Merge "Ensure the components are isolated from the system"

defaults/main.yml

@@ -215,6 +215,23 @@ neutron_plugins:
     plugin_ini: plugins/ml2/sriov_nic_agent.ini
     plugin_conf_ini_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}"
 
+neutron_dhcp_agent_init_overrides: {}
+neutron_openvswitch_agent_init_overrides: {}
+neutron_linuxbridge_agent_init_overrides: {}
+neutron_metadata_agent_init_overrides: {}
+neutron_metering_agent_init_overrides: {}
+neutron_l3_agent_init_overrides: {}
+neutron_lbaas_agent_init_overrides: {}
+neutron_bgp_dragent_init_overrides: {}
+neutron_vpn_agent_init_overrides: {}
+neutron_server_init_overrides: {}
+neutron_calico_felix_init_overrides: {}
+neutron_calico_dhcp_agent_init_overrides: {}
+neutron_sriov_nic_agent_init_overrides: {}
+neutron_dragonflow_controller_agent_init_overrides: {}
+neutron_dragonflow_l3_agent_init_overrides: {}
+neutron_dragonflow_pubsub_agent_init_overrides: {}
+
 neutron_services:
  neutron-dhcp-agent:
    group: neutron_dhcp_agent
@@ -226,6 +243,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dhcp_agent.ini --log-file=/var/log/neutron/neutron-dhcp-agent.log"
    config_overrides: "{{ neutron_dhcp_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_dhcp_agent_init_overrides }}"
  neutron-openvswitch-agent:
    group: neutron_openvswitch_agent
    service_name: neutron-openvswitch-agent
@@ -236,6 +254,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/openvswitch_agent.ini --log-file=/var/log/neutron/neutron-openvswitch-agent.log"
    config_overrides: "{{ neutron_openvswitch_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_openvswitch_agent_init_overrides }}"
  neutron-linuxbridge-agent:
    group: neutron_linuxbridge_agent
    service_name: neutron-linuxbridge-agent
@@ -246,6 +265,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/linuxbridge_agent.ini --log-file=/var/log/neutron/neutron-linuxbridge-agent.log"
    config_overrides: "{{ neutron_linuxbridge_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_linuxbridge_agent_init_overrides }}"
  neutron-metadata-agent:
    group: neutron_metadata_agent
    service_name: neutron-metadata-agent
@@ -255,6 +275,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metadata_agent.ini --log-file=/var/log/neutron/neutron-metadata-agent.log"
    config_overrides: "{{ neutron_metadata_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_metadata_agent_init_overrides }}"
  neutron-metering-agent:
    group: neutron_metering_agent
    service_name: neutron-metering-agent
@@ -264,6 +285,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metering_agent.ini --log-file=/var/log/neutron/neutron-metering-agent.log"
    config_overrides: "{{ neutron_metering_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_metering_agent_init_overrides }}"
    # Other agents will use neutron_plugins[neutron_plugin_type].driver_interface
    # for the interface_driver, but that uses a stevedore alias. Metering agent
    # hasn't been updated to use stevedore alises so that fails. To work around
@@ -282,6 +304,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/l3_agent.ini --log-file=/var/log/neutron/neutron-l3-agent.log"
    config_overrides: "{{ neutron_l3_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_l3_agent_init_overrides }}"
  neutron-lbaasv2-agent:
    group: neutron_lbaas_agent
    service_name: neutron-lbaasv2-agent
@@ -292,6 +315,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/lbaas_agent.ini --log-file=/var/log/neutron/neutron-lbaasv2-agent.log"
    config_overrides: "{{ neutron_lbaas_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_lbaas_agent_init_overrides }}"
  neutron-bgp-dragent:
    group: neutron_bgp_dragent
    service_name: neutron-bgp-dragent
