Support policy.yaml file [part 7]

- Vitrage
- Watcher
- Zun

This will copy only yaml or json policy file if they exist.

Change-Id: I913b3b067237cc4694894cc00bcc363127dd3806
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This commit is contained in:
Dai Dang Van 2018-01-08 17:36:42 +07:00
parent 49360f0c35
commit de54518b34
19 changed files with 151 additions and 109 deletions

View File

@ -5,7 +5,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_api_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or vitrage_api_container.changed | bool
- name: Restart vitrage-collector container
@ -28,7 +28,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_collector_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or vitrage_collector_container.changed | bool
- name: Restart vitrage-notifier container
@ -51,7 +51,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_notifier_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -65,7 +65,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or vitrage_notifier_container.changed | bool
- name: Restart vitrage-graph container
@ -74,7 +74,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_graph_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -88,7 +88,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or vitrage_graph_container.changed | bool
- name: Restart vitrage-ml container
@ -97,7 +97,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_ml_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -111,5 +111,5 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or vitrage_ml_container.changed | bool

View File

@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ vitrage_services }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ item }}"
run_once: True
register: vitrage_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/vitrage/"
skip: true
- name: Set vitrage policy file
set_fact:
vitrage_policy_file: "{{ vitrage_policy.results.0.stat.path | basename }}"
vitrage_policy_file_path: "{{ vitrage_policy.results.0.stat.path }}"
when:
- vitrage_policy.results
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@ -58,17 +75,13 @@
notify:
- Restart vitrage-api container
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/vitrage/policy.json"
register: vitrage_policy
- name: Copying over existing policy.json
- name: Copying over existing policy file
template:
src: "{{ node_custom_config }}/vitrage/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
register: vitrage_policy_jsons
src: "{{ vitrage_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ vitrage_policy_file }}"
register: vitrage_policy_overwriting
when:
- vitrage_policy.stat.exists
- vitrage_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ vitrage_services }}"

View File

@ -15,14 +15,13 @@
"dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
"owner": "vitrage",
"perm": "0644"
},
}{% if vitrage_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/vitrage/policy.json",
"source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
"dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
},
}{% if vitrage_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/vitrage/policy.json",
"source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
"dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
},
}{% if vitrage_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/vitrage/policy.json",
"source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
"dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
},
}{% if vitrage_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/vitrage/policy.json",
"source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
"dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
},
}{% if vitrage_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/vitrage/policy.json",
"source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
"dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -61,6 +61,11 @@ driver = messagingv2
[oslo_concurrency]
lock_path = /var/lib/vitrage/tmp
{% if vitrage_policy_file is defined %}
[oslo_policy]
policy_file = {{ vitrage_policy_file }}
{% endif %}
{% if enable_osprofiler | bool %}
[profiler]
enabled = true

View File

@ -5,7 +5,7 @@
service: "{{ watcher_services[service_name] }}"
config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_applier_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or watcher_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or watcher_applier_container.changed | bool
- name: Restart watcher-engine container
@ -28,7 +28,7 @@
service: "{{ watcher_services[service_name] }}"
config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_engine_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or watcher_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or watcher_engine_container.changed | bool
- name: Restart watcher-api container
@ -51,7 +51,7 @@
service: "{{ watcher_services[service_name] }}"
config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_api_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -65,5 +65,5 @@
- service.enabled | bool
- config_json.changed | bool
or watcher_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or watcher_api_container.changed | bool

View File

@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ watcher_services }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ item }}"
run_once: True
register: watcher_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/watcher/"
skip: true
- name: Set watcher policy file
set_fact:
watcher_policy_file: "{{ watcher_policy.results.0.stat.path | basename }}"
watcher_policy_file_path: "{{ watcher_policy.results.0.stat.path }}"
when:
- watcher_policy.results
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@ -44,18 +61,13 @@
- Restart watcher-engine container
- Restart watcher-applier container
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/watcher/policy.json"
run_once: True
register: watcher_policy
- name: Copying over existing policy.json
- name: Copying over existing policy file
template:
src: "{{ node_custom_config }}/watcher/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
register: watcher_policy_jsons
src: "{{ watcher_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ watcher_policy_file }}"
register: watcher_policy_overwriting
when:
- watcher_policy.stat.exists
- watcher_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ watcher_services }}"

