Support policy.yaml file [part 4]

- Barbican
- Ceilometer
- Cloudkitty
- Congress
- Designate

This will copy only yaml or json policy file if they exist.

Change-Id: Iaa19f64073d8bdee948bc2de58e095ca72afc092
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
This commit is contained in:
Dai Dang Van 2018-01-08 16:00:22 +07:00
parent 574c68b375
commit 6b99f21341
26 changed files with 206 additions and 142 deletions

View File

@ -5,7 +5,7 @@
service: "{{ barbican_services[service_name] }}" service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_api_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_api_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -19,7 +19,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or barbican_conf.changed | bool or barbican_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or barbican_api_ini.changed | bool or barbican_api_ini.changed | bool
or barbican_api_paste.changed | bool or barbican_api_paste.changed | bool
or barbican_api_container.changed | bool or barbican_api_container.changed | bool
@ -30,7 +30,7 @@
service: "{{ barbican_services[service_name] }}" service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_keystone_listener_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_keystone_listener_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -44,7 +44,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or barbican_conf.changed | bool or barbican_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or barbican_keystone_listener_container.changed | bool or barbican_keystone_listener_container.changed | bool
- name: Restart barbican-worker container - name: Restart barbican-worker container
@ -53,7 +53,7 @@
service: "{{ barbican_services[service_name] }}" service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_worker_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_worker_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -67,5 +67,5 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or barbican_conf.changed | bool or barbican_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or barbican_worker_container.changed | bool or barbican_worker_container.changed | bool

View File

@ -9,6 +9,23 @@
- "barbican-keystone-listener" - "barbican-keystone-listener"
- "barbican-worker" - "barbican-worker"
- name: Check if policies shall be overwritten
local_action: stat path="{{ item }}"
run_once: True
register: barbican_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/barbican/"
skip: true
- name: Set barbican policy file
set_fact:
barbican_policy_file: "{{ barbican_policy.results.0.stat.path | basename }}"
barbican_policy_file_path: "{{ barbican_policy.results.0.stat.path }}"
when:
- barbican_policy.results
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:
src: "{{ item.key }}.json.j2" src: "{{ item.key }}.json.j2"
@ -79,18 +96,13 @@
notify: notify:
- Restart {{ item.key }} container - Restart {{ item.key }} container
- name: Check if policies shall be overwritten - name: Copying over existing policy file
local_action: stat path="{{ node_custom_config }}/barbican/policy.json"
run_once: True
register: barbican_policy
- name: Copying over existing policy.json
template: template:
src: "{{ node_custom_config }}/barbican/policy.json" src: "{{ barbican_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" dest: "{{ node_config_directory }}/{{ item.key }}/{{ barbican_policy_file }}"
register: barbican_policy_jsons register: barbican_policy_overwriting
when: when:
- barbican_policy.stat.exists - barbican_policy_file is defined
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ barbican_services }}" with_dict: "{{ barbican_services }}"

View File

@ -19,14 +19,13 @@
"owner": "barbican", "owner": "barbican",
"perm": "0600", "perm": "0600",
"optional": true "optional": true
}, }{% if barbican_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
"dest": "/etc/barbican/policy.json", "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican", "owner": "barbican",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/barbican/barbican.conf", "dest": "/etc/barbican/barbican.conf",
"owner": "barbican", "owner": "barbican",
"perm": "0600" "perm": "0600"
}, }{% if barbican_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
"dest": "/etc/barbican/policy.json", "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican", "owner": "barbican",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/barbican/barbican.conf", "dest": "/etc/barbican/barbican.conf",
"owner": "barbican", "owner": "barbican",
"perm": "0600" "perm": "0600"
}, }{% if barbican_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
"dest": "/etc/barbican/policy.json", "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican", "owner": "barbican",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -73,3 +73,8 @@ auth_type = password
[oslo_messaging_notifications] [oslo_messaging_notifications]
transport_url = {{ notify_transport_url }} transport_url = {{ notify_transport_url }}
{% if barbican_policy_file is defined %}
[oslo_policy]
policy_file = {{ barbican_policy_file }}
{% endif %}

