openstack/openstack-ansible
Code Issues Proposed changes

Allow container directories to have non-standard modes

Browse Source 
This change adds the ability to customise the mode applied to a
directory in the container_directories group_vars.  Additionally, we
change the default mode of a directory with an unspecified mode to 700.
This latter change requires us to flip the following back to 755
otherwise the respective service throws a permission denied error:

* /var/www/cgi-bin/keystone
* /var/lib/neutron
* /var/lib/nova

A fair bit of additional testing will need to be done before this
merges.

Change-Id: I40b0052876078c3472e88594a5c0d7e039b9817a
Closes-Bug: 1399428
This commit is contained in:
Matt Thompson 2014-12-11 15:03:11 +00:00
parent 9bfe842001
commit 1978bf5fbb
9 changed files with 59 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
rpc_deployment/inventory/group_vars/cinder_all.yml
View File

@ -69,11 +69,11 @@ service_names:
- cinder-volume
container_directories:
- /var/log/cinder
- /var/lib/cinder
- /var/lib/cinder/volumes
- /etc/cinder
- /etc/cinder/rootwrap.d
- /var/cache/cinder
- /var/lock/cinder
- /var/run/cinder
- { name: /var/log/cinder }
- { name: /var/lib/cinder }
- { name: /var/lib/cinder/volumes }
- { name: /etc/cinder }
- { name: /etc/cinder/rootwrap.d }
- { name: /var/cache/cinder }
- { name: /var/lock/cinder }
- { name: /var/run/cinder }

16
rpc_deployment/inventory/group_vars/glance_all.yml
View File

@ -71,14 +71,14 @@ service_names:
flavor: "keystone+cachemanagement"
container_directories:
- /var/log/glance
- /var/lib/glance
- /var/lib/glance/cache
- /var/lib/glance/cache/api
- /var/lib/glance/cache/registry
- /var/lib/glance/scrubber
- /etc/glance
- /var/cache/glance
- { name: /var/log/glance }
- { name: /var/lib/glance }
- { name: /var/lib/glance/cache }
- { name: /var/lib/glance/cache/api }
- { name: /var/lib/glance/cache/registry }
- { name: /var/lib/glance/scrubber }
- { name: /etc/glance }
- { name: /var/cache/glance }
container_packages:
- rsync

12
rpc_deployment/inventory/group_vars/heat_all.yml
View File

@ -64,9 +64,9 @@ heat_waitcondition_server_url: "http://{{ internal_vip_address }}:8000/v1/waitco
heat_metadata_server_url: "http://{{ internal_vip_address }}:8000"
container_directories:
- /etc/heat
- /etc/heat/environment.d
- /etc/heat/templates
- /var/cache/heat
- /var/lib/heat
- /var/log/heat
- { name: /etc/heat }
- { name: /etc/heat/environment.d }
- { name: /etc/heat/templates }
- { name: /var/cache/heat }
- { name: /var/lib/heat }
- { name: /var/log/heat }

8
rpc_deployment/inventory/group_vars/horizon.yml
View File

@ -49,10 +49,10 @@ horizon_help_url: http://docs.rackspace.com/rpc/api/v9/rpc-faq-v9/content/rpc-co
install_lib_dir: /usr/local/lib/python2.7/dist-packages
container_directories:
- "/etc/horizon"
- "/var/lib/horizon"
- "/usr/local/lib/python2.7/dist-packages/static"
- "/usr/local/lib/python2.7/dist-packages/openstack_dashboard/local"
- { name: /etc/horizon }
- { name: /var/lib/horizon }
- { name: /usr/local/lib/python2.7/dist-packages/static }
- { name: /usr/local/lib/python2.7/dist-packages/openstack_dashboard/local }
horizon_fqdn: "{{ external_vip_address }}"
horizon_server_name: "{{ container_name }}"

10
rpc_deployment/inventory/group_vars/keystone_all.yml
View File

@ -63,8 +63,8 @@ keystone_ssl: false
container_directories:
- /etc/keystone
- /etc/keystone/ssl
- /var/lib/keystone
- /var/log/keystone
- /var/www/cgi-bin/keystone
- { name: /etc/keystone }
- { name: /etc/keystone/ssl }
- { name: /var/lib/keystone }
- { name: /var/log/keystone }
- { name: /var/www/cgi-bin/keystone, mode: 755 }

21
rpc_deployment/inventory/group_vars/neutron_all.yml
View File

@ -76,14 +76,13 @@ service_names:
- neutron-server
container_directories:
- /etc/neutron
- /etc/neutron/plugins
- /etc/neutron/plugins/ml2
- /etc/neutron/rootwrap.d
- /var/cache/neutron
- /var/lib/neutron
- /var/lib/neutron/ha_confs
- /var/lock/neutron
- /var/log/neutron
- /var/run/neutron
- { name: /etc/neutron }
- { name: /etc/neutron/plugins }
- { name: /etc/neutron/plugins/ml2 }
- { name: /etc/neutron/rootwrap.d }
- { name: /var/cache/neutron }
- { name: /var/lib/neutron, mode: 755 }
- { name: /var/lib/neutron/ha_confs }
- { name: /var/lock/neutron }
- { name: /var/log/neutron }
- { name: /var/run/neutron }

16
rpc_deployment/inventory/group_vars/nova_all.yml
View File

@ -87,11 +87,11 @@ nova_scheduler_max_attempts: 5
nova_scheduler_weight_classes: nova.scheduler.weights.all_weighers
container_directories:
- /var/log/nova
- /var/lib/nova
- /var/lib/nova/cache/api
- /etc/nova
- /etc/nova/rootwrap.d
- /var/cache/nova
- /var/lock/nova
- /var/run/nova
- { name: /var/log/nova }
- { name: /var/lib/nova, mode: 755 }
- { name: /var/lib/nova/cache/api }
- { name: /etc/nova }
- { name: /etc/nova/rootwrap.d }
- { name: /var/cache/nova }
- { name: /var/lock/nova }
- { name: /var/run/nova }

16
rpc_deployment/inventory/group_vars/swift_all.yml
View File

@ -65,11 +65,11 @@ service_names:
- swift-proxy
container_directories:
- /var/lock/swift
- /var/cache/swift
- /etc/swift
- /etc/swift/rings/
- /etc/swift/object-server
- /etc/swift/container-server
- /etc/swift/account-server
- /etc/swift/proxy-server
- { name: /var/lock/swift }
- { name: /var/cache/swift }
- { name: /etc/swift }
- { name: /etc/swift/rings/ }
- { name: /etc/swift/object-server }
- { name: /etc/swift/container-server }
- { name: /etc/swift/account-server }
- { name: /etc/swift/proxy-server }

3
rpc_deployment/roles/container_common/tasks/container_os_setup.yml
View File

@ -15,10 +15,11 @@
- name: Create the local directories
file: >
path={{ item }}
path={{ item.name }}
state=directory
group={{ system_group|default('root') }}
owner={{ system_user|default('root') }}
mode={{ item.mode|default(700) }}
recurse=true
when: container_directories is defined
with_items: container_directories