View File

@ -6,14 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0600"
},
}{% if watcher_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/watcher/policy.json",
"source": "{{ container_config_directory }}/{{ watcher_policy_file }}",
"dest": "/etc/watcher/{{ watcher_policy_file }}",
"owner": "watcher",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -6,14 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0600"
},
}{% if watcher_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/watcher/policy.json",
"source": "{{ container_config_directory }}/{{ watcher_policy_file }}",
"dest": "/etc/watcher/{{ watcher_policy_file }}",
"owner": "watcher",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -6,14 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0600"
},
}{% if watcher_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/watcher/policy.json",
"source": "{{ container_config_directory }}/{{ watcher_policy_file }}",
"dest": "/etc/watcher/{{ watcher_policy_file }}",
"owner": "watcher",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -46,3 +46,8 @@ lock_path = /var/lib/watcher/tmp
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
{% if watcher_policy_file is defined %}
[oslo_policy]
policy_file = {{ watcher_policy_file }}
{% endif %}

View File

@ -5,7 +5,7 @@
service: "{{ zun_services[service_name] }}"
config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ zun_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_api_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -21,7 +21,7 @@
- config_json.changed | bool
or zun_conf.changed | bool
or zun_conf_wsgi.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or zun_api_container.changed | bool
- name: Restart zun-compute container
@ -30,7 +30,7 @@
service: "{{ zun_services[service_name] }}"
config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_overwriting: "{{ zun_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_compute_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@ -45,5 +45,5 @@
- service.enabled | bool
- config_json.changed | bool
or zun_conf.changed | bool
or policy_json.changed | bool
or policy_overwriting.changed | bool
or zun_compute_container.changed | bool

View File

@ -7,6 +7,23 @@
when: inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ item }}"
run_once: True
register: zun_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/zun/"
skip: true
- name: Set zun policy file
set_fact:
zun_policy_file: "{{ zun_policy.results.0.stat.path | basename }}"
zun_policy_file_path: "{{ zun_policy.results.0.stat.path }}"
when:
- zun_policy.results
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@ -53,18 +70,13 @@
notify:
- Restart zun-api container
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/zun/policy.json"
run_once: True
register: zun_policy
- name: Copying over existing policy.json
- name: Copying over existing policy file
template:
src: "{{ node_custom_config }}/zun/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
register: zun_policy_jsons
src: "{{ zun_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ zun_policy_file }}"
register: zun_policy_overwriting
when:
- zun_policy.stat.exists
- zun_policy_file is defined
- inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
notify:

View File

@ -14,14 +14,13 @@
"dest": "/etc/{{ zun_dir }}/wsgi-zun.conf",
"owner": "root",
"perm": "0600"
},
}{% if zun_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/zun/policy.json",
"source": "{{ container_config_directory }}/{{ zun_policy_file }}",
"dest": "/etc/zun/{{ zun_policy_file }}",
"owner": "zun",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -6,14 +6,13 @@
"dest": "/etc/zun/zun.conf",
"owner": "zun",
"perm": "0600"
},
}{% if zun_policy_file is defined %},
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/zun/policy.json",
"source": "{{ container_config_directory }}/{{ zun_policy_file }}",
"dest": "/etc/zun/{{ zun_policy_file }}",
"owner": "zun",
"perm": "0600",
"optional": true
}
"perm": "0600"
}{% endif %}
],
"permissions": [
{

View File

@ -101,3 +101,8 @@ connection_string = elasticsearch://{{ elasticsearch_address }}:{{ elasticsearch
[oslo_concurrency]
lock_path = /var/lib/zun/tmp
{% if zun_policy_file is defined %}
[oslo_policy]
policy_file = {{ zun_policy_file }}
{% endif %}