openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/keystone/tasks/config.yml
Bertrand Lallau a3dfdfc085 Simplify Openstack services configuration possibilities 
Actually Openstack services configuration can be overriden using many
files:
- /etc/kolla/config/<< service name >>/<< config file >>
- /etc/kolla/config/<< service name >>/<<host>>/<< config file >>
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf

Only per-service configuration is actually documented here:
https://github.com/openstack/kolla-ansible/blob/master/doc/advanced-configuration.rst#L164

Allowing to globally modify service configuration can be perform too,
but it can be done in 3 different manners, all not documented:
- /etc/kolla/config/global.conf
- /etc/kolla/config/database.conf
- /etc/kolla/config/messaging.conf

database.conf and messaging.conf seems redundant with global.conf.
In order to simplify codebase it seems logical to remove them.

Documentation has been added for overriding configuration globally and
release note has been added too.

Closes-Bug: #1682479
Change-Id: I5d922dfc0d938173bad34ac64e490b78db1b7e31
2017-09-13 17:47:36 +02:00

204 lines
6.8 KiB
YAML
Raw Blame History

---
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
run_once: True
register: keystone_policy
- name: Check if Keystone Domain specific settings enabled
local_action: stat path="{{ node_custom_config }}/keystone/domains"
run_once: True
register: keystone_domain_directory
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
recurse: yes
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ keystone_services }}"
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
register: keystone_config_jsons
with_dict: "{{ keystone_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
notify:
- Restart keystone container
- Restart keystone-ssh container
- Restart keystone-fernet container
- name: Copying over keystone.conf
vars:
service_name: "{{ item.key }}"
merge_configs:
sources:
- "{{ role_path }}/templates/keystone.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/keystone.conf"
- "{{ node_custom_config }}/keystone/{{ item.key }}.conf"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf"
register: keystone_confs
with_dict: "{{ keystone_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.key in [ "keystone", "keystone-fernet" ]
- item.value.enabled | bool
notify:
- Restart keystone container
- Restart keystone-fernet container
- name: Creating Keystone Domain directory
vars:
keystone: "{{ keystone_services.keystone }}"
file:
dest: "{{ node_config_directory }}/keystone/domains/"
state: "directory"
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- keystone_domain_directory.stat.exists
- name: Get file list in custom domains folder
local_action: find path="{{ node_custom_config }}/keystone/domains" recurse=no file_type=file
register: keystone_domains
when: keystone_domain_directory.stat.exists
- name: Copying Keystone Domain specific settings
vars:
keystone: "{{ keystone_services.keystone }}"
template:
src: "{{ item.path }}"
dest: "{{ node_config_directory }}/keystone/domains/"
register: keystone_domains
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- keystone_domain_directory.stat.exists
with_items: "{{ keystone_domains.files|default([]) }}"
notify:
- Restart keystone container
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/keystone/policy.json"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
register: keystone_policy_jsons
when:
- inventory_hostname in groups[item.value.group]
- item.key in [ "keystone", "keystone-fernet" ]
- item.value.enabled | bool
- keystone_policy.stat.exists
with_dict: "{{ keystone_services }}"
notify:
- Restart keystone container
- Restart keystone-fernet container
- name: Copying over wsgi-keystone.conf
vars:
keystone: "{{ keystone_services.keystone }}"
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
register: keystone_wsgi
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
with_first_found:
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
- "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
- "wsgi-keystone.conf.j2"
notify:
- Restart keystone container
- name: Checking whether keystone-paste.ini file exists
vars:
keystone: "{{ keystone_services.keystone }}"
local_action: stat path="{{ node_custom_config }}/keystone/keystone-paste.ini"
run_once: True
register: check_keystone_paste_ini
when:
- keystone.enabled | bool
- name: Copying over keystone-paste.ini
vars:
keystone: "{{ keystone_services.keystone }}"
template:
src: "{{ node_custom_config }}/keystone/keystone-paste.ini"
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
register: keystone_paste_ini
when:
- inventory_hostname in groups[keystone.group]
- keystone.enabled | bool
- check_keystone_paste_ini.stat.exists
notify:
- Restart keystone container
- name: Generate the required cron jobs for the node
local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}"
register: cron_jobs_json
when: keystone_token_provider == 'fernet'
- name: Save the returned from cron jobs for building the crontab
set_fact:
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-fernet
vars:
keystone_fernet: "{{ keystone_services['keystone-fernet'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
register: keystone_fernet_confs
with_items:
- { src: "crontab.j2", dest: "crontab" }
- { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
- { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
- { src: "id_rsa", dest: "id_rsa" }
- { src: "ssh_config.j2", dest: "ssh_config" }
when:
- inventory_hostname in groups[keystone_fernet.group]
- keystone_fernet.enabled | bool
notify:
- Restart keystone-fernet container
- name: Copying files for keystone-ssh
vars:
keystone_ssh: "{{ keystone_services['keystone-ssh'] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
register: keystone_ssh_confs
with_items:
- { src: "sshd_config.j2", dest: "sshd_config" }
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
when:
- inventory_hostname in groups[keystone_ssh.group]
- keystone_ssh.enabled | bool
notify:
- Restart keystone-ssh container
- name: Check keystone containers
kolla_docker:
action: "compare_container"
name: "{{ item.value.container_name }}"
image: "{{ item.value.image }}"
volumes: "{{ item.value.volumes|reject('equalto', '')|list }}"
when:
- action != "config"
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
register: check_keystone_containers
with_dict: "{{ keystone_services }}"
notify:
- Restart keystone container
- Restart keystone-ssh container
- Restart keystone-fernet container
View Git Blame Copy Permalink