openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/common/tasks/config.yml
James Kirsch 4d155d69cd Refactor copy certificates task 
Refactor service configuration to use the copy certificates task. This
reduces code duplication and simplifies implementing encrypting backend
HAProxy traffic for individual services.

Change-Id: I0474324b60a5f792ef5210ab336639edf7a8cd9e
2020-04-14 17:26:19 +00:00

392 lines
13 KiB
YAML
Raw Blame History

---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
with_items:
- "kolla-toolbox"
- "cron"
- "cron/logrotate"
- name: Ensuring fluentd config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
mode: "0770"
become: true
with_items:
- "fluentd"
- "fluentd/input"
- "fluentd/output"
- "fluentd/format"
- "fluentd/filter"
when: enable_fluentd | bool
- name: Ensure fluentd image is present for label check
vars:
service_name: "fluentd"
service: "{{ common_services[service_name] }}"
become: true
kolla_docker:
action: "ensure_image"
common_options: "{{ docker_common_options }}"
image: "{{ service.image }}"
when: enable_fluentd | bool
- name: Fetch fluentd image labels
vars:
service_name: "fluentd"
service: "{{ common_services[service_name] }}"
become: true
docker_image_info:
name: "{{ service.image }}"
register: fluentd_labels
when: enable_fluentd | bool
- name: Set fluentd facts
set_fact:
fluentd_binary: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_binary }}"
when: enable_fluentd | bool
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
when: item.value.enabled | bool
with_dict: "{{ common_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Find custom fluentd input config files
find:
path: "{{ node_custom_config }}/fluentd/input"
pattern: "*.conf"
run_once: True
register: find_custom_fluentd_inputs
delegate_to: localhost
when:
- enable_fluentd | bool
- name: Copying over fluentd input config files
vars:
customised_input_files: "{{ find_custom_fluentd_inputs.files | map(attribute='path') | map('basename') | list }}"
template:
src: "conf/input/{{ item }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/input/{{ item }}.conf"
mode: "0660"
become: true
when:
- enable_fluentd | bool
- item ~ '.conf' not in customised_input_files
with_items:
- "00-global"
- "01-syslog"
- "02-mariadb"
- "03-rabbitmq"
- "04-openstack-wsgi"
- "05-libvirt"
- "06-zookeeper"
- "07-kafka"
- "09-monasca"
notify:
- Restart fluentd container
- name: Copying over custom fluentd input config files
template:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/fluentd/input/{{ item.path | basename }}"
mode: "0660"
when:
- enable_fluentd | bool
with_items: "{{ find_custom_fluentd_inputs.files }}"
notify:
- Restart fluentd container
- name: Determine whether logs should be forwarded directly to Elasticsearch
set_fact:
log_direct_to_elasticsearch: "{{ ( enable_elasticsearch | bool or
( elasticsearch_address != kolla_internal_vip_address )) and
not enable_monasca | bool }}"
- name: Find custom fluentd output config files
find:
path: "{{ node_custom_config }}/fluentd/output"
pattern: "*.conf"
run_once: True
register: find_custom_fluentd_outputs
delegate_to: localhost
when:
- enable_fluentd | bool
- name: Copying over fluentd output config files
vars:
customised_output_files: "{{ find_custom_fluentd_outputs.files | map(attribute='path') | map('basename') | list }}"
template:
src: "conf/output/{{ item.name }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/output/{{ item.name }}.conf"
mode: "0660"
become: true
when:
- enable_fluentd | bool
- item.enabled | bool
- item.name ~ '.conf' not in customised_output_files
with_items:
- name: "00-local"
enabled: true
- name: "01-es"
enabled: "{{ log_direct_to_elasticsearch }}"
- name: "02-monasca"
enabled: "{{ enable_monasca | bool }}"
notify:
- Restart fluentd container
- name: Removing stale output config files
file:
path: "{{ node_config_directory }}/fluentd/output/{{ item.name }}.conf"
state: "absent"
