Custom policy files

Allow operators to use their custom policy files. Avoid maintain policy files in kolla repos, only copying the files when an operator add their custom config. Implements: blueprint custom-policies Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
2016-10-27 10:36:35 +02:00 · 2016-10-27 10:36:35 +02:00 · ef1fd6b8c0
commit ef1fd6b8c0
parent 40a1176a36
26 changed files with 268 additions and 1 deletions
--- a/ansible/roles/aodh/tasks/config.yml
+++ b/ansible/roles/aodh/tasks/config.yml
@ -45,3 +45,14 @@
    dest: "{{ node_config_directory }}/{{ item }}/wsgi-aodh.conf"
  with_items:
    - "aodh-api"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/aodh/policy.json"
+  register: aodh_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/aodh/policy.json"
+    dest: "{{ node_config_directory }}/aodh/policy.json"
+  when:
+    aodh_policy.stat.exists
--- a/ansible/roles/barbican/tasks/config.yml
+++ b/ansible/roles/barbican/tasks/config.yml
@ -51,3 +51,14 @@
    - "barbican-api"
    - "barbican-keystone-listener"
    - "barbican-worker"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/barbican/policy.json"
+  register: barbican_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/barbican/policy.json"
+    dest: "{{ node_config_directory }}/barbican/policy.json"
+  when:
+    barbican_policy.stat.exists
--- a/ansible/roles/ceilometer/tasks/config.yml
+++ b/ansible/roles/ceilometer/tasks/config.yml
@ -59,3 +59,14 @@
    - "event_definitions.yaml"
    - "event_pipeline.yaml"
    - "pipeline.yaml"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/ceilometer/policy.json"
+  register: ceilometer_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/ceilometer/policy.json"
+    dest: "{{ node_config_directory }}/ceilometer/policy.json"
+  when:
+    ceilometer_policy.stat.exist
--- a/ansible/roles/cinder/tasks/config.yml
+++ b/ansible/roles/cinder/tasks/config.yml
@ -38,3 +38,14 @@
    - "cinder-backup"
    - "cinder-scheduler"
    - "cinder-volume"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/cinder/policy.json"
+  register: cinder_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/cinder/policy.json"
+    dest: "{{ node_config_directory }}/cinder/policy.json"
+  when:
+    cinder_policy.stat.exists
--- a/ansible/roles/cloudkitty/tasks/config.yml
+++ b/ansible/roles/cloudkitty/tasks/config.yml
@ -32,3 +32,14 @@
  with_items:
    - "cloudkitty-api"
    - "cloudkitty-processor"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json"
+  register: cloudkitty_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/cloudkitty/policy.json"
+    dest: "{{ node_config_directory }}/cloudkitty/policy.json"
+  when:
+    cloudkitty_policy.stat.exists
--- a/ansible/roles/congress/tasks/config.yml
+++ b/ansible/roles/congress/tasks/config.yml
@ -35,3 +35,14 @@
    - "congress-api"
    - "congress-policy-engine"
    - "congress-datasource"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/congress/policy.json"
+  register: congress_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/congress/policy.json"
+    dest: "{{ node_config_directory }}/congress/policy.json"
+  when:
+    congress_policy.stat.exists
--- a/ansible/roles/glance/tasks/config.yml
+++ b/ansible/roles/glance/tasks/config.yml
@ -29,3 +29,14 @@
    dest: "{{ node_config_directory }}/{{ item.service }}/{{ item.service }}.conf"
  when: inventory_hostname in groups[item.group]
  with_items: "{{ glance_service_groups }}"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/glance/policy.json"
+  register: glance_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/glance/policy.json"
+    dest: "{{ node_config_directory }}/glance/policy.json"
+  when:
+    glance_policy.stat.exists
--- a/ansible/roles/gnocchi/tasks/config.yml
+++ b/ansible/roles/gnocchi/tasks/config.yml
@ -50,3 +50,14 @@
    dest: "{{ node_config_directory }}/{{ item }}/wsgi-gnocchi.conf"
  with_items:
    - "gnocchi-api"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/gnocchi/policy.json"
