Allow container directories to have non-standard modes

This change adds the ability to customise the mode applied to a
directory in the container_directories group_vars.  Additionally, we
change the default mode of a directory with an unspecified mode to 700.
This latter change requires us to flip the following back to 755
otherwise the respective service throws a permission denied error:

* /var/www/cgi-bin/keystone
* /var/lib/neutron
* /var/lib/nova

A fair bit of additional testing will need to be done before this
merges.

Change-Id: I40b0052876078c3472e88594a5c0d7e039b9817a
Closes-Bug: 1399428

rpc_deployment/inventory/group_vars/cinder_all.yml

@@ -69,11 +69,11 @@ service_names:
   - cinder-volume
 
 container_directories:
-  - /var/log/cinder
+  - { name: /var/log/cinder }
-  - /var/lib/cinder
+  - { name: /var/lib/cinder }
-  - /var/lib/cinder/volumes
+  - { name: /var/lib/cinder/volumes }
-  - /etc/cinder
+  - { name: /etc/cinder }
-  - /etc/cinder/rootwrap.d
+  - { name: /etc/cinder/rootwrap.d }
-  - /var/cache/cinder
+  - { name: /var/cache/cinder }
-  - /var/lock/cinder
+  - { name: /var/lock/cinder }
-  - /var/run/cinder
+  - { name: /var/run/cinder }

rpc_deployment/inventory/group_vars/glance_all.yml

@@ -71,14 +71,14 @@ service_names:
 flavor: "keystone+cachemanagement"
 
 container_directories:
-  - /var/log/glance
+   - { name: /var/log/glance }
-  - /var/lib/glance
+   - { name: /var/lib/glance }
-  - /var/lib/glance/cache
+   - { name: /var/lib/glance/cache }
-  - /var/lib/glance/cache/api
+   - { name: /var/lib/glance/cache/api }
-  - /var/lib/glance/cache/registry
+   - { name: /var/lib/glance/cache/registry }
-  - /var/lib/glance/scrubber
+   - { name: /var/lib/glance/scrubber }
-  - /etc/glance
+   - { name: /etc/glance }
-  - /var/cache/glance
+   - { name: /var/cache/glance }
 
 container_packages:
   - rsync

rpc_deployment/inventory/group_vars/heat_all.yml

@@ -64,9 +64,9 @@ heat_waitcondition_server_url: "http://{{ internal_vip_address }}:8000/v1/waitco
 heat_metadata_server_url: "http://{{ internal_vip_address }}:8000"
 
 container_directories:
-  - /etc/heat
+   - { name: /etc/heat }
-  - /etc/heat/environment.d
+   - { name: /etc/heat/environment.d }
-  - /etc/heat/templates
+   - { name: /etc/heat/templates }
-  - /var/cache/heat
+   - { name: /var/cache/heat }
-  - /var/lib/heat
+   - { name: /var/lib/heat }
-  - /var/log/heat
+   - { name: /var/log/heat }

rpc_deployment/inventory/group_vars/horizon.yml

@@ -49,10 +49,10 @@ horizon_help_url: http://docs.rackspace.com/rpc/api/v9/rpc-faq-v9/content/rpc-co
 install_lib_dir: /usr/local/lib/python2.7/dist-packages
 
 container_directories:
-  - "/etc/horizon"
+  - { name: /etc/horizon }
-  - "/var/lib/horizon"
+  - { name: /var/lib/horizon }
-  - "/usr/local/lib/python2.7/dist-packages/static"
+  - { name: /usr/local/lib/python2.7/dist-packages/static }
-  - "/usr/local/lib/python2.7/dist-packages/openstack_dashboard/local"
+  - { name: /usr/local/lib/python2.7/dist-packages/openstack_dashboard/local }
 
 horizon_fqdn: "{{ external_vip_address }}"
 horizon_server_name: "{{ container_name }}"

rpc_deployment/inventory/group_vars/keystone_all.yml

@@ -63,8 +63,8 @@ keystone_ssl: false
 
 
 container_directories:
-  - /etc/keystone
+  - { name: /etc/keystone }
-  - /etc/keystone/ssl
+  - { name: /etc/keystone/ssl }
-  - /var/lib/keystone
+  - { name: /var/lib/keystone }
-  - /var/log/keystone
+  - { name: /var/log/keystone }
-  - /var/www/cgi-bin/keystone
+  - { name: /var/www/cgi-bin/keystone, mode: 755 }

rpc_deployment/inventory/group_vars/neutron_all.yml

@@ -76,14 +76,13 @@ service_names:
   - neutron-server
 
 container_directories:
-  - /etc/neutron
+  - { name: /etc/neutron }
-  - /etc/neutron/plugins
+  - { name: /etc/neutron/plugins }
-  - /etc/neutron/plugins/ml2
+  - { name: /etc/neutron/plugins/ml2 }
-  - /etc/neutron/rootwrap.d
+  - { name: /etc/neutron/rootwrap.d }
-  - /var/cache/neutron
+  - { name: /var/cache/neutron }
-  - /var/lib/neutron
+  - { name: /var/lib/neutron, mode: 755 }
-  - /var/lib/neutron/ha_confs
+  - { name: /var/lib/neutron/ha_confs }
-  - /var/lock/neutron
+  - { name: /var/lock/neutron }
-  - /var/log/neutron
+  - { name: /var/log/neutron }
-  - /var/run/neutron
+  - { name: /var/run/neutron }
-

rpc_deployment/inventory/group_vars/nova_all.yml

@@ -87,11 +87,11 @@ nova_scheduler_max_attempts: 5
 nova_scheduler_weight_classes: nova.scheduler.weights.all_weighers
 
 container_directories:
-  - /var/log/nova
+   - { name: /var/log/nova }
-  - /var/lib/nova
+   - { name: /var/lib/nova, mode: 755 }
-  - /var/lib/nova/cache/api
+   - { name: /var/lib/nova/cache/api }
-  - /etc/nova
+   - { name: /etc/nova }
-  - /etc/nova/rootwrap.d
+   - { name: /etc/nova/rootwrap.d }
-  - /var/cache/nova
+   - { name: /var/cache/nova }
-  - /var/lock/nova
+   - { name: /var/lock/nova }
-  - /var/run/nova
+   - { name: /var/run/nova }

rpc_deployment/inventory/group_vars/swift_all.yml

@@ -65,11 +65,11 @@ service_names:
   - swift-proxy
 
 container_directories:
-  - /var/lock/swift
+  - { name: /var/lock/swift }
-  - /var/cache/swift
+  - { name: /var/cache/swift }
-  - /etc/swift
+  - { name: /etc/swift }
-  - /etc/swift/rings/
+  - { name: /etc/swift/rings/ }
-  - /etc/swift/object-server
+  - { name: /etc/swift/object-server }
-  - /etc/swift/container-server
+  - { name: /etc/swift/container-server }
-  - /etc/swift/account-server
+  - { name: /etc/swift/account-server }
-  - /etc/swift/proxy-server
+  - { name: /etc/swift/proxy-server }

rpc_deployment/roles/container_common/tasks/container_os_setup.yml

@@ -15,10 +15,11 @@
 
 - name: Create the local directories
   file: >
-    path={{ item }}
+    path={{ item.name }}
     state=directory
     group={{ system_group|default('root') }}
     owner={{ system_user|default('root') }}
+    mode={{ item.mode|default(700) }}
     recurse=true
   when: container_directories is defined
   with_items: container_directories