@@ -301,6 +325,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/bgp_dragent.ini --log-file=/var/log/neutron/neutron-bgp-dragent.log"
    config_overrides: "{{ neutron_bgp_dragent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_bgp_dragent_init_overrides }}"
  neutron-vpnaas-agent:
    group: neutron_l3_agent
    service_name: neutron-vpn-agent
@@ -311,13 +336,17 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/vpnaas_agent.ini --log-file=/var/log/neutron/neutron-vpn-agent.log"
    config_overrides: "{{ neutron_vpnaas_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_vpn_agent_init_overrides }}"
  neutron-server:
    group: neutron_server
    service_name: neutron-server
    service_en: True
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }} --log-file=/var/log/neutron/neutron-server.log {% if neutron_plugin_type == 'ml2.dragonflow' %}--config-file {{ neutron_conf_dir }}/dragonflow.ini{% endif %}"
+   init_config_overrides: "{{ neutron_server_init_overrides }}"
  calico-felix:
    group: neutron_calico_dhcp_agent
+   system_user: root
+   system_group: root
    service_name: calico-felix
    service_en: "{{ neutron_plugin_type == 'ml2.calico' }}"
    service_conf_path: /etc/calico
@@ -325,14 +354,18 @@ neutron_services:
    config_options: --config-file /etc/calico/felix.cfg
    config_overrides: "{{ neutron_calico_felix_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_calico_felix_init_overrides }}"
  calico-dhcp-agent:
    group: neutron_calico_dhcp_agent
+   system_user: root
+   system_group: root
    service_name: calico-dhcp-agent
    service_en: "{{ neutron_plugin_type == 'ml2.calico' }}"
    service_rootwrap: rootwrap.d/dhcp.filters
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf"
    config_overrides: "{{ neutron_calico_dhcp_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_calico_dhcp_agent_init_overrides }}"
  neutron-sriov-nic-agent:
    group: neutron_sriov_nic_agent
    service_name: neutron-sriov-nic-agent
@@ -342,15 +375,21 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/sriov_nic_agent.ini --log-file=/var/log/neutron/neutron-sriov-nic-agent.log"
    config_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_sriov_nic_agent_init_overrides }}"
  dragonflow-controller-agent:
    group: dragonflow_controller_agent
+   system_user: root
+   system_group: root
    service_name: df-local-controller
    service_en: "{{ neutron_plugin_type == 'ml2.dragonflow' }}"
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dragonflow.ini --log-file=/var/log/dragonflow/df-local-controller.log"
    config_overrides: "{{ neutron_dragonflow_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_dragonflow_controller_agent_init_overrides }}"
  dragonflow-l3-agent:
    group: dragonflow_l3_agent
+   system_user: root
+   system_group: root
    service_name: df-l3-agent
    service_en: "{{ neutron_plugin_type == 'ml2.dragonflow' and neutron_l3 | bool }}"
    service_conf_path: "{{ neutron_conf_dir }}"
@@ -359,6 +398,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/l3_agent.ini --log-file=/var/log/dragonflow/df-l3-agent.log"
    config_overrides: "{{ neutron_dragonflow_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_dragonflow_l3_agent_init_overrides }}"
  dragonflow-pubsub-agent:
    group: dragonflow_pubsub_agent
    service_name: df-publisher-service
@@ -366,6 +406,7 @@ neutron_services:
    config_options: "--config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dragonflow.ini --log-file=/var/log/dragonflow/df-publisher-service.log"
    config_overrides: "{{ neutron_dragonflow_ini_overrides }}"
    config_type: "ini"
+   init_config_overrides: "{{ neutron_dragonflow_pubsub_agent_init_overrides }}"
 