+  register: gnocchi_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/gnocchi/policy.json"
+    dest: "{{ node_config_directory }}/gnocchi/policy.json"
+  when:
+    gnocchi_policy.stat.exists
--- a/ansible/roles/heat/tasks/config.yml
+++ b/ansible/roles/heat/tasks/config.yml
@ -42,3 +42,14 @@
    - "heat-api"
    - "heat-api-cfn"
    - "heat-engine"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/heat/policy.json"
+  register: heat_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/heat/policy.json"
+    dest: "{{ node_config_directory }}/heat/policy.json"
+  when:
+    heat_policy.stat.exists
--- a/ansible/roles/ironic/tasks/config.yml
+++ b/ansible/roles/ironic/tasks/config.yml
@ -37,3 +37,14 @@
    - "ironic-api"
    - "ironic-conductor"
    - "ironic-inspector"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/ironic/policy.json"
+  register: ironic_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/ironic/policy.json"
+    dest: "{{ node_config_directory }}/ironic/policy.json"
+  when:
+    ironic_policy.stat.exists
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@ -1,5 +1,5 @@
 ---
- name: Check if Policies shall be overwritten
+- name: Check if policies shall be overwritten
  local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
  register: keystone_policy

--- a/ansible/roles/kuryr/tasks/config.yml
+++ b/ansible/roles/kuryr/tasks/config.yml
@ -23,3 +23,14 @@
  template:
    src: "kuryr.spec.j2"
    dest: "{{ node_config_directory }}/kuryr/kuryr.spec"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/kuryr/policy.json"
+  register: kuryr_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/kuryr/policy.json"
+    dest: "{{ node_config_directory }}/kuryr/policy.json"
+  when:
+    kuryr_policy.stat.exists
--- a/ansible/roles/magnum/tasks/config.yml
+++ b/ansible/roles/magnum/tasks/config.yml
@ -32,3 +32,14 @@
  with_items:
    - "magnum-api"
    - "magnum-conductor"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/magnum/policy.json"
+  register: magnum_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/magnum/policy.json"
+    dest: "{{ node_config_directory }}/magnum/policy.json"
+  when:
+    magnum_policy.stat.exists
--- a/ansible/roles/manila/tasks/config.yml
+++ b/ansible/roles/manila/tasks/config.yml
@ -52,3 +52,14 @@
    dest: "{{ node_config_directory }}/{{ item }}/manila.conf"
  with_items:
    - "manila-share"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/manila/policy.json"
+  register: manila_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/manila/policy.json"
+    dest: "{{ node_config_directory }}/manila/policy.json"
+  when:
+    manila_policy.stat.exists
--- a/ansible/roles/mistral/tasks/config.yml
+++ b/ansible/roles/mistral/tasks/config.yml
@ -35,3 +35,14 @@
    - "mistral-api"
    - "mistral-engine"
    - "mistral-executor"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/mistral/policy.json"
+  register: mistral_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/mistral/policy.json"
+    dest: "{{ node_config_directory }}/mistral/policy.json"
+  when:
+    mistral_policy.stat.exists
--- a/ansible/roles/murano/tasks/config.yml
+++ b/ansible/roles/murano/tasks/config.yml
@ -32,3 +32,14 @@
  with_items:
    - "murano-api"
    - "murano-engine"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/murano/policy.json"
+  register: murano_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/murano/policy.json"
+    dest: "{{ node_config_directory }}/murano/policy.json"
+  when:
+    murano_policy.stat.exists
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@ -183,3 +183,14 @@
    dest: "{{ node_config_directory }}/{{ item }}/vpnaas_agent.ini"
  with_items:
    - "neutron-vpnaas-agent"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/neutron/policy.json"
+  register: neutron_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/neutron/policy.json"
+    dest: "{{ node_config_directory }}/neutron/policy.json"
