diff --git a/ansible/roles/heat/handlers/main.yml b/ansible/roles/heat/handlers/main.yml index d336500182..aea3a22d2e 100644 --- a/ansible/roles/heat/handlers/main.yml +++ b/ansible/roles/heat/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ heat_services[service_name] }}" config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" heat_api_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or heat_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or heat_api_container.changed | bool - name: Restart heat-api-cfn container @@ -28,7 +28,7 @@ service: "{{ heat_services[service_name] }}" config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" heat_api_cfn_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,7 +42,7 @@ - service.enabled | bool - config_json.changed | bool or heat_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or heat_api_cfn_container.changed | bool - name: Restart heat-engine container @@ -51,7 +51,7 @@ service: "{{ heat_services[service_name] }}" config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" heat_engine_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -65,5 +65,5 @@ - service.enabled | bool - config_json.changed | bool or heat_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or heat_engine_container.changed | bool diff --git a/ansible/roles/heat/tasks/config.yml b/ansible/roles/heat/tasks/config.yml index 03ab85b948..5a49edf9d8 100644 --- a/ansible/roles/heat/tasks/config.yml +++ b/ansible/roles/heat/tasks/config.yml @@ -13,6 +13,23 @@ - item.value.enabled | bool with_dict: "{{ heat_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: heat_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/heat/" + skip: true + +- name: Set heat policy file + set_fact: + heat_policy_file: "{{ heat_policy.results.0.stat.path | basename }}" + heat_policy_file_path: "{{ heat_policy.results.0.stat.path }}" + when: + - heat_policy.results + - name: Copying over config.json files for services become: true template: @@ -61,20 +78,15 @@ - Restart heat-api-cfn container - Restart heat-engine container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/heat/policy.json" - run_once: True - register: heat_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file become: true template: - src: "{{ node_custom_config }}/heat/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" + src: "{{ heat_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ heat_policy_file }}" mode: "0660" - register: heat_policy_jsons + register: heat_policy_overwriting when: - - heat_policy.stat.exists + - heat_policy_file is defined - inventory_hostname in groups[item.value.group] with_dict: "{{ heat_services }}" notify: diff --git a/ansible/roles/heat/templates/heat-api-cfn.json.j2 b/ansible/roles/heat/templates/heat-api-cfn.json.j2 index 40d7987c94..4077ab4cd2 100644 --- a/ansible/roles/heat/templates/heat-api-cfn.json.j2 +++ b/ansible/roles/heat/templates/heat-api-cfn.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/heat/heat.conf", "owner": "heat", "perm": "0600" - }, + }{% if heat_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/heat/policy.json", + "source": "{{ container_config_directory }}/{{ heat_policy_file }}", + "dest": "/etc/heat/{{ heat_policy_file }}", "owner": "heat", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/heat/templates/heat-api.json.j2 b/ansible/roles/heat/templates/heat-api.json.j2 index bc11a53e01..00a7ac2da2 100644 --- a/ansible/roles/heat/templates/heat-api.json.j2 +++ b/ansible/roles/heat/templates/heat-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/heat/heat.conf", "owner": "heat", "perm": "0600" - }, + }{% if heat_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/heat/policy.json", + "source": "{{ container_config_directory }}/{{ heat_policy_file }}", + "dest": "/etc/heat/{{ heat_policy_file }}", "owner": "heat", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/heat/templates/heat-engine.json.j2 b/ansible/roles/heat/templates/heat-engine.json.j2 index c9bda6aaf7..e2bdb27738 100644 --- a/ansible/roles/heat/templates/heat-engine.json.j2 +++ b/ansible/roles/heat/templates/heat-engine.json.j2 @@ -12,14 +12,13 @@ "dest": "/etc/heat/environment.d/_deprecated.yaml", "owner": "heat", "perm": "0600" - }, + }{% if heat_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/heat/policy.json", + "source": "{{ container_config_directory }}/{{ heat_policy_file }}", + "dest": "/etc/heat/{{ heat_policy_file }}", "owner": "heat", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2 index 317bee5ff0..106d24ea47 100644 --- a/ansible/roles/heat/templates/heat.conf.j2 +++ b/ansible/roles/heat/templates/heat.conf.j2 @@ -84,6 +84,11 @@ topics = 'notifications' driver = noop {% endif %} +{% if heat_policy_file is defined %} +[oslo_policy] +policy_file = {{ heat_policy_file }} +{% endif %} + [clients] endpoint_type = internalURL diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml index e93a9f7774..9a76968de1 