 ## Neutron DHCP Agent
 neutron_dhcp: "{% if neutron_plugin_type.split('.')[0] == 'ml2' %}True{% else %}False{% endif %}"

handlers/main.yml

@@ -13,6 +13,11 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Reload systemd daemon
+  command: "systemctl daemon-reload"
+  notify:
+    - Restart neutron services
+
 - name: Restart neutron services
   service:
     name: "{{ item.value.service_name }}"

releasenotes/notes/neutron-init-config-overrides-ffce7e419061c4da.yaml

@@ -0,0 +1,10 @@
+---
+features:
+  - New variables have been added to allow a deployer to customize
+    a neutron systemd unit file to their liking.
+  - The task dropping the neutron systemd unit files now uses the
+    ``config_template`` action plugin allowing deployers access to
+    customize the unit files as they see fit without having to
+    load extra options into the defaults and polute the generic
+    systemd unit file with jinja2 variables and conditionals.
+

tasks/calico_init.yml

@@ -1,38 +0,0 @@
----
-# Copyright 2016, Logan Vig <logan2211@gmail.com>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['calico-felix'].service_name }}"
-    program_config_options: "{{ neutron_services['calico-felix'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: root
-    system_group: root
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['calico-felix']['group'] in group_names
-    - neutron_services['calico-felix'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['calico-dhcp-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['calico-dhcp-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: root
-    system_group: root
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['calico-dhcp-agent']['group'] in group_names
-    - neutron_services['calico-dhcp-agent'].service_en | bool

tasks/dragonflow.yml

@@ -75,45 +75,3 @@
   when:
     - (inventory_hostname in groups[neutron_services['dragonflow-l3-agent']['group']]) or
       (inventory_hostname in groups[neutron_services['dragonflow-controller-agent']['group']])
-
-# Start Dragonflow publisher service
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['dragonflow-pubsub-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['dragonflow-pubsub-agent'].config_options }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['dragonflow-pubsub-agent']['group'] in group_names
-    - neutron_services['dragonflow-pubsub-agent'].service_en | bool
-  tags:
-    - upstart-init
-
-# Start Dragonflow publisher service
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['dragonflow-l3-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['dragonflow-l3-agent'].config_options }}"
-    system_user: root
-    system_group: root
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['dragonflow-l3-agent']['group'] in group_names
-    - neutron_services['dragonflow-l3-agent'].service_en | bool
-  tags:
-    - upstart-init
-
-# Start Dragonflow controller agent
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['dragonflow-controller-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['dragonflow-controller-agent'].config_options }}"
-    system_user: root
-    system_group: root
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['dragonflow-controller-agent']['group'] in group_names
-    - neutron_services['dragonflow-controller-agent'].service_en | bool
-  tags:
-    - upstart-init

tasks/main.yml

@@ -63,22 +63,16 @@
   tags:
     - neutron-config
 
-# neutron system services
-- include: neutron_init.yml
-  tags:
-    - neutron-config
-
-- include: calico_init.yml
-  static: no
-  when: neutron_plugin_type == 'ml2.calico'
-  tags:
-    - neutron-config
-
 - include: dragonflow.yml
   when: neutron_plugin_type == 'ml2.dragonflow'
   tags:
     - neutron-install
 
+# neutron system services
+- include: neutron_init_common.yml
+  tags:
+    - neutron-config
+
 - include: neutron_db_setup.yml
   when:
     - neutron_services['neutron-server']['group'] in group_names

