From 775d8019b61dff3fcefc5c2eeb25a33af240941f Mon Sep 17 00:00:00 2001
From: Eduardo Gonzalez <dabarren@gmail.com>
Date: Fri, 18 Nov 2016 17:36:00 +0000
Subject: [PATCH] Add custom policies in service.json
Include custom policy.json files in service-api.json.j2 files
Change-Id: Ic55bfc6f61131aa72c3497ce8b2282056bcc7f92
Partially-Implements: blueprint custom-policies
---
ansible/roles/aodh/templates/aodh-api.json.j2 | 7 +++++++
ansible/roles/aodh/templates/aodh-evaluator.json.j2 | 7 +++++++
ansible/roles/aodh/templates/aodh-listener.json.j2 | 7 +++++++
ansible/roles/aodh/templates/aodh-notifier.json.j2 | 7 +++++++
ansible/roles/barbican/templates/barbican-api.json.j2 | 7 +++++++
.../templates/barbican-keystone-listener.json.j2 | 7 +++++++
ansible/roles/barbican/templates/barbican-worker.json.j2 | 7 +++++++
.../roles/ceilometer/templates/ceilometer-api.json.j2 | 7 +++++++
.../ceilometer/templates/ceilometer-central.json.j2 | 7 +++++++
.../ceilometer/templates/ceilometer-collector.json.j2 | 7 +++++++
.../ceilometer/templates/ceilometer-compute.json.j2 | 7 +++++++
.../ceilometer/templates/ceilometer-notification.json.j2 | 7 +++++++
ansible/roles/cinder/templates/cinder-api.json.j2 | 7 +++++++
ansible/roles/cinder/templates/cinder-backup.json.j2 | 7 +++++++
ansible/roles/cinder/templates/cinder-scheduler.json.j2 | 7 +++++++
ansible/roles/cinder/templates/cinder-volume.json.j2 | 7 +++++++
.../roles/cloudkitty/templates/cloudkitty-api.json.j2 | 7 +++++++
.../cloudkitty/templates/cloudkitty-processor.json.j2 | 7 +++++++
ansible/roles/congress/templates/congress-api.json.j2 | 7 +++++++
.../roles/congress/templates/congress-datasource.json.j2 | 7 +++++++
.../congress/templates/congress-policy-engine.json.j2 | 7 +++++++
ansible/roles/glance/templates/glance-api.json.j2 | 7 +++++++
ansible/roles/glance/templates/glance-registry.json.j2 | 7 +++++++
ansible/roles/gnocchi/templates/gnocchi-api.json.j2 | 7 +++++++
ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2 | 7 +++++++
ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2 | 7 +++++++
ansible/roles/heat/templates/heat-api-cfn.json.j2 | 7 +++++++
ansible/roles/heat/templates/heat-api.json.j2 | 9 ++++++++-
ansible/roles/heat/templates/heat-engine.json.j2 | 7 +++++++
ansible/roles/ironic/templates/ironic-api.json.j2 | 7 +++++++
ansible/roles/ironic/templates/ironic-conductor.json.j2 | 7 +++++++
ansible/roles/ironic/templates/ironic-inspector.json.j2 | 7 +++++++
ansible/roles/keystone/templates/keystone-fernet.json.j2 | 7 +++++++
ansible/roles/kuryr/templates/kuryr.json.j2 | 7 +++++++
ansible/roles/magnum/templates/magnum-api.json.j2 | 7 +++++++
ansible/roles/magnum/templates/magnum-conductor.json.j2 | 7 +++++++
ansible/roles/manila/templates/manila-api.json.j2 | 7 +++++++
ansible/roles/manila/templates/manila-data.json.j2 | 7 +++++++
ansible/roles/manila/templates/manila-scheduler.json.j2 | 7 +++++++
ansible/roles/manila/templates/manila-share.json.j2 | 7 +++++++
ansible/roles/mistral/templates/mistral-api.json.j2 | 7 +++++++
ansible/roles/mistral/templates/mistral-engine.json.j2 | 7 +++++++
ansible/roles/mistral/templates/mistral-executor.json.j2 | 7 +++++++
ansible/roles/murano/templates/murano-api.json.j2 | 7 +++++++
ansible/roles/murano/templates/murano-engine.json.j2 | 7 +++++++
.../roles/neutron/templates/neutron-dhcp-agent.json.j2 | 7 +++++++
ansible/roles/neutron/templates/neutron-l3-agent.json.j2 | 7 +++++++
.../roles/neutron/templates/neutron-lbaas-agent.json.j2 | 7 +++++++
.../neutron/templates/neutron-linuxbridge-agent.json.j2 | 7 +++++++
.../neutron/templates/neutron-metadata-agent.json.j2 | 7 +++++++
.../neutron/templates/neutron-openvswitch-agent.json.j2 | 7 +++++++
ansible/roles/neutron/templates/neutron-server.json.j2 | 7 +++++++
.../roles/neutron/templates/neutron-vpnaas-agent.json.j2 | 7 +++++++
ansible/roles/nova/templates/nova-api.json.j2 | 7 +++++++
ansible/roles/nova/templates/nova-compute-ironic.json.j2 | 7 +++++++
ansible/roles/nova/templates/nova-compute.json.j2 | 7 +++++++
ansible/roles/nova/templates/nova-conductor.json.j2 | 7 +++++++
ansible/roles/nova/templates/nova-consoleauth.json.j2 | 7 +++++++
ansible/roles/nova/templates/nova-novncproxy.json.j2 | 7 +++++++
