Support policy.yaml file [part 5]
- Freezer - Gnocchi - Kuryr - Murano - Panko This will copy only yaml or json policy file if they exist. Change-Id: I5450839cb06c515f2be445883421f8f987ca834d Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This commit is contained in:
parent
574c68b375
commit
4f8eb892c7
@ -5,7 +5,7 @@
|
||||
service: "{{ freezer_services[service_name] }}"
|
||||
config_json: "{{ freezer_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
freezer_conf: "{{ freezer_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ freezer_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ freezer_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
freezer_api_container: "{{ check_freezer_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -20,5 +20,5 @@
|
||||
- config_json.changed | bool
|
||||
or wsgi_freezer_api.changed | bool
|
||||
or freezer_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or freezer_api_container.changed | bool
|
||||
|
@ -9,6 +9,23 @@
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ freezer_services }}"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: freezer_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/freezer/"
|
||||
skip: true
|
||||
|
||||
- name: Set freezer policy file
|
||||
set_fact:
|
||||
freezer_policy_file: "{{ freezer_policy.results.0.stat.path | basename }}"
|
||||
freezer_policy_file_path: "{{ freezer_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- freezer_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
@ -52,18 +69,13 @@
|
||||
notify:
|
||||
- Restart freezer-api container
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_config_directory }}/freezer/policy.json"
|
||||
run_once: True
|
||||
register: freezer_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/freezer/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
|
||||
register: freezer_policy_jsons
|
||||
src: "{{ freezer_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ freezer_policy_file }}"
|
||||
register: freezer_policy_overwriting
|
||||
when:
|
||||
- freezer_policy.stat.exists
|
||||
- freezer_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ freezer_services }}"
|
||||
|
@ -22,6 +22,11 @@ memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
{% if freezer_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ freezer_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
[paste_deploy]
|
||||
config_file = /etc/freezer/freezer-paste.ini
|
||||
|
||||
|
@ -14,14 +14,13 @@
|
||||
"dest": "/etc/{{ apache_dir }}/wsgi-freezer.conf",
|
||||
"owner": "freezer",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if freezer_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/freezer/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ freezer_policy_file }}",
|
||||
"dest": "/etc/freezer/{{ freezer_policy_file }}",
|
||||
"owner": "freezer",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -5,7 +5,7 @@
|
||||
service: "{{ kuryr_services[service_name] }}"
|
||||
config_json: "{{ kuryr_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kuryr_conf: "{{ kuryr_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ kuryr_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ kuryr_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kuryr_container: "{{ check_kuryr_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -22,5 +22,5 @@
|
||||
- config_json.changed | bool
|
||||
or kuryr_conf.changed | bool
|
||||
or kuryr_spec.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or kuryr_container.changed | bool
|
||||
|
@ -9,6 +9,23 @@
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ kuryr_services }}"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: kuryr_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/kuryr/"
|
||||
skip: true
|
||||
|
||||
- name: Set kuryr policy file
|
||||
set_fact:
|
||||
kuryr_policy_file: "{{ kuryr_policy.results.0.stat.path | basename }}"
|
||||
kuryr_policy_file_path: "{{ kuryr_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- kuryr_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
@ -55,18 +72,13 @@
|
||||
notify:
|
||||
- Restart kuryr container
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_custom_config }}/kuryr/policy.json"
|
||||
run_once: True
|
||||
register: kuryr_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/kuryr/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
|
||||
register: kuryr_policy_jsons
|
||||
src: "{{ kuryr_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ kuryr_policy_file }}"
|
||||
register: kuryr_policy_overwriting
|
||||
when:
|
||||
- kuryr_policy.stat.exists
|
||||
- kuryr_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ kuryr_services }}"
|
||||
|
@ -20,3 +20,8 @@ project_domain_id = {{ default_project_domain_id }}
|
||||
user_domain_id = {{ default_user_domain_id }}
|
||||
password = {{ kuryr_keystone_password }}
|
||||
username = {{ kuryr_keystone_user }}
|
||||
|
||||
{% if kuryr_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ kuryr_policy_file }}
|
||||
{% endif %}
|
||||
|
@ -12,14 +12,13 @@
|
||||
"dest": "/usr/lib/docker/plugins/kuryr/kuryr.spec",
|
||||
