openstack/kolla-ansible
Code Issues Proposed changes
9cae59be51
kolla-ansible/ansible/roles/keystone/tasks/config.yml
Radosław Piliszek 3411b9e420 Performance: optimize genconfig 
Config plays do not need to check containers. This avoids skipping
tasks during the genconfig action.

Ironic and Glance rolling upgrades are handled specially.

Swift and Bifrost do not use the handlers at all.

Partially-Implements: blueprint performance-improvements
Change-Id: I140bf71d62e8f0932c96270d1f08940a5ba4542a
2020-10-12 19:30:06 +02:00

246 lines
7.5 KiB
YAML
Raw Blame History

---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ keystone_services }}"
- name: Check if policies shall be overwritten
stat:
path: "{{ item }}"
delegate_to: localhost
run_once: True
register: keystone_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/keystone/"
skip: true
- name: Set keystone policy file
set_fact:
keystone_policy_file: "{{ keystone_policy.results.0.stat.path | basename }}"
keystone_policy_file_path: "{{ keystone_policy.results.0.stat.path }}"
when:
- keystone_policy.results
- name: Check if Keystone domain-specific config is supplied
stat:
path: "{{ node_custom_config }}/keystone/domains"
delegate_to: localhost
run_once: True
register: keystone_domain_directory
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool or keystone_enable_tls_backend | bool
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
with_dict: "{{ keystone_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
notify:
- Restart {{ item.key }} container
- name: Copying over keystone.conf
vars:
service_name: "{{ item.key }}"
merge_configs:
sources:
- "{{ role_path }}/templates/keystone.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/keystone.conf"
- "{{ node_custom_config }}/keystone/{{ item.key }}.conf"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf"
mode: "0660"
become: true
with_dict: "{{ keystone_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.key in [ "keystone", "keystone-fernet" ]
- item.value.enabled | bool
notify:
- Restart {{ item.key }} container
- name: Copying keystone-startup script for keystone
vars:
keystone: "{{ keystone_services['keystone'] }}"
template:
src: "keystone-startup.sh.j2"
dest: "{{ node_config_directory }}/keystone/keystone-startup.sh"
mode: "0660"
become: true
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
notify:
- Restart keystone container
- name: Create Keystone domain-specific config directory
vars:
keystone: "{{ keystone_services.keystone }}"
file:
dest: "{{ node_config_directory }}/keystone/domains/"
state: "directory"
mode: "0770"
become: true
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- keystone_domain_directory.stat.exists
- name: Get file list in custom domains folder
find:
path: "{{ node_custom_config }}/keystone/domains"
recurse: no
file_type: file
delegate_to: localhost
register: keystone_domains
when: keystone_domain_directory.stat.exists
- name: Copying Keystone Domain specific settings
vars:
keystone: "{{ keystone_services.keystone }}"
template:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/keystone/domains/"
mode: "0660"
become: true
register: keystone_domains
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- keystone_domain_directory.stat.exists
with_items: "{{ keystone_domains.files|default([]) }}"
notify:
- Restart keystone container
- name: Copying over existing policy file
template:
src: "{{ keystone_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ keystone_policy_file }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.key in [ "keystone", "keystone-fernet" ]
- item.value.enabled | bool
- keystone_policy_file is defined
with_dict: "{{ keystone_services }}"
notify:
- Restart {{ item.key }} container
- name: Copying over wsgi-keystone.conf
vars:
keystone: "{{ keystone_services.keystone }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
mode: "0660"
become: true
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
with_first_found:
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
- "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
- "wsgi-keystone.conf.j2"
notify:
- Restart keystone container
- name: Checking whether keystone-paste.ini file exists
vars:
keystone: "{{ keystone_services.keystone }}"
stat:
path: "{{ node_custom_config }}/keystone/keystone-paste.ini"
delegate_to: localhost
run_once: True
register: check_keystone_paste_ini
when:
- keystone.enabled | bool
- name: Copying over keystone-paste.ini
vars:
keystone: "{{ keystone_services.keystone }}"
template:
src: "{{ node_custom_config }}/keystone/keystone-paste.ini"
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
mode: "0660"
become: true
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- check_keystone_paste_ini.stat.exists
notify:
- Restart keystone container
- name: Generate the required cron jobs for the node
command: >
{{ ansible_playbook_python }} {{ role_path }}/files/fernet_rotate_cron_generator.py
-t {{ (fernet_key_rotation_interval | int) // 60 }}
-i {{ groups['keystone'].index(inventory_hostname) }}
-n {{ (groups['keystone'] | length) }}
changed_when: false
register: cron_jobs_json
when: keystone_token_provider == 'fernet'
delegate_to: localhost
- name: Set fact with the generated cron jobs for building the crontab later
set_fact:
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
ignore_errors: "{{ ansible_check_mode }}"
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-fernet
vars:
keystone_fernet: "{{ keystone_services['keystone-fernet'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
mode: "0660"
become: true
ignore_errors: "{{ ansible_check_mode }}"
with_items:
- { src: "crontab.j2", dest: "crontab" }
- { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
- { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
- { src: "fernet-push.sh.j2", dest: "fernet-push.sh" }
- { src: "id_rsa", dest: "id_rsa" }
- { src: "ssh_config.j2", dest: "ssh_config" }
when:
- inventory_hostname in groups[keystone_fernet.group]
- keystone_fernet.enabled | bool
notify:
- Restart keystone-fernet container
- name: Copying files for keystone-ssh
vars:
keystone_ssh: "{{ keystone_services['keystone-ssh'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
mode: "0660"
become: true
with_items:
- { src: "sshd_config.j2", dest: "sshd_config" }
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
when:
- inventory_hostname in groups[keystone_ssh.group]
- keystone_ssh.enabled | bool
notify:
- Restart keystone-ssh container
View Git Blame Copy Permalink