ansible/roles/nova/templates/nova-scheduler.json.j2 | 7 +++++++
.../roles/nova/templates/nova-spicehtml5proxy.json.j2 | 7 +++++++
ansible/roles/rally/templates/rally.json.j2 | 7 +++++++
ansible/roles/sahara/templates/sahara-api.json.j2 | 7 +++++++
ansible/roles/sahara/templates/sahara-engine.json.j2 | 7 +++++++
.../roles/searchlight/templates/searchlight-api.json.j2 | 7 +++++++
.../searchlight/templates/searchlight-listener.json.j2 | 7 +++++++
ansible/roles/senlin/templates/senlin-api.json.j2 | 7 +++++++
ansible/roles/senlin/templates/senlin-engine.json.j2 | 7 +++++++
.../roles/swift/templates/swift-account-auditor.json.j2 | 7 +++++++
.../roles/swift/templates/swift-account-reaper.json.j2 | 7 +++++++
.../swift/templates/swift-account-replicator.json.j2 | 7 +++++++
.../roles/swift/templates/swift-account-server.json.j2 | 7 +++++++
.../swift/templates/swift-container-auditor.json.j2 | 7 +++++++
.../swift/templates/swift-container-replicator.json.j2 | 7 +++++++
.../roles/swift/templates/swift-container-server.json.j2 | 7 +++++++
.../swift/templates/swift-container-updater.json.j2 | 7 +++++++
.../roles/swift/templates/swift-object-auditor.json.j2 | 7 +++++++
.../roles/swift/templates/swift-object-expirer.json.j2 | 7 +++++++
.../swift/templates/swift-object-replicator.json.j2 | 7 +++++++
.../roles/swift/templates/swift-object-server.json.j2 | 7 +++++++
.../roles/swift/templates/swift-object-updater.json.j2 | 7 +++++++
ansible/roles/swift/templates/swift-proxy-server.json.j2 | 7 +++++++
ansible/roles/tempest/templates/tempest.json.j2 | 7 +++++++
ansible/roles/watcher/templates/watcher-api.json.j2 | 7 +++++++
ansible/roles/watcher/templates/watcher-applier.json.j2 | 7 +++++++
ansible/roles/watcher/templates/watcher-engine.json.j2 | 7 +++++++
86 files changed, 603 insertions(+), 1 deletion(-)
diff --git a/ansible/roles/aodh/templates/aodh-api.json.j2 b/ansible/roles/aodh/templates/aodh-api.json.j2
index fc6b0b0815..fc4b127a70 100644
--- a/ansible/roles/aodh/templates/aodh-api.json.j2
+++ b/ansible/roles/aodh/templates/aodh-api.json.j2
@@ -14,6 +14,13 @@
"dest": "/etc/{{ aodh_dir }}/wsgi-aodh.conf",
"owner": "root",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/aodh/policy.json",
+ "owner": "aodh",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/aodh/templates/aodh-evaluator.json.j2 b/ansible/roles/aodh/templates/aodh-evaluator.json.j2
index 220be5a1e0..788915c77c 100644
--- a/ansible/roles/aodh/templates/aodh-evaluator.json.j2
+++ b/ansible/roles/aodh/templates/aodh-evaluator.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/aodh/aodh.conf",
"owner": "aodh",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/aodh/policy.json",
+ "owner": "aodh",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/aodh/templates/aodh-listener.json.j2 b/ansible/roles/aodh/templates/aodh-listener.json.j2
index 3b75e64c80..2f438d139c 100644
--- a/ansible/roles/aodh/templates/aodh-listener.json.j2
+++ b/ansible/roles/aodh/templates/aodh-listener.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/aodh/aodh.conf",
"owner": "aodh",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/aodh/policy.json",
+ "owner": "aodh",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/aodh/templates/aodh-notifier.json.j2 b/ansible/roles/aodh/templates/aodh-notifier.json.j2
index da910cd2ba..63db1f34f6 100644
--- a/ansible/roles/aodh/templates/aodh-notifier.json.j2
+++ b/ansible/roles/aodh/templates/aodh-notifier.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/aodh/aodh.conf",
"owner": "aodh",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/aodh/policy.json",
+ "owner": "aodh",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/barbican/templates/barbican-api.json.j2 b/ansible/roles/barbican/templates/barbican-api.json.j2
index 5fbdea25f6..411d28c119 100644
--- a/ansible/roles/barbican/templates/barbican-api.json.j2
+++ b/ansible/roles/barbican/templates/barbican-api.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/barbican/barbican-api-paste.ini",
"owner": "barbican",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/barbican/policy.json",
+ "owner": "barbican",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