View File

@ -5,7 +5,7 @@
service: "{{ cloudkitty_services[service_name] }}" service: "{{ cloudkitty_services[service_name] }}"
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_api_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_api_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -20,7 +20,7 @@
- config_json.changed | bool - config_json.changed | bool
or cloudkitty_conf.changed | bool or cloudkitty_conf.changed | bool
or cloudkitty_conf_wsgi.changed | bool or cloudkitty_conf_wsgi.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or cloudkitty_api_container.changed | bool or cloudkitty_api_container.changed | bool
- name: Restart cloudkitty-processor container - name: Restart cloudkitty-processor container
@ -29,7 +29,7 @@
service: "{{ cloudkitty_services[service_name] }}" service: "{{ cloudkitty_services[service_name] }}"
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_processor_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_processor_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -43,5 +43,5 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or cloudkitty_conf.changed | bool or cloudkitty_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or cloudkitty_processor_container.changed | bool or cloudkitty_processor_container.changed | bool

View File

@ -9,6 +9,23 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ cloudkitty_services }}" with_dict: "{{ cloudkitty_services }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ item }}"
run_once: True
register: cloudkitty_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/cloudkitty/"
skip: true
- name: Set cloudkitty policy file
set_fact:
cloudkitty_policy_file: "{{ cloudkitty_policy.results.0.stat.path | basename }}"
cloudkitty_policy_file_path: "{{ cloudkitty_policy.results.0.stat.path }}"
when:
- cloudkitty_policy.results
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:
src: "{{ item.key }}.json.j2" src: "{{ item.key }}.json.j2"
@ -55,18 +72,13 @@
notify: notify:
- Restart cloudkitty-api container - Restart cloudkitty-api container
- name: Check if policies shall be overwritten - name: Copying over existing policy file
local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json"
run_once: True
register: cloudkitty_policy
- name: Copying over existing policy.json
template: template:
src: "{{ node_custom_config }}/cloudkitty/policy.json" src: "{{ cloudkitty_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" dest: "{{ node_config_directory }}/{{ item.key }}/{{ cloudkitty_policy_file }}"
register: cloudkitty_policy_jsons register: cloudkitty_policy_overwriting
when: when:
- cloudkitty_policy.stat.exists - cloudkitty_policy_file is defined
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ cloudkitty_services }}" with_dict: "{{ cloudkitty_services }}"

View File

@ -14,14 +14,13 @@
"dest": "/etc/{{ cloudkitty_dir }}/wsgi-cloudkitty.conf", "dest": "/etc/{{ cloudkitty_dir }}/wsgi-cloudkitty.conf",
"owner": "cloudkitty", "owner": "cloudkitty",
"perm": "0600" "perm": "0600"
}, }{% if cloudkitty_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
"dest": "/etc/cloudkitty/policy.json", "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
"owner": "cloudkitty", "owner": "cloudkitty",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/cloudkitty/cloudkitty.conf", "dest": "/etc/cloudkitty/cloudkitty.conf",
"owner": "cloudkitty", "owner": "cloudkitty",
"perm": "0600" "perm": "0600"
}, }{% if cloudkitty_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
"dest": "/etc/cloudkitty/policy.json", "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
"owner": "cloudkitty", "owner": "cloudkitty",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -31,6 +31,11 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_concurrency] [oslo_concurrency]
lock_path = /var/lib/cloudkitty/tmp lock_path = /var/lib/cloudkitty/tmp
{% if cloudkitty_policy_file is defined %}
[oslo_policy]
policy_file = {{ cloudkitty_policy_file }}
{% endif %}
[collect] [collect]
collector = {{ cloudkitty_collector_backend }} collector = {{ cloudkitty_collector_backend }}
services = compute,image{% if enable_cinder | bool %},volume{% endif %},network.bw.out,network.bw.in,network.floating services = compute,image{% if enable_cinder | bool %},volume{% endif %},network.bw.out,network.bw.in,network.floating

