ef1fd6b8c0
Allow operators to use their custom policy files. Avoid maintain policy files in kolla repos, only copying the files when an operator add their custom config. Implements: blueprint custom-policies Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
97 lines
2.8 KiB
YAML
97 lines
2.8 KiB
YAML
---
|
|
- name: Setting sysctl values
|
|
sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes
|
|
with_items:
|
|
- { name: "net.bridge.bridge-nf-call-iptables", value: 1}
|
|
- { name: "net.bridge.bridge-nf-call-ip6tables", value: 1}
|
|
- { name: "net.ipv4.conf.all.rp_filter", value: 0}
|
|
- { name: "net.ipv4.conf.default.rp_filter", value: 0}
|
|
when:
|
|
- set_sysctl | bool
|
|
- inventory_hostname in groups['compute']
|
|
|
|
- name: Ensuring config directories exist
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item }}"
|
|
state: "directory"
|
|
recurse: yes
|
|
with_items:
|
|
- "nova-api"
|
|
- "nova-compute"
|
|
- "nova-compute-ironic"
|
|
- "nova-conductor"
|
|
- "nova-consoleauth"
|
|
- "nova-libvirt"
|
|
- "nova-novncproxy"
|
|
- "nova-scheduler"
|
|
- "nova-spicehtml5proxy"
|
|
- "nova-ssh"
|
|
|
|
- name: Copying over config.json files for services
|
|
template:
|
|
src: "{{ item }}.json.j2"
|
|
dest: "{{ node_config_directory }}/{{ item }}/config.json"
|
|
with_items:
|
|
- "nova-api"
|
|
- "nova-compute"
|
|
- "nova-compute-ironic"
|
|
- "nova-conductor"
|
|
- "nova-consoleauth"
|
|
- "nova-libvirt"
|
|
- "nova-novncproxy"
|
|
- "nova-scheduler"
|
|
- "nova-spicehtml5proxy"
|
|
- "nova-ssh"
|
|
|
|
- name: Copying over nova.conf
|
|
merge_configs:
|
|
vars:
|
|
service_name: "{{ item }}"
|
|
sources:
|
|
- "{{ role_path }}/templates/nova.conf.j2"
|
|
- "{{ node_custom_config }}/global.conf"
|
|
- "{{ node_custom_config }}/database.conf"
|
|
- "{{ node_custom_config }}/messaging.conf"
|
|
- "{{ node_custom_config }}/nova.conf"
|
|
- "{{ node_custom_config }}/nova/{{ item }}.conf"
|
|
- "{{ node_custom_config }}/nova/{{ inventory_hostname }}/nova.conf"
|
|
dest: "{{ node_config_directory }}/{{ item }}/nova.conf"
|
|
with_items:
|
|
- "nova-api"
|
|
- "nova-compute"
|
|
- "nova-compute-ironic"
|
|
- "nova-conductor"
|
|
- "nova-consoleauth"
|
|
- "nova-novncproxy"
|
|
- "nova-scheduler"
|
|
- "nova-spicehtml5proxy"
|
|
|
|
- name: Copying over libvirt configuration
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ node_config_directory }}/nova-libvirt/{{ item.dest }}"
|
|
with_items:
|
|
- { src: "qemu.conf.j2", dest: "qemu.conf" }
|
|
- { src: "libvirtd.conf.j2", dest: "libvirtd.conf" }
|
|
|
|
- name: Copying files for nova-ssh
|
|
template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ node_config_directory }}/nova-ssh/{{ item.dest }}"
|
|
with_items:
|
|
- { src: "sshd_config.j2", dest: "sshd_config" }
|
|
- { src: "id_rsa", dest: "id_rsa" }
|
|
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
|
|
- { src: "ssh_config.j2", dest: "ssh_config" }
|
|
|
|
- name: Check if policies shall be overwritten
|
|
local_action: stat path="{{ node_custom_config }}/nova/policy.json"
|
|
register: nova_policy
|
|
|
|
- name: Copying over existing policy.json
|
|
template:
|
|
src: "{{ node_custom_config }}/nova/policy.json"
|
|
dest: "{{ node_config_directory }}/nova/policy.json"
|
|
when:
|
|
nova_policy.stat.exists
|