octavia: Add support for disabling amphora provider

Change-Id: I1010ee42aaf1c650d9e3b5332ebf828646a6badf
This commit is contained in:
Michał Nasiadka 2021-03-29 18:01:39 +02:00 committed by Michal Nasiadka
parent 93c4448365
commit 810c4d9471
5 changed files with 70 additions and 69 deletions

View File

@ -100,69 +100,67 @@
notify: notify:
- "Restart {{ item.key }} container" - "Restart {{ item.key }} container"
- name: Copying over Octavia SSH key - block:
copy:
content: "{{ octavia_amp_ssh_key.private_key }}"
dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0400"
become: True
when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
- name: Copying certificate files for octavia-worker - name: Copying over Octavia SSH key
vars: copy:
service: "{{ octavia_services['octavia-worker'] }}" content: "{{ octavia_amp_ssh_key.private_key }}"
copy: dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
src: "{{ node_custom_config }}/octavia/{{ item }}" owner: "{{ config_owner_user }}"
dest: "{{ node_config_directory }}/octavia-worker/{{ item }}" group: "{{ config_owner_group }}"
mode: "0660" mode: "0400"
become: true become: True
when: when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- client.cert-and-key.pem
- client_ca.cert.pem
- server_ca.cert.pem
- server_ca.key.pem
notify:
- Restart octavia-worker container
- name: Copying certificate files for octavia-housekeeping - name: Copying certificate files for octavia-worker
vars: vars:
service: "{{ octavia_services['octavia-housekeeping'] }}" service: "{{ octavia_services['octavia-worker'] }}"
copy: copy:
src: "{{ node_custom_config }}/octavia/{{ item }}" src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}" dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
mode: "0660" mode: "0660"
become: true become: true
when: when:
- inventory_hostname in groups[service.group] - inventory_hostname in groups[service.group]
- service.enabled | bool - service.enabled | bool
with_items: with_items: "{{ octavia_amphora_keys }}"
- client.cert-and-key.pem notify:
- client_ca.cert.pem - Restart octavia-worker container
- server_ca.cert.pem
- server_ca.key.pem
notify:
- Restart octavia-housekeeping container
- name: Copying certificate files for octavia-health-manager - name: Copying certificate files for octavia-housekeeping
vars:
service: "{{ octavia_services['octavia-housekeeping'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items: "{{ octavia_amphora_keys }}"
notify:
- Restart octavia-housekeeping container
- name: Copying certificate files for octavia-health-manager
vars:
service: "{{ octavia_services['octavia-health-manager'] }}"
copy:
src: "{{ node_custom_config }}/octavia/{{ item }}"
dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items: "{{ octavia_amphora_keys }}"
notify:
- Restart octavia-health-manager container
when: "'amphora' in octavia_provider_drivers"
vars: vars:
service: "{{ octavia_services['octavia-health-manager'] }}" octavia_amphora_keys:
copy: - client.cert-and-key.pem
src: "{{ node_custom_config }}/octavia/{{ item }}" - client_ca.cert.pem
dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}" - server_ca.cert.pem
mode: "0660" - server_ca.key.pem
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- client.cert-and-key.pem
- client_ca.cert.pem
- server_ca.cert.pem
- server_ca.key.pem
notify:
- Restart octavia-health-manager container

View File

@ -41,6 +41,7 @@
Octavia's certificate configuration has been changed since Train. The new Octavia's certificate configuration has been changed since Train. The new
configuration requires 4 PEM files. Please check certificate configuration configuration requires 4 PEM files. Please check certificate configuration
guide at https://docs.openstack.org/octavia/latest/admin/guides/certificates.html guide at https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
when: "'amphora' in octavia_provider_drivers"
- name: Checking certificate files exist for octavia - name: Checking certificate files exist for octavia
stat: stat:
@ -49,7 +50,9 @@
run_once: True run_once: True
register: result register: result
failed_when: not result.stat.exists failed_when: not result.stat.exists
when: inventory_hostname in groups['octavia-worker'] when:
- inventory_hostname in groups['octavia-worker']
- "'amphora' in octavia_provider_drivers"
with_items: with_items:
- client.cert-and-key.pem - client.cert-and-key.pem
- client_ca.cert.pem - client_ca.cert.pem

View File

@ -6,7 +6,7 @@
"dest": "/etc/octavia/octavia.conf", "dest": "/etc/octavia/octavia.conf",
"owner": "octavia", "owner": "octavia",
"perm": "0600" "perm": "0600"
}, }{% if 'amphora' in octavia_provider_drivers %},
{ {
"source": "{{ container_config_directory }}/client.cert-and-key.pem", "source": "{{ container_config_directory }}/client.cert-and-key.pem",
"dest": "/etc/octavia/certs/client.cert-and-key.pem", "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@ -30,6 +30,6 @@
"dest": "/etc/octavia/certs/server_ca.key.pem", "dest": "/etc/octavia/certs/server_ca.key.pem",
"owner": "octavia", "owner": "octavia",
"perm": "0600" "perm": "0600"
} }{% endif %}
] ]
} }

View File

@ -6,7 +6,7 @@
"dest": "/etc/octavia/octavia.conf", "dest": "/etc/octavia/octavia.conf",
"owner": "octavia", "owner": "octavia",
"perm": "0600" "perm": "0600"
}, }{% if 'amphora' in octavia_provider_drivers %},
{ {
"source": "{{ container_config_directory }}/client.cert-and-key.pem", "source": "{{ container_config_directory }}/client.cert-and-key.pem",
"dest": "/etc/octavia/certs/client.cert-and-key.pem", "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@ -30,6 +30,6 @@
"dest": "/etc/octavia/certs/server_ca.key.pem", "dest": "/etc/octavia/certs/server_ca.key.pem",
"owner": "octavia", "owner": "octavia",
"perm": "0600" "perm": "0600"
} }{% endif %}
] ]
} }

View File

@ -6,7 +6,7 @@
"dest": "/etc/octavia/octavia.conf", "dest": "/etc/octavia/octavia.conf",
"owner": "octavia", "owner": "octavia",
"perm": "0600" "perm": "0600"
}, }{% if 'amphora' in octavia_provider_drivers %},
{ {
"source": "{{ container_config_directory }}/client.cert-and-key.pem", "source": "{{ container_config_directory }}/client.cert-and-key.pem",
"dest": "/etc/octavia/certs/client.cert-and-key.pem", "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@ -30,6 +30,6 @@
"dest": "/etc/octavia/certs/server_ca.key.pem", "dest": "/etc/octavia/certs/server_ca.key.pem",
"owner": "octavia", "owner": "octavia",
"perm": "0600" "perm": "0600"
} }{% endif %}
] ]
} }