become: true
when:
- enable_fluentd | bool
- item.disable | bool
with_items:
- name: "02-monasca"
disable: "{{ not enable_monasca | bool }}"
- name: "01-es"
disable: "{{ not log_direct_to_elasticsearch }}"
notify:
- Restart fluentd container
- name: Copying over custom fluentd output config files
template:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/fluentd/output/{{ item.path | basename }}"
mode: "0660"
become: true
when:
- enable_fluentd | bool
with_items: "{{ find_custom_fluentd_outputs.files }}"
notify:
- Restart fluentd container
- name: Find custom fluentd format config files
find:
path: "{{ node_custom_config }}/fluentd/format"
pattern: "*.conf"
run_once: True
register: find_custom_fluentd_format
delegate_to: localhost
when:
- enable_fluentd | bool
- name: Copying over fluentd format config files
vars:
customised_format_files: "{{ find_custom_fluentd_format.files | map(attribute='path') | map('basename') | list }}"
template:
src: "conf/format/{{ item }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/format/{{ item }}.conf"
mode: "0660"
become: true
with_items:
- "apache_access"
- "wsgi_access"
when:
- enable_fluentd | bool
- item ~ '.conf' not in customised_format_files
notify:
- Restart fluentd container
- name: Copying over custom fluentd format config files
template:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/fluentd/format/{{ item.path | basename }}"
mode: "0660"
when:
- enable_fluentd | bool
with_items: "{{ find_custom_fluentd_format.files }}"
notify:
- Restart fluentd container
- name: Find custom fluentd filter config files
find:
path: "{{ node_custom_config }}/fluentd/filter"
pattern: "*.conf"
run_once: True
register: find_custom_fluentd_filters
delegate_to: localhost
when: enable_fluentd | bool
- name: Copying over fluentd filter config files
vars:
customised_filter_files: "{{ find_custom_fluentd_filters.files | map(attribute='path') | map('basename') | list }}"
fluentd_version: "{{ fluentd_labels.images.0.ContainerConfig.Labels.fluentd_version | default('0.12') }}"
template:
src: "conf/filter/{{ item.src }}.conf.j2"
dest: "{{ node_config_directory }}/fluentd/filter/{{ item.dest }}.conf"
mode: "0660"
become: true
with_items:
- src: 00-record_transformer
dest: 00-record_transformer
- src: "{{ '01-rewrite-0.14' if fluentd_version == '0.14' else '01-rewrite-0.12' }}"
dest: 01-rewrite
- src: 02-parser
dest: 02-parser
when:
- enable_fluentd | bool
- item.src ~ '.conf' not in customised_filter_files
notify:
- Restart fluentd container
- name: Copying over custom fluentd filter config files
template:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/fluentd/filter/{{ item.path | basename }}"
mode: "0660"
become: true
with_items: "{{ find_custom_fluentd_filters.files }}"
when: enable_fluentd | bool
notify:
- Restart fluentd container
- name: Copying over td-agent.conf
template:
src: "td-agent.conf.j2"
dest: "{{ node_config_directory }}/{{ item }}/td-agent.conf"
mode: "0660"
become: true
with_items:
- "fluentd"
when: enable_fluentd | bool
notify:
- Restart fluentd container
- name: Copying over cron logrotate config files
template:
src: "cron-logrotate-{{ item.name }}.conf.j2"
dest: "{{ node_config_directory }}/cron/logrotate/{{ item.name }}.conf"
mode: "0660"
become: true
when: item.enabled | bool
with_items:
- { name: "ansible", enabled: "yes" }
- { name: "aodh", enabled: "{{ enable_aodh }}" }
- { name: "barbican", enabled: "{{ enable_barbican }}" }
- { name: "blazar", enabled: "{{ enable_blazar }}" }
- { name: "ceilometer", enabled: "{{ enable_ceilometer }}" }
- { name: "chrony", enabled: "{{ enable_chrony }}" }
- { name: "cinder", enabled: "{{ enable_cinder }}" }
- { name: "cloudkitty", enabled: "{{ enable_cloudkitty }}" }
- { name: "collectd", enabled: "{{ enable_collectd }}" }
- { name: "congress", enabled: "{{ enable_congress }}" }
- { name: "cyborg", enabled: "{{ enable_cyborg }}" }
- { name: "designate", enabled: "{{ enable_designate }}" }