tasks/neutron_init.yml

@@ -1,148 +0,0 @@
----
-# Copyright 2014, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-server'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-server'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-server']['group'] in group_names
-    - neutron_services['neutron-server'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-dhcp-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-dhcp-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-dhcp-agent']['group'] in group_names
-    - neutron_services['neutron-dhcp-agent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-l3-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-l3-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-l3-agent']['group'] in group_names
-    - neutron_services['neutron-l3-agent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-linuxbridge-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-linuxbridge-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-linuxbridge-agent']['group'] in group_names
-    - neutron_services['neutron-linuxbridge-agent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-openvswitch-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-openvswitch-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-openvswitch-agent']['group'] in group_names
-    - neutron_services['neutron-openvswitch-agent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-metadata-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-metadata-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-metadata-agent']['group'] in group_names
-    - neutron_services['neutron-metadata-agent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-metering-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-metering-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-metering-agent']['group'] in group_names
-    - neutron_services['neutron-metering-agent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-lbaasv2-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-lbaasv2-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-lbaasv2-agent']['group'] in group_names
-    - neutron_services['neutron-lbaasv2-agent'].service_en | bool
-    - neutron_lbaas_namespace | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-bgp-dragent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-bgp-dragent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-bgp-dragent']['group'] in group_names
-    - neutron_services['neutron-bgp-dragent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-vpnaas-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-vpnaas-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-vpnaas-agent']['group'] in group_names
-    - neutron_services['neutron-vpnaas-agent'].service_en | bool
-
-- include: neutron_init_common.yml
-  vars:
-    program_name: "{{ neutron_services['neutron-sriov-nic-agent'].service_name }}"
-    program_config_options: "{{ neutron_services['neutron-sriov-nic-agent'].config_options }}"
-    service_name: "{{ neutron_service_name }}"
-    system_user: "{{ neutron_system_user_name }}"
-    system_group: "{{ neutron_system_group_name }}"
-    service_home: "{{ neutron_system_home_folder }}"
-  when:
-    - neutron_services['neutron-sriov-nic-agent']['group'] in group_names
-    - neutron_services['neutron-sriov-nic-agent'].service_en | bool
-

tasks/neutron_init_common.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright 2016, Rackspace US, Inc.
+# Copyright 2014, Rackspace US, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,44 +13,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: "Create TEMP run dir for {{ program_name }}"
-  file:
-    path: "/var/run/{{ program_name }}"
-    state: directory
-    owner: "{{ system_user }}"
-    group: "{{ system_group }}"
-    mode: "02755"
+- include: neutron_init_systemd.yml
+  static: no
+  when:
+    - ansible_service_mgr == 'systemd'
 
-- name: "Create TEMP lock dir for {{ program_name }}"
-  file:
-    path: "/var/lock/{{ program_name }}"
-    state: directory
-    owner: "{{ system_user }}"
-    group: "{{ system_group }}"
-    mode: "02755"
-
-- name: "Create tmpfiles.d entry for {{ program_name }}"
-  template:
-    src: "neutron-systemd-tmpfiles.j2"
-    dest: "/etc/tmpfiles.d/openstack-{{ program_name }}.conf"
-    mode: "0644"
-    owner: "root"
-    group: "root"
-
-- name: "Place the systemd init script for {{ program_name }}"
-  template:
-    src: "neutron-systemd-init.j2"
-    dest: "/etc/systemd/system/{{ program_name }}.service"
-    mode: "0644"
-    owner: "root"
-    group: "root"
-  register: systemd_init
-
-- name: "Load {{ program_name }} service"
+- name: Load service
   service:
-    name: "{{ program_name }}"
-    enabled: yes
-    state: started
-    daemon_reload: yes
+   name: "{{ item.value.service_name }}"
+   enabled: "yes"
+  with_dict: "{{ neutron_services }}"
+  when:
+    - inventory_hostname in groups[item.value.group] | default([])
+    - "{{ item.value.service_en | default(true) }}"
   notify:
     - Restart neutron services