View File

@ -5,7 +5,7 @@
service: "{{ congress_services[service_name] }}" service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_api_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_api_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -19,7 +19,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or congress_conf.changed | bool or congress_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or congress_api_container.changed | bool or congress_api_container.changed | bool
- name: Restart congress-policy-engine container - name: Restart congress-policy-engine container
@ -28,7 +28,7 @@
service: "{{ congress_services[service_name] }}" service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_policy_engin_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_policy_engin_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -42,7 +42,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or congress_conf.changed | bool or congress_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or congress_policy_engin_container.changed | bool or congress_policy_engin_container.changed | bool
- name: Restart congress-datasource container - name: Restart congress-datasource container
@ -51,7 +51,7 @@
service: "{{ congress_services[service_name] }}" service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_datasource_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_datasource_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -65,5 +65,5 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or congress_conf.changed | bool or congress_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or congress_datasource_container.changed | bool or congress_datasource_container.changed | bool

View File

@ -7,6 +7,23 @@
when: inventory_hostname in groups[item.value.group] when: inventory_hostname in groups[item.value.group]
with_dict: "{{ congress_services }}" with_dict: "{{ congress_services }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ item }}"
run_once: True
register: congress_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/congress/"
skip: true
- name: Set congress policy file
set_fact:
congress_policy_file: "{{ congress_policy.results.0.stat.path | basename }}"
congress_policy_file_path: "{{ congress_policy.results.0.stat.path }}"
when:
- congress_policy.results
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:
src: "{{ item.key }}.json.j2" src: "{{ item.key }}.json.j2"
@ -43,13 +60,13 @@
run_once: True run_once: True
register: congress_policy register: congress_policy
- name: Copying over existing policy.json - name: Copying over existing policy file
template: template:
src: "{{ node_custom_config }}/congress/policy.json" src: "{{ congress_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" dest: "{{ node_config_directory }}/{{ item.key }}/{{ congress_policy_file }}"
register: congress_policy_jsons register: congress_policy_overwriting
when: when:
- congress_policy.stat.exists - congress_policy_file is defined
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ congress_services }}" with_dict: "{{ congress_services }}"

View File

@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf", "dest": "/etc/congress/congress.conf",
"owner": "congress", "owner": "congress",
"perm": "0600" "perm": "0600"
}, }{% if congress_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
"dest": "/etc/congress/policy.json", "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress", "owner": "congress",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf", "dest": "/etc/congress/congress.conf",
"owner": "congress", "owner": "congress",
"perm": "0600" "perm": "0600"
}, }{% if congress_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
"dest": "/etc/congress/policy.json", "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress", "owner": "congress",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf", "dest": "/etc/congress/congress.conf",
"owner": "congress", "owner": "congress",
"perm": "0600" "perm": "0600"
}, }{% if congress_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
"dest": "/etc/congress/policy.json", "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress", "owner": "congress",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -45,5 +45,10 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_messaging_notifications] [oslo_messaging_notifications]
transport_url = {{ notify_transport_url }} transport_url = {{ notify_transport_url }}
{% if congress_policy_file is defined %}
[oslo_policy]
policy_file = {{ congress_policy_file }}
{% endif %}
[congress] [congress]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }} url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}

View File

@ -27,7 +27,7 @@
service: "{{ designate_services[service_name] }}" service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_api_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_api_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -41,7 +41,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or designate_conf.changed | bool or designate_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or designate_api_container.changed | bool or designate_api_container.changed | bool
- name: Restart designate-central container - name: Restart designate-central container
@ -50,7 +50,7 @@
service: "{{ designate_services[service_name] }}" service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_central_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_central_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -64,7 +64,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or designate_conf.changed | bool or designate_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or designate_central_container.changed | bool or designate_central_container.changed | bool
- name: Restart designate-producer container - name: Restart designate-producer container
@ -73,7 +73,7 @@
service: "{{ designate_services[service_name] }}" service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_producer_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_producer_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -87,7 +87,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or designate_conf.changed | bool or designate_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or designate_producer_container.changed | bool or designate_producer_container.changed | bool
- name: Restart designate-mdns container - name: Restart designate-mdns container
@ -96,7 +96,7 @@
service: "{{ designate_services[service_name] }}" service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_mdns_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_mdns_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -110,7 +110,7 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or designate_conf.changed | bool or designate_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or designate_mdns_container.changed | bool or designate_mdns_container.changed | bool
- name: Restart designate-worker container - name: Restart designate-worker container
@ -119,7 +119,7 @@
service: "{{ designate_services[service_name] }}" service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_worker_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_worker_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -135,7 +135,7 @@
or designate_conf.changed | bool or designate_conf.changed | bool
or designate_rndc_conf.changed | bool or designate_rndc_conf.changed | bool
or designate_rndc_key_file.changed | bool or designate_rndc_key_file.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or designate_worker_container.changed | bool or designate_worker_container.changed | bool
- name: Restart designate-sink container - name: Restart designate-sink container
@ -144,7 +144,7 @@
service: "{{ designate_services[service_name] }}" service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_sink_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_sink_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker: kolla_docker:
action: "recreate_or_restart_container" action: "recreate_or_restart_container"
@ -158,5 +158,5 @@
- service.enabled | bool - service.enabled | bool
- config_json.changed | bool - config_json.changed | bool
or designate_conf.changed | bool or designate_conf.changed | bool
or policy_json.changed | bool or policy_overwriting.changed | bool
or designate_sink_container.changed | bool or designate_sink_container.changed | bool