100644 --- a/ansible/roles/ironic/tasks/config.yml +++ b/ansible/roles/ironic/tasks/config.yml @@ -11,6 +11,23 @@ - "ironic-pxe" - "ironic-dnsmasq" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: ironic_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/ironic/" + skip: true + +- name: Set ironic policy file + set_fact: + ironic_policy_file: "{{ ironic_policy.results.0.stat.path | basename }}" + ironic_policy_file_path: "{{ ironic_policy.results.0.stat.path }}" + when: + - ironic_policy.results + - name: Copying over config.json files for services template: src: "{{ item }}.json.j2" @@ -99,19 +116,14 @@ - inventory_hostname in groups['ironic-pxe'] - not enable_ironic_pxe_uefi -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/ironic/policy.json" - run_once: True - register: ironic_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/ironic/policy.json" - dest: "{{ node_config_directory }}/{{ item }}/policy.json" + src: "{{ ironic_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item }}/{{ ironic_policy_file }}" with_items: - "ironic-api" - "ironic-conductor" - "ironic-inspector" - "ironic-pxe" when: - ironic_policy.stat.exists + ironic_policy_file is defined diff --git a/ansible/roles/ironic/templates/ironic-api.json.j2 b/ansible/roles/ironic/templates/ironic-api.json.j2 index ff0917118f..075b0d04ee 100644 --- a/ansible/roles/ironic/templates/ironic-api.json.j2 +++ b/ansible/roles/ironic/templates/ironic-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/ironic/ironic.conf", "owner": "ironic", "perm": "0600" - }, + }{% if ironic_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/ironic/policy.json", + "source": "{{ container_config_directory }}/{{ ironic_policy_file }}", + "dest": "/etc/ironic/{{ ironic_policy_file }}", "owner": "ironic", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/ironic/templates/ironic-conductor.json.j2 b/ansible/roles/ironic/templates/ironic-conductor.json.j2 index 969b1f7496..94dfe227a5 100644 --- a/ansible/roles/ironic/templates/ironic-conductor.json.j2 +++ b/ansible/roles/ironic/templates/ironic-conductor.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/ironic/ironic.conf", "owner": "ironic", "perm": "0600" - }, + }{% if ironic_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/ironic/policy.json", + "source": "{{ container_config_directory }}/{{ ironic_policy_file }}", + "dest": "/etc/ironic/{{ ironic_policy_file }}", "owner": "ironic", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 index 65353b8dc6..2357d452c1 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2 @@ -29,6 +29,11 @@ memcache_security_strategy = ENCRYPT memcache_secret_key = {{ memcache_secret_key }} memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %} +{% if ironic_policy_file is defined %} +[oslo_policy] +policy_file = {{ ironic_policy_file }} +{% endif %} + [firewall] dnsmasq_interface = {{ ironic_dnsmasq_interface }} diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2 index f5550a6d5f..d82d506d3d 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.json.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2 @@ -6,13 +6,12 @@ "dest": "/etc/ironic-inspector/inspector.conf", "owner": "ironic-inspector", "perm": "0600" - }, + }{% if ironic_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/ironic-inspector/policy.json", - "owner": "ironic-inspector", - "perm": "0600", - "optional": true - } + "source": "{{ container_config_directory }}/{{ ironic_policy_file }}", + "dest": "/etc/ironic/{{ ironic_policy_file }}", + "owner": "ironic", + "perm": "0600" + }{% endif %} ] } diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2 index ff6a5bc58a..6c58f97e34 100644 --- a/ansible/roles/ironic/templates/ironic.conf.j2 +++ b/ansible/roles/ironic/templates/ironic.conf.j2 @@ -20,6 +20,11 @@ transport_url = {{ rpc_transport_url }} [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} +{% if ironic_policy_file is defined %} +[oslo_policy] +policy_file = {{ ironic_policy_file }} +{% endif %} + {% if service_name == 'ironic-api' %} [api] host_ip = {{ api_interface_address }} diff --git a/ansible/roles/magnum/handlers/main.yml b/ansible/roles/magnum/handlers/main.yml index 301f1346b0..bc6ab30474 100644 --- a/ansible/roles/magnum/handlers/main.yml +++ b/ansible/roles/magnum/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ magnum_services[service_name] }}" config_json: "{{ magnum_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" magnum_conf: "{{ magnum_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ magnum_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ magnum_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" magnum_api_container: "{{ check_magnum_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -20,7 +20,7 @@ - service.enabled | bool - config_json.changed | bool or magnum_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or magnum_api_container.changed | bool - name: Restart