+  when:
+    neutron_policy.stat.exists
--- a/ansible/roles/nova/tasks/config.yml
+++ b/ansible/roles/nova/tasks/config.yml
@ -83,3 +83,14 @@
    - { src: "id_rsa", dest: "id_rsa" }
    - { src: "id_rsa.pub", dest: "id_rsa.pub" }
    - { src: "ssh_config.j2", dest: "ssh_config" }
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/nova/policy.json"
+  register: nova_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/nova/policy.json"
+    dest: "{{ node_config_directory }}/nova/policy.json"
+  when:
+    nova_policy.stat.exists
--- a/ansible/roles/rally/tasks/config.yml
+++ b/ansible/roles/rally/tasks/config.yml
@ -24,3 +24,14 @@
    dest: "{{ node_config_directory }}/{{ item }}/rally.conf"
  with_items:
    - "rally"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/rally/policy.json"
+  register: rally_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/rally/policy.json"
+    dest: "{{ node_config_directory }}/rally/policy.json"
+  when:
+    rally_policy.stat.exists
--- a/ansible/roles/sahara/tasks/config.yml
+++ b/ansible/roles/sahara/tasks/config.yml
@ -32,3 +32,14 @@
  with_items:
    - "sahara-api"
    - "sahara-engine"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/sahara/policy.json"
+  register: sahara_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/sahara/policy.json"
+    dest: "{{ node_config_directory }}/sahara/policy.json"
+  when:
+    sahara_policy.stat.exists
--- a/ansible/roles/searchlight/tasks/config.yml
+++ b/ansible/roles/searchlight/tasks/config.yml
@ -30,3 +30,14 @@
  with_items:
    - "searchlight-api"
    - "searchlight-listener"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/searchlight/policy.json"
+  register: searchlight_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/searchlight/policy.json"
+    dest: "{{ node_config_directory }}/searchlight/policy.json"
+  when:
+    searchlight_policy.stat.exists
--- a/ansible/roles/senlin/tasks/config.yml
+++ b/ansible/roles/senlin/tasks/config.yml
@ -32,3 +32,14 @@
  with_items:
    - "senlin-api"
    - "senlin-engine"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/senlin/policy.json"
+  register: senlin_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/senlin/policy.json"
+    dest: "{{ node_config_directory }}/senlin/policy.json"
+  when:
+    senlin_policy.stat.exists
--- a/ansible/roles/swift/tasks/config.yml
+++ b/ansible/roles/swift/tasks/config.yml
@ -152,3 +152,14 @@
    - "container.ring.gz"
    - "object.builder"
    - "object.ring.gz"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/swift/policy.json"
+  register: swift_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/swift/policy.json"
+    dest: "{{ node_config_directory }}/swift/policy.json"
+  when:
+    swift_policy.stat.exists
--- a/ansible/roles/tempest/tasks/config.yml
+++ b/ansible/roles/tempest/tasks/config.yml
@ -24,3 +24,14 @@
    dest: "{{ node_config_directory }}/{{ item }}/tempest.conf"
  with_items:
    - "tempest"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/tempest/policy.json"
+  register: tempest_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/tempest/policy.json"
+    dest: "{{ node_config_directory }}/tempest/policy.json"
+  when:
+    tempest_policy.stat.exists
--- a/ansible/roles/watcher/tasks/config.yml
+++ b/ansible/roles/watcher/tasks/config.yml
@ -35,3 +35,14 @@
    - "watcher-api"
    - "watcher-engine"
    - "watcher-applier"
+
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ node_custom_config }}/watcher/policy.json"
+  register: watcher_policy
+
+- name: Copying over existing policy.json
+  template:
+    src: "{{ node_custom_config }}/watcher/policy.json"
+    dest: "{{ node_config_directory }}/watcher/policy.json"
+  when:
+    watcher_policy.stat.exists
--- a/releasenotes/notes/custom-policies-5a9bb2b59d19b484.yaml
+++ b/releasenotes/notes/custom-policies-5a9bb2b59d19b484.yaml
@ -0,0 +1,3 @@
+---
+features:
+  - Allow customisation of policy.json files per service.