tasks/neutron_init_systemd.yml

@@ -0,0 +1,68 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create TEMP run dir
+  file:
+    path: "/var/run/{{ item.value.service_name }}"
+    state: directory
+    owner: "{{ neutron_system_user_name }}"
+    group: "{{ neutron_system_group_name }}"
+    mode: "02755"
+  with_dict: "{{ neutron_services }}"
+  when: inventory_hostname in groups[item.value.group] | default([])
+
+- name: Create TEMP lock dir
+  file:
+    path: "/var/lock/{{ item.value.service_name }}"
+    state: directory
+    owner: "{{ neutron_system_user_name }}"
+    group: "{{ neutron_system_group_name }}"
+    mode: "02755"
+  with_dict: "{{ neutron_services }}"
+  when: inventory_hostname in groups[item.value.group] | default([])
+
+# TODO(mgariepy):
+# Remove this in Pike as it only needed to handle upgrades
+# from Newton->Newton and Newton->Ocata
+- name: Cleanup old tmpfiles.d entry
+  file:
+    path: "/etc/tmpfiles.d/{{ item.value.service_name }}.conf"
+    state: absent
+  with_dict: "{{ neutron_services }}"
+  when: inventory_hostname in groups[item.value.group] | default([])
+
+- name: Create tmpfiles.d entry
+  template:
+    src: "neutron-systemd-tmpfiles.j2"
+    dest: "/etc/tmpfiles.d/openstack-{{ item.value.service_name }}.conf"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+  with_dict: "{{ neutron_services }}"
+  when: inventory_hostname in groups[item.value.group] | default([])
+
+- name: Place the systemd init script
+  config_template:
+    src: "neutron-systemd-init.j2"
+    dest: "/etc/systemd/system/{{ item.value.service_name }}.service"
+    mode: "0644"
+    owner: "root"
+    group: "root"
+    config_overrides: "{{ item.value.init_config_overrides }}"
+    config_type: "ini"
+  with_dict: "{{ neutron_services }}"
+  when: inventory_hostname in groups[item.value.group] | default([])
+  notify:
+    - Reload systemd daemon

templates/neutron-systemd-init.j2

@@ -7,13 +7,13 @@ After=network.target
 
 [Service]
 Type=simple
-User={{ system_user }}
-Group={{ system_group }}
+User={{ item.value.system_user | default(neutron_system_user_name) }}
+Group={{ item.value.system_group | default(neutron_system_group_name) }}
 
-{% if program_override is defined %}
-ExecStart={{ program_override }} {{ program_config_options|default('') }}
+{% if item.value.program_override is defined %}
+ExecStart={{ item.value.program_override }} {{ item.value.config_options|default('') }}
 {% else %}
-ExecStart={{ neutron_bin }}/{{ program_name }} {{ program_config_options|default('') }}
+ExecStart={{ neutron_bin }}/{{ item.value.program_binary | default(item.value.service_name) }} {{ item.value.config_options|default('') }}
 {% endif %}
 
 # Give a reasonable amount of time for the server to start up/shut down
@@ -21,5 +21,14 @@ TimeoutSec=300
 Restart=on-failure
 RestartSec=150
 
+# This creates a specific slice which all services will operate from
+#  The accounting options give us the ability to see resource usage through
+#  the `systemd-cgtop` command.
+Slice=neutron.slice
+CPUAccounting=true
+BlockIOAccounting=true
+MemoryAccounting=false
+TasksAccounting=true
+
 [Install]
 WantedBy=multi-user.target

templates/neutron-systemd-tmpfiles.j2

@@ -1,5 +1,5 @@
 # {{ ansible_managed }}
 
-D /var/lock/{{ program_name }} 2755 {{ system_user }} {{ system_group }}
-D /var/run/{{ program_name }} 2755 {{ system_user }} {{ system_group }}
-D {{ neutron_lock_path }} 2755 {{ system_user }} {{ system_group }}
+D /var/lock/{{ item.value.program_binary | default(item.value.service_name) }} 2755 {{ item.value.system_user | default(neutron_system_user_name) }} {{ item.value.system_group | default(neutron_system_group_name) }}
+D /var/run/{{ item.value.program_binary | default(item.value.service_name) }} 2755 {{ item.value.system_user | default(neutron_system_user_name) }} {{ item.value.system_group | default(neutron_system_group_name) }}
+D {{ neutron_lock_path }} 2755 {{ item.value.system_user | default(neutron_system_user_name) }} {{ item.value.system_group | default(neutron_system_group_name) }}