index 15fc7b54d9..5422160a59 100644
--- a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
+++ b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/barbican/barbican.conf",
"owner": "barbican",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/barbican/policy.json",
+ "owner": "barbican",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/barbican/templates/barbican-worker.json.j2 b/ansible/roles/barbican/templates/barbican-worker.json.j2
index 1608df871c..56fb1cf27d 100644
--- a/ansible/roles/barbican/templates/barbican-worker.json.j2
+++ b/ansible/roles/barbican/templates/barbican-worker.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/barbican/barbican.conf",
"owner": "barbican",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/barbican/policy.json",
+ "owner": "barbican",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
index ed8ae5ebe1..500f9979fc 100644
--- a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
@@ -15,6 +15,13 @@
"dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
"owner": "ceilometer",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ceilometer/policy.json",
+ "owner": "ceilometer",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/ceilometer/templates/ceilometer-central.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-central.json.j2
index e879afd594..3468478874 100644
--- a/ansible/roles/ceilometer/templates/ceilometer-central.json.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer-central.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/ceilometer/ceilometer.conf",
"owner": "ceilometer",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ceilometer/policy.json",
+ "owner": "ceilometer",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2
index 32970e1271..99da6248a5 100644
--- a/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer-collector.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/ceilometer/ceilometer.conf",
"owner": "ceilometer",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ceilometer/policy.json",
+ "owner": "ceilometer",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2
index b8ed69455b..9a71849958 100644
--- a/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer-compute.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/ceilometer/ceilometer.conf",
"owner": "ceilometer",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ceilometer/policy.json",
+ "owner": "ceilometer",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2
index 769a8c8ce1..354ecf7a95 100644
--- a/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer-notification.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/ceilometer/pipeline.yaml",
"owner": "ceilometer",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ceilometer/policy.json",
+ "owner": "ceilometer",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/cinder/templates/cinder-api.json.j2 b/ansible/roles/cinder/templates/cinder-api.json.j2
index 27825ed506..4733681256 100644
--- a/ansible/roles/cinder/templates/cinder-api.json.j2
+++ b/ansible/roles/cinder/templates/cinder-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/cinder/cinder.conf",
"owner": "cinder",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/cinder/policy.json",
+ "owner": "cinder",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/cinder/templates/cinder-backup.json.j2 b/ansible/roles/cinder/templates/cinder-backup.json.j2
index d42428ac16..a24b2f062b 100644
--- a/ansible/roles/cinder/templates/cinder-backup.json.j2
+++ b/ansible/roles/cinder/templates/cinder-backup.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/cinder/cinder.conf",
"owner": "cinder",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/cinder/policy.json",
+ "owner": "cinder",
+ "perm": "0600",
+ "optional": true
}{% if cinder_backend_ceph | bool %},
{
"source": "{{ container_config_directory }}/ceph.*",
diff --git a/ansible/roles/cinder/templates/cinder-scheduler.json.j2 b/ansible/roles/cinder/templates/cinder-scheduler.json.j2
index b5ef7b5481..84fdfe3d46 100644
--- a/ansible/roles/cinder/templates/cinder-scheduler.json.j2
+++ b/ansible/roles/cinder/templates/cinder-scheduler.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/cinder/cinder.conf",
