Support policy.yaml file [part 4]
- Barbican - Ceilometer - Cloudkitty - Congress - Designate This will copy only yaml or json policy file if they exist. Change-Id: Iaa19f64073d8bdee948bc2de58e095ca72afc092 Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This commit is contained in:
parent
574c68b375
commit
6b99f21341
@ -5,7 +5,7 @@
|
||||
service: "{{ barbican_services[service_name] }}"
|
||||
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
barbican_api_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -19,7 +19,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or barbican_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or barbican_api_ini.changed | bool
|
||||
or barbican_api_paste.changed | bool
|
||||
or barbican_api_container.changed | bool
|
||||
@ -30,7 +30,7 @@
|
||||
service: "{{ barbican_services[service_name] }}"
|
||||
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
barbican_keystone_listener_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -44,7 +44,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or barbican_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or barbican_keystone_listener_container.changed | bool
|
||||
|
||||
- name: Restart barbican-worker container
|
||||
@ -53,7 +53,7 @@
|
||||
service: "{{ barbican_services[service_name] }}"
|
||||
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
barbican_worker_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -67,5 +67,5 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or barbican_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or barbican_worker_container.changed | bool
|
||||
|
@ -9,6 +9,23 @@
|
||||
- "barbican-keystone-listener"
|
||||
- "barbican-worker"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: barbican_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/barbican/"
|
||||
skip: true
|
||||
|
||||
- name: Set barbican policy file
|
||||
set_fact:
|
||||
barbican_policy_file: "{{ barbican_policy.results.0.stat.path | basename }}"
|
||||
barbican_policy_file_path: "{{ barbican_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- barbican_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
@ -79,18 +96,13 @@
|
||||
notify:
|
||||
- Restart {{ item.key }} container
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_custom_config }}/barbican/policy.json"
|
||||
run_once: True
|
||||
register: barbican_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/barbican/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
|
||||
register: barbican_policy_jsons
|
||||
src: "{{ barbican_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ barbican_policy_file }}"
|
||||
register: barbican_policy_overwriting
|
||||
when:
|
||||
- barbican_policy.stat.exists
|
||||
- barbican_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ barbican_services }}"
|
||||
|
@ -19,14 +19,13 @@
|
||||
"owner": "barbican",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
}{% if barbican_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/barbican/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
|
||||
"dest": "/etc/barbican/{{ barbican_policy_file }}",
|
||||
"owner": "barbican",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/barbican/barbican.conf",
|
||||
"owner": "barbican",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if barbican_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/barbican/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
|
||||
"dest": "/etc/barbican/{{ barbican_policy_file }}",
|
||||
"owner": "barbican",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/barbican/barbican.conf",
|
||||
"owner": "barbican",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if barbican_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/barbican/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
|
||||
"dest": "/etc/barbican/{{ barbican_policy_file }}",
|
||||
"owner": "barbican",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -73,3 +73,8 @@ auth_type = password
|
||||
|
||||
[oslo_messaging_notifications]
|
||||
transport_url = {{ notify_transport_url }}
|
||||
|
||||
{% if barbican_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ barbican_policy_file }}
|
||||
{% endif %}
|
||||
|
@ -5,7 +5,7 @@
|
||||
service: "{{ cloudkitty_services[service_name] }}"
|
||||
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
cloudkitty_api_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -20,7 +20,7 @@
|
||||
- config_json.changed | bool
|
||||
or cloudkitty_conf.changed | bool
|
||||
or cloudkitty_conf_wsgi.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or cloudkitty_api_container.changed | bool
|
||||
|
||||
- name: Restart cloudkitty-processor container
|
||||
@ -29,7 +29,7 @@
|
||||
service: "{{ cloudkitty_services[service_name] }}"
|
||||
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
cloudkitty_processor_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -43,5 +43,5 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or cloudkitty_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or cloudkitty_processor_container.changed | bool
|
||||
|
@ -9,6 +9,23 @@
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ cloudkitty_services }}"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: cloudkitty_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/cloudkitty/"
|
||||
skip: true
|
||||
|
||||
- name: Set cloudkitty policy file
|
||||
set_fact:
|
||||
cloudkitty_policy_file: "{{ cloudkitty_policy.results.0.stat.path | basename }}"
|
||||
cloudkitty_policy_file_path: "{{ cloudkitty_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- cloudkitty_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
@ -55,18 +72,13 @@
|
||||
notify:
|
||||
- Restart cloudkitty-api container
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json"
|
||||
run_once: True
|
||||
register: cloudkitty_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/cloudkitty/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
|
||||
register: cloudkitty_policy_jsons