"owner": "root",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if kuryr_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/kuryr/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ kuryr_policy_file }}",
|
||||
"dest": "/etc/kuryr/{{ kuryr_policy_file }}",
|
||||
"owner": "kuryr",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -8,6 +8,23 @@
|
||||
- "murano-api"
|
||||
- "murano-engine"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: murano_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/murano/"
|
||||
skip: true
|
||||
|
||||
- name: Set murano policy file
|
||||
set_fact:
|
||||
murano_policy_file: "{{ murano_policy.results.0.stat.path | basename }}"
|
||||
murano_policy_file_path: "{{ murano_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- murano_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item }}.json.j2"
|
||||
@ -31,17 +48,13 @@
|
||||
- "murano-api"
|
||||
- "murano-engine"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_custom_config }}/murano/policy.json"
|
||||
run_once: True
|
||||
register: murano_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/murano/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
|
||||
src: "{{ murano_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ murano_policy_file }}"
|
||||
register: murano_policy_overwriting
|
||||
with_items:
|
||||
- "murano-api"
|
||||
- "murano-engine"
|
||||
when:
|
||||
murano_policy.stat.exists
|
||||
murano_policy_file is defined
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/murano/murano.conf",
|
||||
"owner": "murano",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if murano_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/murano/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ murano_policy_file }}",
|
||||
"dest": "/etc/murano/{{ murano_policy_file }}",
|
||||
"owner": "murano",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/murano/murano.conf",
|
||||
"owner": "murano",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if murano_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/murano/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ murano_policy_file }}",
|
||||
"dest": "/etc/murano/{{ murano_policy_file }}",
|
||||
"owner": "murano",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -41,6 +41,11 @@ api_workers = {{ openstack_service_workers }}
|
||||
transport_url = {{ notify_transport_url }}
|
||||
driver = messagingv2
|
||||
|
||||
{% if murano_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ murano_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
{% if service_name == 'murano-engine' %}
|
||||
[rabbitmq]
|
||||
host = {{ kolla_external_fqdn }}
|
||||
|
@ -5,7 +5,7 @@
|
||||
service: "{{ panko_services[service_name] }}"
|
||||
config_json: "{{ panko_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
panko_conf: "{{ panko_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ panko_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ panko_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
panko_api_container: "{{ check_panko_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -20,5 +20,5 @@
|
||||
- config_json.changed | bool
|
||||
or panko_conf.changed | bool
|
||||
or panko_wsgi.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or panko_api_container.changed | bool
|
||||
|
@ -9,6 +9,23 @@
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ panko_services }}"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: panko_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/panko/"
|
||||
skip: true
|
||||
|
||||
- name: Set panko policy file
|
||||
set_fact:
|
||||
panko_policy_file: "{{ panko_policy.results.0.stat.path | basename }}"
|
||||
panko_policy_file_path: "{{ panko_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- panko_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
@ -53,18 +70,13 @@
|
||||
notify:
|
||||
- Restart panko-api container
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_custom_config }}/panko/policy.json"
|
||||
run_once: True
|
||||
register: panko_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/panko/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
|
||||
register: panko_policy_jsons
|
||||
src: "{{ panko_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ panko_policy_file }}"
|
||||
register: panko_policy_overwriting
|
||||
when:
|
||||
- panko_policy.stat.exists
|
||||
- panko_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ panko_services }}"
|
||||
|
@ -8,14 +8,13 @@
|
||||
"dest": "/etc/panko/panko.conf",
|
||||
"owner": "panko",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if panko_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/panko/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ panko_policy_file }}",
|
||||
"dest": "/etc/panko/{{ panko_policy_file }}",
|
||||
"owner": "panko",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
"perm": "0600"
|
||||
}{% endif %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/wsgi-panko.conf",
|
||||
"dest": "/etc/{{ panko_dir }}/wsgi-panko.conf",
|
||||
|
@ -30,3 +30,8 @@ auth_type = password
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
{% if panko_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ panko_policy_file }}
|
||||
{% endif %}
|
||||
|
Loading…
x
Reference in New Issue
Block a user