openstack/kolla-ansible
Code Issues Proposed changes

Merge "Support Neutron policy file in both .json and .yaml format"

Browse Source
This commit is contained in:
Zuul 2020-04-16 13:32:01 +00:00 committed by Gerrit Code Review
commit b6801477db
13 changed files with 112 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
ansible/roles/neutron/tasks/config.yml
View File

@ -34,6 +34,39 @@
notify: notify:
- "Restart {{ item.key }} container" - "Restart {{ item.key }} container"
- name: Check if policies shall be overwritten
stat:
path: "{{ item }}"
delegate_to: localhost
run_once: True
register: neutron_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/neutron/"
skip: true
- name: Set neutron policy file
set_fact:
neutron_policy_file: "{{ neutron_policy.results.0.stat.path | basename }}"
neutron_policy_file_path: "{{ neutron_policy.results.0.stat.path }}"
when:
- neutron_policy.results
- name: Copying over existing policy file
template:
src: "{{ neutron_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ neutron_policy_file }}"
mode: "0660"
become: true
when:
- neutron_policy_file is defined
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
become: true become: true
template: template:
@ -369,13 +402,6 @@
notify: notify:
- "Restart {{ service_name }} container" - "Restart {{ service_name }} container"
- name: Check if policies shall be overwritten
stat:
path: "{{ node_custom_config }}/neutron/policy.json"
delegate_to: localhost
run_once: True
register: neutron_policy
- name: Copying over nsx.ini - name: Copying over nsx.ini
vars: vars:
service_name: "neutron-server" service_name: "neutron-server"
@ -394,33 +420,6 @@
notify: notify:
- "Restart {{ service_name }} container" - "Restart {{ service_name }} container"
- name: Copying over existing policy.json
become: true
vars:
service_name: "{{ item.key }}"
services_need_policy_json:
- "neutron-dhcp-agent"
- "neutron-l3-agent"
- "neutron-linuxbridge-agent"
- "neutron-metadata-agent"
- "neutron-metering-agent"
- "neutron-openvswitch-agent"
- "neutron-openvswitch-agent-xenapi"
- "neutron-server"
- "neutron-bgp-dragent"
- "neutron-sriov-agent"
template:
src: "{{ node_custom_config }}/neutron/policy.json"
dest: "{{ node_config_directory }}/{{ service_name }}/policy.json"
mode: "0660"
when:
- neutron_policy.stat.exists
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copy neutron-l3-agent-wrapper script - name: Copy neutron-l3-agent-wrapper script
become: true become: true
vars: vars:

11
ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2
View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/bgp_dragent.ini", "dest": "/etc/neutron/bgp_dragent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

11
ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
View File

@ -18,14 +18,13 @@
"dest": "/etc/neutron/dnsmasq.conf", "dest": "/etc/neutron/dnsmasq.conf",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

11
ansible/roles/neutron/templates/neutron-l3-agent.json.j2
View File

@ -30,14 +30,13 @@
"dest": "/etc/neutron/l3_agent.ini", "dest": "/etc/neutron/l3_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

15
ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
View File

@ -7,12 +7,12 @@
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },
{ {% if neutron_policy_file is defined %}{
"source": "{{ container_config_directory }}/linuxbridge_agent.ini", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{ {
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}", "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@ -22,11 +22,10 @@
}, },
{% endfor %}{% endif %} {% endfor %}{% endif %}
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/linuxbridge_agent.ini",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true
} }
], ],
"permissions": [ "permissions": [

11
ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/metadata_agent.ini", "dest": "/etc/neutron/metadata_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

11
ansible/roles/neutron/templates/neutron-metering-agent.json.j2
View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/metering_agent.ini", "dest": "/etc/neutron/metering_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

11
ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2
View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini", "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

21
ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
View File

@ -7,12 +7,6 @@
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },
{
"source": "{{ container_config_directory }}/openvswitch_agent.ini",
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
"perm": "0600"
},
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{ {
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}", "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@ -21,12 +15,17 @@
"perm": "0600" "perm": "0600"
}, },
{% endfor %}{% endif %} {% endfor %}{% endif %}
{ {% if neutron_policy_file is defined %}{
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true },{% endif %}
{
"source": "{{ container_config_directory }}/openvswitch_agent.ini",
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
"perm": "0600"
} }
], ],
"permissions": [ "permissions": [

37
ansible/roles/neutron/templates/neutron-server.json.j2
View File

@ -19,27 +19,13 @@
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },
{ {% if neutron_policy_file is defined %}{
"source": "{{ container_config_directory }}/ml2_conf.ini", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} {% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%}
{
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
"dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}",
"owner": "neutron",
"perm": "0600"
},
{% endfor %}{% endif %}
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/neutron/policy.json",
"owner": "neutron",
"perm": "0600",
"optional": true
}{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%},
{ {
"source": "{{ container_config_directory }}/nsx.ini", "source": "{{ container_config_directory }}/nsx.ini",
"dest": "/etc/neutron/plugins/vmware/nsx.ini", "dest": "/etc/neutron/plugins/vmware/nsx.ini",
@ -47,6 +33,19 @@
"optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }}, "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }},
"perm": "0600" "perm": "0600"
}{% endif %} }{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
"dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}",
"owner": "neutron",
"perm": "0600"
},{% endfor %}{% endif %}
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
}
], ],
"permissions": [ "permissions": [
{ {

11
ansible/roles/neutron/templates/neutron-sriov-agent.json.j2
View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/sriov_agent.ini", "dest": "/etc/neutron/plugins/ml2/sriov_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

5
ansible/roles/neutron/templates/neutron.conf.j2
View File

@ -124,6 +124,11 @@ topics = {{ neutron_enabled_notification_topics | map(attribute='name') | join('
driver = noop driver = noop
{% endif %} {% endif %}
{% if neutron_policy_file is defined %}
[oslo_policy]
policy_file = {{ neutron_policy_file }}
{% endif %}
{% if enable_neutron_sfc | bool %} {% if enable_neutron_sfc | bool %}
[sfc] [sfc]
drivers = ovs drivers = ovs

4
releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml Normal file
View File

@ -0,0 +1,4 @@
---
features:
- |
Adds support for the Neutron policy file in both .json and .yaml format.