|
||||
src: "{{ cloudkitty_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ cloudkitty_policy_file }}"
|
||||
register: cloudkitty_policy_overwriting
|
||||
when:
|
||||
- cloudkitty_policy.stat.exists
|
||||
- cloudkitty_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ cloudkitty_services }}"
|
||||
|
@ -14,14 +14,13 @@
|
||||
"dest": "/etc/{{ cloudkitty_dir }}/wsgi-cloudkitty.conf",
|
||||
"owner": "cloudkitty",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if cloudkitty_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/cloudkitty/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
|
||||
"dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
|
||||
"owner": "cloudkitty",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/cloudkitty/cloudkitty.conf",
|
||||
"owner": "cloudkitty",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if cloudkitty_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/cloudkitty/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
|
||||
"dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
|
||||
"owner": "cloudkitty",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -31,6 +31,11 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/cloudkitty/tmp
|
||||
|
||||
{% if cloudkitty_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ cloudkitty_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
[collect]
|
||||
collector = {{ cloudkitty_collector_backend }}
|
||||
services = compute,image{% if enable_cinder | bool %},volume{% endif %},network.bw.out,network.bw.in,network.floating
|
||||
|
@ -5,7 +5,7 @@
|
||||
service: "{{ congress_services[service_name] }}"
|
||||
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
congress_api_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -19,7 +19,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or congress_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or congress_api_container.changed | bool
|
||||
|
||||
- name: Restart congress-policy-engine container
|
||||
@ -28,7 +28,7 @@
|
||||
service: "{{ congress_services[service_name] }}"
|
||||
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
congress_policy_engin_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -42,7 +42,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or congress_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or congress_policy_engin_container.changed | bool
|
||||
|
||||
- name: Restart congress-datasource container
|
||||
@ -51,7 +51,7 @@
|
||||
service: "{{ congress_services[service_name] }}"
|
||||
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
congress_datasource_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -65,5 +65,5 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or congress_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or congress_datasource_container.changed | bool
|
||||
|
@ -7,6 +7,23 @@
|
||||
when: inventory_hostname in groups[item.value.group]
|
||||
with_dict: "{{ congress_services }}"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: congress_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/congress/"
|
||||
skip: true
|
||||
|
||||
- name: Set congress policy file
|
||||
set_fact:
|
||||
congress_policy_file: "{{ congress_policy.results.0.stat.path | basename }}"
|
||||
congress_policy_file_path: "{{ congress_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- congress_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
@ -43,13 +60,13 @@
|
||||
run_once: True
|
||||
register: congress_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/congress/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
|
||||
register: congress_policy_jsons
|
||||
src: "{{ congress_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ congress_policy_file }}"
|
||||
register: congress_policy_overwriting
|
||||
when:
|
||||
- congress_policy.stat.exists
|
||||
- congress_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ congress_services }}"
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/congress/congress.conf",
|
||||
"owner": "congress",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if congress_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/congress/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ congress_policy_file }}",
|
||||
"dest": "/etc/congress/{{ congress_policy_file }}",
|
||||
"owner": "congress",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/congress/congress.conf",
|
||||
"owner": "congress",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if congress_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/congress/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ congress_policy_file }}",
|
||||
"dest": "/etc/congress/{{ congress_policy_file }}",
|
||||
"owner": "congress",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/congress/congress.conf",
|
||||
"owner": "congress",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if congress_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/congress/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ congress_policy_file }}",
|
||||
"dest": "/etc/congress/{{ congress_policy_file }}",
|
||||
"owner": "congress",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -45,5 +45,10 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
|
||||
[oslo_messaging_notifications]
|
||||
transport_url = {{ notify_transport_url }}
|
||||
|
||||
{% if congress_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ congress_policy_file }}
|
||||
{% endif %}
|
||||
|
||||
[congress]
|
||||
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}
|
||||
|
@ -27,7 +27,7 @@
|
||||
service: "{{ designate_services[service_name] }}"
|
||||
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_api_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -41,7 +41,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or designate_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or designate_api_container.changed | bool
|
||||
|
||||
- name: Restart designate-central container