"owner": "cinder",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/cinder/policy.json",
+ "owner": "cinder",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/cinder/templates/cinder-volume.json.j2 b/ansible/roles/cinder/templates/cinder-volume.json.j2
index 5dc729b145..c00ea1a016 100644
--- a/ansible/roles/cinder/templates/cinder-volume.json.j2
+++ b/ansible/roles/cinder/templates/cinder-volume.json.j2
@@ -27,6 +27,13 @@
"owner": "cinder",
"perm": "0600",
"optional": {{ (not enable_cinder_backend_nfs | bool) | string | lower }}
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/cinder/policy.json",
+ "owner": "cinder",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
index 83b37763f7..0b7a828a13 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/cloudkitty/cloudkitty.conf",
"owner": "cloudkitty",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/cloudkitty/policy.json",
+ "owner": "cloudkitty",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
index 8b8d95e076..06f83feada 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/cloudkitty/cloudkitty.conf",
"owner": "cloudkitty",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/cloudkitty/policy.json",
+ "owner": "cloudkitty",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/congress/templates/congress-api.json.j2 b/ansible/roles/congress/templates/congress-api.json.j2
index 85d858aef3..f436301a0e 100644
--- a/ansible/roles/congress/templates/congress-api.json.j2
+++ b/ansible/roles/congress/templates/congress-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/congress/policy.json",
+ "owner": "congress",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/congress/templates/congress-datasource.json.j2 b/ansible/roles/congress/templates/congress-datasource.json.j2
index a83c5ffd72..d3edbb9280 100644
--- a/ansible/roles/congress/templates/congress-datasource.json.j2
+++ b/ansible/roles/congress/templates/congress-datasource.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/congress/policy.json",
+ "owner": "congress",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/congress/templates/congress-policy-engine.json.j2 b/ansible/roles/congress/templates/congress-policy-engine.json.j2
index 0d6654a243..f3853e96b2 100644
--- a/ansible/roles/congress/templates/congress-policy-engine.json.j2
+++ b/ansible/roles/congress/templates/congress-policy-engine.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/congress/policy.json",
+ "owner": "congress",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/glance/templates/glance-api.json.j2 b/ansible/roles/glance/templates/glance-api.json.j2
index 2b6caebbdb..fd15198c0e 100644
--- a/ansible/roles/glance/templates/glance-api.json.j2
+++ b/ansible/roles/glance/templates/glance-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/glance/glance-api.conf",
"owner": "glance",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/glance/policy.json",
+ "owner": "glance",
+ "perm": "0600",
+ "optional": true
}{% if glance_backend_ceph | bool %},
{
"source": "{{ container_config_directory }}/ceph.*",
diff --git a/ansible/roles/glance/templates/glance-registry.json.j2 b/ansible/roles/glance/templates/glance-registry.json.j2
index bfd60c507a..46dd517364 100644
--- a/ansible/roles/glance/templates/glance-registry.json.j2
+++ b/ansible/roles/glance/templates/glance-registry.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/glance/glance-registry.conf",
"owner": "glance",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/glance/policy.json",
+ "owner": "glance",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
index 583e6e9a29..1547d155b2 100644
--- a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
@@ -20,6 +20,13 @@
"dest": "/etc/{{ gnocchi_dir }}/wsgi-gnocchi.conf",
"owner": "gnocchi",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/gnocchi/policy.json",
+ "owner": "gnocchi",
+ "perm": "0600",
+ "optional": true
}{% if gnocchi_backend_storage == 'ceph' %},
{
"source": "{{ container_config_directory }}/ceph.conf",
diff --git a/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2
index 9188a1c8e8..25e63ac232 100644
