_config_directory }}/{{ plugin.path | basename }}", - "dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}", - "owner": "neutron", - "perm": "0600" - }, -{% endfor %}{% endif %} - { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", - "owner": "neutron", - "perm": "0600", - "optional": true - }{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%}, + },{% endif %} +{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%} { "source": "{{ container_config_directory }}/nsx.ini", "dest": "/etc/neutron/plugins/vmware/nsx.ini", @@ -47,6 +33,19 @@ "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }}, "perm": "0600" }{% endif %} +{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} + { + "source": "{{ container_config_directory }}/{{ plugin.path | basename }}", + "dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}", + "owner": "neutron", + "perm": "0600" + },{% endfor %}{% endif %} + { + "source": "{{ container_config_directory }}/ml2_conf.ini", + "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", + "owner": "neutron", + "perm": "0600" + } ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 b/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 index 52cb2be8a0..83abe58df3 100644 --- a/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 +++ b/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 @@ -12,14 +12,13 @@ "dest": "/etc/neutron/plugins/ml2/sriov_agent.ini", "owner": "neutron", "perm": "0600" - }, + }{% if neutron_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/neutron/policy.json", + "source": "{{ container_config_directory }}/{{ neutron_policy_file }}", + "dest": "/etc/neutron/{{ neutron_policy_file }}", "owner": "neutron", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2 index 1b9c01c9a4..3b579c29e1 100644 --- a/ansible/roles/neutron/templates/neutron.conf.j2 +++ b/ansible/roles/neutron/templates/neutron.conf.j2 @@ -124,6 +124,11 @@ topics = {{ neutron_enabled_notification_topics | map(attribute='name') | join(' driver = noop {% endif %} +{% if neutron_policy_file is defined %} +[oslo_policy] +policy_file = {{ neutron_policy_file }} +{% endif %} + {% if enable_neutron_sfc | bool %} [sfc] drivers = ovs diff --git a/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml b/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml new file mode 100644 index 0000000000..20b1f1656e --- /dev/null +++ b/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Adds support for the Neutron policy file in both .json and .yaml format.