View File

@ -9,6 +9,23 @@
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ designate_services }}" with_dict: "{{ designate_services }}"
- name: Check if policies shall be overwritten
local_action: stat path="{{ item }}"
run_once: True
register: designate_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/designate/"
skip: true
- name: Set designate policy file
set_fact:
designate_policy_file: "{{ designate_policy.results.0.stat.path | basename }}"
designate_policy_file_path: "{{ designate_policy.results.0.stat.path }}"
when:
- designate_policy.results
- name: Copying over config.json files for services - name: Copying over config.json files for services
template: template:
src: "{{ item.key }}.json.j2" src: "{{ item.key }}.json.j2"
@ -124,13 +141,13 @@
run_once: True run_once: True
register: designate_policy register: designate_policy
- name: Copying over existing policy.json - name: Copying over existing policy file
template: template:
src: "{{ node_custom_config }}/designate/policy.json" src: "{{ designate_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" dest: "{{ node_config_directory }}/{{ item.key }}/{{ designate_policy_file }}"
register: designate_policy_jsons register: designate_policy_overwriting
when: when:
- designate_policy.stat.exists - designate_policy_file is defined
- inventory_hostname in groups[item.value.group] - inventory_hostname in groups[item.value.group]
- item.value.enabled | bool - item.value.enabled | bool
with_dict: "{{ designate_services }}" with_dict: "{{ designate_services }}"

View File

@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf", "dest": "/etc/designate/designate.conf",
"owner": "designate", "owner": "designate",
"perm": "0600" "perm": "0600"
}, }{% if designate_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
"dest": "/etc/designate/policy.json", "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate", "owner": "designate",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf", "dest": "/etc/designate/designate.conf",
"owner": "designate", "owner": "designate",
"perm": "0600" "perm": "0600"
}, }{% if designate_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
"dest": "/etc/designate/policy.json", "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate", "owner": "designate",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf", "dest": "/etc/designate/designate.conf",
"owner": "designate", "owner": "designate",
"perm": "0600" "perm": "0600"
}, }{% if designate_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
"dest": "/etc/designate/policy.json", "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate", "owner": "designate",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf", "dest": "/etc/designate/designate.conf",
"owner": "designate", "owner": "designate",
"perm": "0600" "perm": "0600"
}, }{% if designate_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
"dest": "/etc/designate/policy.json", "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate", "owner": "designate",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf", "dest": "/etc/designate/designate.conf",
"owner": "designate", "owner": "designate",
"perm": "0600" "perm": "0600"
}, }{% if designate_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
"dest": "/etc/designate/policy.json", "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate", "owner": "designate",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf", "dest": "/etc/designate/designate.conf",
"owner": "designate", "owner": "designate",
"perm": "0600" "perm": "0600"
}, }{% if designate_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
"dest": "/etc/designate/policy.json", "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate", "owner": "designate",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %},
},
{ {
"source": "{{ container_config_directory }}/pools.yaml", "source": "{{ container_config_directory }}/pools.yaml",
"dest": "/etc/designate/pools.yaml", "dest": "/etc/designate/pools.yaml",

View File

@ -105,3 +105,8 @@ driver = messagingv2
[oslo_concurrency] [oslo_concurrency]
lock_path = /var/lib/designate/tmp lock_path = /var/lib/designate/tmp
{% if designate_policy_file is defined %}
[oslo_policy]
policy_file = {{ designate_policy_file }}
{% endif %}