octavia: Add support for disabling amphora provider

Change-Id: I1010ee42aaf1c650d9e3b5332ebf828646a6badf
This commit is contained in:
Michał Nasiadka 2021-03-29 18:01:39 +02:00 committed by Michal Nasiadka
parent 93c4448365
commit 810c4d9471
5 changed files with 70 additions and 69 deletions

View File

@ -100,69 +100,67 @@
notify:
- "Restart {{ item.key }} container"
- name: Copying over Octavia SSH key
copy:
content: "{{ octavia_amp_ssh_key.private_key }}"
dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0400"
become: True
when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
- block:
- name: Copying certificate files for octavia-worker
vars:
service: "{{ octavia_services['octavia-worker'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- client.cert-and-key.pem
- client_ca.cert.pem
- server_ca.cert.pem
- server_ca.key.pem
notify:
- Restart octavia-worker container
- name: Copying over Octavia SSH key
copy:
content: "{{ octavia_amp_ssh_key.private_key }}"
dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0400"
become: True
when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
- name: Copying certificate files for octavia-housekeeping
vars:
service: "{{ octavia_services['octavia-housekeeping'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- client.cert-and-key.pem
- client_ca.cert.pem
- server_ca.cert.pem
- server_ca.key.pem
notify:
- Restart octavia-housekeeping container
- name: Copying certificate files for octavia-worker
vars:
service: "{{ octavia_services['octavia-worker'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items: "{{ octavia_amphora_keys }}"
notify:
- Restart octavia-worker container
- name: Copying certificate files for octavia-health-manager
- name: Copying certificate files for octavia-housekeeping
vars:
service: "{{ octavia_services['octavia-housekeeping'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items: "{{ octavia_amphora_keys }}"
notify:
- Restart octavia-housekeeping container
- name: Copying certificate files for octavia-health-manager
vars:
service: "{{ octavia_services['octavia-health-manager'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items: "{{ octavia_amphora_keys }}"
notify:
- Restart octavia-health-manager container
when: "'amphora' in octavia_provider_drivers"
vars:
service: "{{ octavia_services['octavia-health-manager'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- client.cert-and-key.pem
- client_ca.cert.pem
- server_ca.cert.pem
- server_ca.key.pem
notify:
- Restart octavia-health-manager container
octavia_amphora_keys:
- client.cert-and-key.pem
- client_ca.cert.pem
- server_ca.cert.pem
- server_ca.key.pem

View File

@ -41,6 +41,7 @@
Octavia's certificate configuration has been changed since Train. The new
configuration requires 4 PEM files. Please check certificate configuration
guide at https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
when: "'amphora' in octavia_provider_drivers"
- name: Checking certificate files exist for octavia
stat:
@ -49,7 +50,9 @@
run_once: True
register: result
failed_when: not result.stat.exists
when: inventory_hostname in groups['octavia-worker']
when:
- inventory_hostname in groups['octavia-worker']
- "'amphora' in octavia_provider_drivers"
with_items:
- client.cert-and-key.pem
- client_ca.cert.pem

View File

@ -6,7 +6,7 @@
"dest": "/etc/octavia/octavia.conf",
"owner": "octavia",
"perm": "0600"
},
}{% if 'amphora' in octavia_provider_drivers %},
{
"source": "{{ container_config_directory }}/client.cert-and-key.pem",
"dest": "/etc/octavia/certs/client.cert-and-key.pem",
@ -30,6 +30,6 @@
"dest": "/etc/octavia/certs/server_ca.key.pem",
"owner": "octavia",
"perm": "0600"
}
}{% endif %}
]
}

View File

@ -6,7 +6,7 @@
"dest": "/etc/octavia/octavia.conf",
"owner": "octavia",
"perm": "0600"
},
}{% if 'amphora' in octavia_provider_drivers %},
{
"source": "{{ container_config_directory }}/client.cert-and-key.pem",
"dest": "/etc/octavia/certs/client.cert-and-key.pem",
@ -30,6 +30,6 @@
"dest": "/etc/octavia/certs/server_ca.key.pem",
"owner": "octavia",
"perm": "0600"
}
}{% endif %}
]
}

View File

@ -6,7 +6,7 @@
"dest": "/etc/octavia/octavia.conf",
"owner": "octavia",
"perm": "0600"
},
}{% if 'amphora' in octavia_provider_drivers %},
{
"source": "{{ container_config_directory }}/client.cert-and-key.pem",
"dest": "/etc/octavia/certs/client.cert-and-key.pem",
@ -30,6 +30,6 @@
"dest": "/etc/octavia/certs/server_ca.key.pem",
"owner": "octavia",
"perm": "0600"
}
}{% endif %}
]
}