magnum-conductor container @@ -29,7 +29,7 @@ service: "{{ magnum_services[service_name] }}" config_json: "{{ magnum_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" magnum_conf: "{{ magnum_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ magnum_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ magnum_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" magnum_conductor_container: "{{ check_magnum_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -44,5 +44,5 @@ - service.enabled | bool - config_json.changed | bool or magnum_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or magnum_conductor_container.changed | bool diff --git a/ansible/roles/magnum/tasks/config.yml b/ansible/roles/magnum/tasks/config.yml index 400caf4808..0d8468eed8 100644 --- a/ansible/roles/magnum/tasks/config.yml +++ b/ansible/roles/magnum/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ magnum_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: magnum_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/magnum/" + skip: true + +- name: Set magnum policy file + set_fact: + magnum_policy_file: "{{ magnum_policy.results.0.stat.path | basename }}" + magnum_policy_file_path: "{{ magnum_policy.results.0.stat.path }}" + when: + - magnum_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -42,18 +59,13 @@ - Restart magnum-api container - Restart magnum-conductor container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/magnum/policy.json" - run_once: True - register: magnum_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/magnum/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: magnum_policy_jsons + src: "{{ magnum_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ magnum_policy_file }}" + register: magnum_policy_overwriting when: - - magnum_policy.stat.exists + - magnum_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ magnum_services }}" diff --git a/ansible/roles/magnum/templates/magnum-api.json.j2 b/ansible/roles/magnum/templates/magnum-api.json.j2 index e191b862f1..9737ad8072 100644 --- a/ansible/roles/magnum/templates/magnum-api.json.j2 +++ b/ansible/roles/magnum/templates/magnum-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/magnum/magnum.conf", "owner": "magnum", "perm": "0600" - }, + }{% if magnum_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/magnum/policy.json", + "source": "{{ container_config_directory }}/{{ magnum_policy_file }}", + "dest": "/etc/magnum/{{ magnum_policy_file }}", "owner": "magnum", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/magnum/templates/magnum-conductor.json.j2 b/ansible/roles/magnum/templates/magnum-conductor.json.j2 index ecf1d74c0a..f77b1609d1 100644 --- a/ansible/roles/magnum/templates/magnum-conductor.json.j2 +++ b/ansible/roles/magnum/templates/magnum-conductor.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/magnum/magnum.conf", "owner": "magnum", "perm": "0600" - }, + }{% if magnum_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/magnum/policy.json", + "source": "{{ container_config_directory }}/{{ magnum_policy_file }}", + "dest": "/etc/magnum/{{ magnum_policy_file }}", "owner": "magnum", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 22b8c2d8e2..f72df54d58 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -93,6 +93,11 @@ topics = 'notifications' driver = noop {% endif %} +{% if magnum_policy_file is defined %} +[oslo_policy] +policy_file = {{ magnum_policy_file }} +{% endif %} + {% if enable_osprofiler | bool %} [profiler] enabled = true diff --git a/ansible/roles/manila/handlers/main.yml b/ansible/roles/manila/handlers/main.yml index 85ced457ea..a1638eab87 100644 --- a/ansible/roles/manila/handlers/main.yml +++ b/ansible/roles/manila/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ manila_services[service_name] }}" config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" manila_api_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or manila_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or manila_api_container.changed | bool - name: Restart manila-data container @@ -28,7 +28,7 @@ service: "{{ manila_services[service_name] }}" config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" manila_data_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -43,7 +43,7 @@ - service.enabled | bool - config_json.changed | bool or manila_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or manila_data_container.changed | bool - name: Restart manila-scheduler container @@ -52,7 +52,7 @@ service: "{{ manila_services[service_name] }}" config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" manila_scheduler_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -66,7 +66,7 @@ - service.enabled | bool - config_json.changed | bool or manila_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or manila_scheduler_container.changed | bool - name: Restart manila-share container @@ -74,7 +74,7 @@ service_name: "manila-share" service: "{{ manila_services[service_name] }}" config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" manila_share_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -89,5 +89,5 @@ - service.enabled | bool - config_json.changed | bool or manila_conf_share.