- { name: "elasticsearch", enabled: "{{ enable_elasticsearch }}" }
- { name: "etcd", enabled: "{{ enable_etcd }}" }
- { name: "freezer", enabled: "{{ enable_freezer }}" }
- { name: "glance", enabled: "{{ enable_glance }}" }
- { name: "global", enabled: "yes" }
- { name: "gnocchi", enabled: "{{ enable_gnocchi }}" }
- { name: "grafana", enabled: "{{ enable_grafana }}" }
- { name: "haproxy", enabled: "{{ enable_haproxy }}" }
- { name: "heat", enabled: "{{ enable_heat }}" }
- { name: "horizon", enabled: "{{ enable_horizon }}" }
- { name: "influxdb", enabled: "{{ enable_influxdb }}" }
- { name: "ironic", enabled: "{{ enable_ironic }}" }
- { name: "ironic-inspector", enabled: "{{ enable_ironic }}" }
- { name: "iscsid", enabled: "{{ enable_iscsid }}" }
- { name: "kafka", enabled: "{{ enable_kafka }}" }
- { name: "karbor", enabled: "{{ enable_karbor }}" }
- { name: "keepalived", enabled: "{{ enable_haproxy }}" }
- { name: "keystone", enabled: "{{ enable_keystone }}" }
- { name: "kibana", enabled: "{{ enable_kibana }}" }
- { name: "kuryr", enabled: "{{ enable_kuryr }}" }
- { name: "magnum", enabled: "{{ enable_magnum }}" }
- { name: "manila", enabled: "{{ enable_manila }}" }
- { name: "mariadb", enabled: "{{ enable_mariadb }}" }
- { name: "masakari", enabled: "{{ enable_masakari }}" }
- { name: "mistral", enabled: "{{ enable_mistral }}" }
- { name: "monasca", enabled: "{{ enable_monasca }}" }
- { name: "mongodb", enabled: "{{ enable_mongodb }}" }
- { name: "murano", enabled: "{{ enable_murano }}" }
- { name: "neutron", enabled: "{{ enable_neutron }}" }
- { name: "nova", enabled: "{{ enable_nova }}" }
- { name: "octavia", enabled: "{{ enable_octavia }}" }
- { name: "outward-rabbitmq", enabled: "{{ enable_outward_rabbitmq }}" }
- { name: "panko", enabled: "{{ enable_panko }}" }
- { name: "qinling", enabled: "{{ enable_qinling }}" }
- { name: "rabbitmq", enabled: "{{ enable_rabbitmq }}" }
- { name: "rally", enabled: "{{ enable_rally }}" }
- { name: "sahara", enabled: "{{ enable_sahara }}" }
- { name: "searchlight", enabled: "{{ enable_searchlight }}" }
- { name: "senlin", enabled: "{{ enable_senlin }}" }
- { name: "skydive", enabled: "{{ enable_skydive }}" }
- { name: "solum", enabled: "{{ enable_solum }}" }
- { name: "storm", enabled: "{{ enable_storm }}" }
- { name: "swift", enabled: "{{ enable_swift }}" }
- { name: "tacker", enabled: "{{ enable_tacker }}" }
- { name: "tempest", enabled: "{{ enable_tempest }}" }
- { name: "trove", enabled: "{{ enable_trove }}" }
- { name: "vitrage", enabled: "{{ enable_vitrage }}" }
- { name: "watcher", enabled: "{{ enable_watcher }}" }
- { name: "zookeeper", enabled: "{{ enable_zookeeper }}" }
- { name: "zun", enabled: "{{ enable_zun }}" }
notify:
- Restart cron container
- name: Ensure RabbitMQ Erlang cookie exists
become: true
copy:
content: "{{ rabbitmq_cluster_cookie }}"
dest: "{{ node_config_directory }}/kolla-toolbox/rabbitmq-erlang.cookie"
mode: "0660"
when: enable_rabbitmq | bool
notify:
- Restart kolla-toolbox container
- name: Ensuring config directories have correct owner and permission
become: true
file:
path: "{{ node_config_directory }}/{{ item.key }}"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
ignore_errors: "{{ ansible_check_mode }}"
when:
- item.value.enabled | bool
- item.key != "kolla-toolbox"
with_dict: "{{ common_services }}"
- name: Copy rabbitmq-env.conf to kolla toolbox
copy:
content: |
RABBITMQ_CTL_ERL_ARGS="-proto_dist inet6_tcp"
export ERL_INETRC=/etc/rabbitmq/erl_inetrc
dest: "{{ node_config_directory }}/kolla-toolbox/rabbitmq-env.conf"
mode: "0600"
become: true
when:
api_address_family == "ipv6"
- name: Copy rabbitmq erl_intr to kolla toolbox
copy:
content: |
{inet6,true}.
dest: "{{ node_config_directory }}/kolla-toolbox/erl_inetrc"
mode: "0600"
become: true
when:
api_address_family == "ipv6"
- include_tasks: check-containers.yml
when: kolla_action != "config"
View Git Blame Copy Permalink