|
||||
@ -50,7 +50,7 @@
|
||||
service: "{{ designate_services[service_name] }}"
|
||||
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_central_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -64,7 +64,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or designate_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or designate_central_container.changed | bool
|
||||
|
||||
- name: Restart designate-producer container
|
||||
@ -73,7 +73,7 @@
|
||||
service: "{{ designate_services[service_name] }}"
|
||||
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_producer_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -87,7 +87,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or designate_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or designate_producer_container.changed | bool
|
||||
|
||||
- name: Restart designate-mdns container
|
||||
@ -96,7 +96,7 @@
|
||||
service: "{{ designate_services[service_name] }}"
|
||||
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_mdns_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -110,7 +110,7 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or designate_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or designate_mdns_container.changed | bool
|
||||
|
||||
- name: Restart designate-worker container
|
||||
@ -119,7 +119,7 @@
|
||||
service: "{{ designate_services[service_name] }}"
|
||||
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_worker_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -135,7 +135,7 @@
|
||||
or designate_conf.changed | bool
|
||||
or designate_rndc_conf.changed | bool
|
||||
or designate_rndc_key_file.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or designate_worker_container.changed | bool
|
||||
|
||||
- name: Restart designate-sink container
|
||||
@ -144,7 +144,7 @@
|
||||
service: "{{ designate_services[service_name] }}"
|
||||
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
designate_sink_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
|
||||
kolla_docker:
|
||||
action: "recreate_or_restart_container"
|
||||
@ -158,5 +158,5 @@
|
||||
- service.enabled | bool
|
||||
- config_json.changed | bool
|
||||
or designate_conf.changed | bool
|
||||
or policy_json.changed | bool
|
||||
or policy_overwriting.changed | bool
|
||||
or designate_sink_container.changed | bool
|
||||
|
@ -9,6 +9,23 @@
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ designate_services }}"
|
||||
|
||||
- name: Check if policies shall be overwritten
|
||||
local_action: stat path="{{ item }}"
|
||||
run_once: True
|
||||
register: designate_policy
|
||||
with_first_found:
|
||||
- files: "{{ supported_policy_format_list }}"
|
||||
paths:
|
||||
- "{{ node_custom_config }}/designate/"
|
||||
skip: true
|
||||
|
||||
- name: Set designate policy file
|
||||
set_fact:
|
||||
designate_policy_file: "{{ designate_policy.results.0.stat.path | basename }}"
|
||||
designate_policy_file_path: "{{ designate_policy.results.0.stat.path }}"
|
||||
when:
|
||||
- designate_policy.results
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item.key }}.json.j2"
|
||||
@ -124,13 +141,13 @@
|
||||
run_once: True
|
||||
register: designate_policy
|
||||
|
||||
- name: Copying over existing policy.json
|
||||
- name: Copying over existing policy file
|
||||
template:
|
||||
src: "{{ node_custom_config }}/designate/policy.json"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
|
||||
register: designate_policy_jsons
|
||||
src: "{{ designate_policy_file_path }}"
|
||||
dest: "{{ node_config_directory }}/{{ item.key }}/{{ designate_policy_file }}"
|
||||
register: designate_policy_overwriting
|
||||
when:
|
||||
- designate_policy.stat.exists
|
||||
- designate_policy_file is defined
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.enabled | bool
|
||||
with_dict: "{{ designate_services }}"
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if designate_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ designate_policy_file }}",
|
||||
"dest": "/etc/designate/{{ designate_policy_file }}",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if designate_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ designate_policy_file }}",
|
||||
"dest": "/etc/designate/{{ designate_policy_file }}",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if designate_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ designate_policy_file }}",
|
||||
"dest": "/etc/designate/{{ designate_policy_file }}",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if designate_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ designate_policy_file }}",
|
||||
"dest": "/etc/designate/{{ designate_policy_file }}",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if designate_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ designate_policy_file }}",
|
||||
"dest": "/etc/designate/{{ designate_policy_file }}",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
}
|
||||
"perm": "0600"
|
||||
}{% endif %}
|
||||
],
|
||||
"permissions": [
|
||||
{
|
||||
|
@ -6,14 +6,13 @@
|
||||
"dest": "/etc/designate/designate.conf",
|
||||
"owner": "designate",
|
||||
"perm": "0600"
|
||||
},
|
||||
}{% if designate_policy_file is defined %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/policy.json",
|
||||
"dest": "/etc/designate/policy.json",
|
||||
"source": "{{ container_config_directory }}/{{ designate_policy_file }}",
|
||||
"dest": "/etc/designate/{{ designate_policy_file }}",
|
||||
"owner": "designate",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
"perm": "0600"
|
||||
}{% endif %},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/pools.yaml",
|
||||
"dest": "/etc/designate/pools.yaml",
|
||||
|
@ -105,3 +105,8 @@ driver = messagingv2
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lib/designate/tmp
|
||||
|
||||
{% if designate_policy_file is defined %}
|
||||
[oslo_policy]
|
||||
policy_file = {{ designate_policy_file }}
|
||||
{% endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user