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or manila_share_container.changed | bool diff --git a/ansible/roles/manila/tasks/config.yml b/ansible/roles/manila/tasks/config.yml index c280347bb3..2a9496608e 100644 --- a/ansible/roles/manila/tasks/config.yml +++ b/ansible/roles/manila/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ manila_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: manila_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/manila/" + skip: true + +- name: Set manila policy file + set_fact: + manila_policy_file: "{{ manila_policy.results.0.stat.path | basename }}" + manila_policy_file_path: "{{ manila_policy.results.0.stat.path }}" + when: + - manila_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -66,18 +83,13 @@ notify: - Restart manila-share container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/manila/policy.json" - run_once: True - register: manila_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/manila/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: policy_jsons + src: "{{ manila_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ manila_policy_file }}" + register: manila_policy_overwriting when: - - manila_policy.stat.exists + - manila_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ manila_services }}" diff --git a/ansible/roles/manila/templates/manila-api.json.j2 b/ansible/roles/manila/templates/manila-api.json.j2 index 9155783078..e1d6c8af8b 100644 --- a/ansible/roles/manila/templates/manila-api.json.j2 +++ b/ansible/roles/manila/templates/manila-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" - }, + }{% if manila_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/manila/policy.json", + "source": "{{ container_config_directory }}/{{ manila_policy_file }}", + "dest": "/etc/manila/{{ manila_policy_file }}", "owner": "manila", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/manila/templates/manila-data.json.j2 b/ansible/roles/manila/templates/manila-data.json.j2 index 715f7dc0e4..7c1f82316c 100644 --- a/ansible/roles/manila/templates/manila-data.json.j2 +++ b/ansible/roles/manila/templates/manila-data.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" - }, + }{% if manila_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/manila/policy.json", + "source": "{{ container_config_directory }}/{{ manila_policy_file }}", + "dest": "/etc/manila/{{ manila_policy_file }}", "owner": "manila", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/manila/templates/manila-scheduler.json.j2 b/ansible/roles/manila/templates/manila-scheduler.json.j2 index d814133885..2d6987af64 100644 --- a/ansible/roles/manila/templates/manila-scheduler.json.j2 +++ b/ansible/roles/manila/templates/manila-scheduler.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/manila/manila.conf", "owner": "manila", "perm": "0600" - }, + }{% if manila_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/manila/policy.json", + "source": "{{ container_config_directory }}/{{ manila_policy_file }}", + "dest": "/etc/manila/{{ manila_policy_file }}", "owner": "manila", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2 index 9bb751d2da..9899b09806 100644 --- a/ansible/roles/manila/templates/manila-share.conf.j2 +++ b/ansible/roles/manila/templates/manila-share.conf.j2 @@ -72,6 +72,11 @@ service_image_name = manila-service-image share_backend_name = GENERIC {% endif %} +{% if manila_policy_file is defined %} +[oslo_policy] +policy_file = {{ manila_policy_file }} +{% endif %} + {% if enable_manila_backend_hnas | bool %} [hnas1] share_backend_name = HNAS1 diff --git a/ansible/roles/manila/templates/manila-share.json.j2 b/ansible/roles/manila/templates/manila-share.json.j2 index 3484b6f16a..00e7db8348 100644 --- a/ansible/roles/manila/templates/manila-share.json.j2 +++ b/ansible/roles/manila/templates/manila-share.json.j2 @@ -12,14 +12,13 @@ "dest": "/etc/ceph/", "owner": "manila", "perm": "0600" - }{% endif %}, + }{% endif %}{% if manila_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/manila/policy.json", + "source": "{{ container_config_directory }}/{{ manila_policy_file }}", + "dest": "/etc/manila/{{ manila_policy_file }}", "owner": "manila", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2 index 0bc17ee5ac..7aace90134 100644 --- a/ansible/roles/manila/templates/manila.conf.j2 +++ b/ansible/roles/manila/templates/manila.conf.j2 @@ -44,3 +44,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} + +{% if manila_policy_file is defined %} +[oslo_policy] +policy_file = {{ manila_policy_file }} +{% endif %} diff --git a/ansible/roles/mistral/handlers/main.yml b/ansible/roles/mistral/handlers/main.yml index b7d68951b6..dfbbd05734 100644 --- a/ansible/roles/mistral/handlers/main.yml +++ b/ansible/roles/mistral/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ mistral_services[service_name] }}" config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" mistral_api_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or mistral_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or mistral_api_container.changed | bool - name: Restart mistral-engine container @@ -28,7 +28,7 @@ service: "{{ mistral_services[service_name] }}" config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" mistral_engine_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,7 +42,7 @@ - service.enabled | bool - config_json.changed | bool or mistral_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or mistral_engine_container.changed | bool - name: Restart mistral-executor container @@ -51,7 +51,7 @@ service: "{{ mistral_services[service_name] }}" config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" mistral_executor_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -65,5 +65,5 @@ - service.enabled | bool - config_json.changed | bool or mistral_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or mistral_executor_container.changed | bool diff --git a/ansible/roles/mistral/tasks/config.yml b/ansible/roles/mistral/tasks/config.yml index cdbd12ecea..ef063c4967 100644 --- a/ansible/roles/mistral/tasks/config.yml +++ b/ansible/roles/mistral/tasks/config.yml @@ -7,6 +7,23 @@ when: inventory_hostname in groups[item.value.group] with_dict: "{{ mistral_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: mistral_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/mistral/" + skip: true + +- name: Set mistral policy file + set_fact: + mistral_policy_file: "{{ mistral_policy.results.0.stat.path | basename }}" + mistral_policy_file_path: "{{ mistral_policy.results.0.stat.path }}" + when: + - mistral_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -38,18 +55,15 @@ notify: - Restart {{ item.key }} container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/mistral/policy.json" - run_once: True - register: mistral_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/mistral/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: mistral_policy_jsons + src: "{{ mistral_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ mistral_policy_file }}" + mode: "0660" + become: true + register: mistral_policy_overwriting when: - - mistral_policy.stat.exists + - mistral_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ mistral_services }}" diff --git a/ansible/roles/mistral/templates/mistral-api.json.j2 b/ansible/roles/mistral/templates/mistral-api.json.j2 index aa565a0fba..34f2406d5d 100644 --- a/ansible/roles/mistral/templates/mistral-api.json.j2 +++ b/ansible/roles/mistral/templates/mistral-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/mistral/mistral.conf", "owner": "mistral", "perm": "0600" - }, + }{% if mistral_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/mistral/policy.json", + "source": "{{ container_config_directory }}/{{ mistral_policy_file }}", + "dest": "/etc/mistral/{{ mistral_policy_file }}", "owner": "mistral", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/mistral/templates/mistral-engine.json.j2 b/ansible/roles/mistral/templates/mistral-engine.json.j2 index 3393d275b1..358b8e15e0 100644 --- a/ansible/roles/mistral/templates/mistral-engine.json.j2 +++ b/ansible/roles/mistral/templates/mistral-engine.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/mistral/mistral.conf", "owner": "mistral", "perm": "0600" - }, + }{% if mistral_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/mistral/policy.json", + "source": "{{ container_config_directory }}/{{ mistral_policy_file }}", + "dest": "/etc/mistral/{{ mistral_policy_file }}", "owner": "mistral", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/mistral/templates/mistral-executor.json.j2 b/ansible/roles/mistral/templates/mistral-executor.json.j2 index 8a1f438e49..53c792ed32 100644 --- a/ansible/roles/mistral/templates/mistral-executor.json.j2 +++ b/ansible/roles/mistral/templates/mistral-executor.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/mistral/mistral.conf", "owner": "mistral", "perm": "0600" - }, + }{% if mistral_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/mistral/policy.json", + "source": "{{ container_config_directory }}/{{ mistral_policy_file }}", + "dest": "/etc/mistral/{{ mistral_policy_file }}", "owner": "mistral", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2 index 0827e274b3..1c63111f48 100644 --- a/ansible/roles/mistral/templates/mistral.conf.j2 +++ b/ansible/roles/mistral/templates/mistral.conf.j2 @@ -57,6 +57,11 @@ default_region = {{ openstack_region_name }} transport_url = {{ notify_transport_url }} driver = noop +{% if mistral_policy_file is defined %} +[oslo_policy] +policy_file = {{ mistral_policy_file }} +{% endif %} + {% if enable_osprofiler | bool %} [profiler] enabled = true