--- a/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi-metricd.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/gnocchi/gnocchi.conf",
"owner": "gnocchi",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/gnocchi/policy.json",
+ "owner": "gnocchi",
+ "perm": "0600",
+ "optional": true
}{% if gnocchi_backend_storage == 'ceph' %},
{
"source": "{{ container_config_directory }}/ceph.conf",
diff --git a/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2
index 83073147b3..0fad3b6e14 100644
--- a/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi-statsd.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/gnocchi/gnocchi.conf",
"owner": "gnocchi",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/gnocchi/policy.json",
+ "owner": "gnocchi",
+ "perm": "0600",
+ "optional": true
}{% if gnocchi_backend_storage == 'ceph' %},
{
"source": "{{ container_config_directory }}/ceph.conf",
diff --git a/ansible/roles/heat/templates/heat-api-cfn.json.j2 b/ansible/roles/heat/templates/heat-api-cfn.json.j2
index 30f266582d..40d7987c94 100644
--- a/ansible/roles/heat/templates/heat-api-cfn.json.j2
+++ b/ansible/roles/heat/templates/heat-api-cfn.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/heat/heat.conf",
"owner": "heat",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/heat/policy.json",
+ "owner": "heat",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/heat/templates/heat-api.json.j2 b/ansible/roles/heat/templates/heat-api.json.j2
index c198cbf4be..bc11a53e01 100644
--- a/ansible/roles/heat/templates/heat-api.json.j2
+++ b/ansible/roles/heat/templates/heat-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/heat/heat.conf",
"owner": "heat",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/heat/policy.json",
+ "owner": "heat",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
@@ -14,5 +21,5 @@
"owner": "heat:heat",
"recurse": true
}
- ]
+ ]
}
diff --git a/ansible/roles/heat/templates/heat-engine.json.j2 b/ansible/roles/heat/templates/heat-engine.json.j2
index 40d76a08f0..c9bda6aaf7 100644
--- a/ansible/roles/heat/templates/heat-engine.json.j2
+++ b/ansible/roles/heat/templates/heat-engine.json.j2
@@ -12,6 +12,13 @@
"dest": "/etc/heat/environment.d/_deprecated.yaml",
"owner": "heat",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/heat/policy.json",
+ "owner": "heat",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/ironic/templates/ironic-api.json.j2 b/ansible/roles/ironic/templates/ironic-api.json.j2
index bf10f31058..ff0917118f 100644
--- a/ansible/roles/ironic/templates/ironic-api.json.j2
+++ b/ansible/roles/ironic/templates/ironic-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/ironic/ironic.conf",
"owner": "ironic",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ironic/policy.json",
+ "owner": "ironic",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/ironic/templates/ironic-conductor.json.j2 b/ansible/roles/ironic/templates/ironic-conductor.json.j2
index 46aa5ed6b8..969b1f7496 100644
--- a/ansible/roles/ironic/templates/ironic-conductor.json.j2
+++ b/ansible/roles/ironic/templates/ironic-conductor.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/ironic/ironic.conf",
"owner": "ironic",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ironic/policy.json",
+ "owner": "ironic",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2
index fee13e3e45..e4c362050a 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.json.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/ironic-inspector/ironic.conf",
"owner": "ironic",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/ironic/policy.json",
+ "owner": "ironic",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/keystone/templates/keystone-fernet.json.j2 b/ansible/roles/keystone/templates/keystone-fernet.json.j2
index 9078977b5e..f1019a5374 100644
--- a/ansible/roles/keystone/templates/keystone-fernet.json.j2
+++ b/ansible/roles/keystone/templates/keystone-fernet.json.j2
@@ -36,6 +36,13 @@
"dest": "/var/lib/keystone/.ssh/id_rsa",
"owner": "keystone",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/keystone/policy.json",
+ "owner": "keystone",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/kuryr/templates/kuryr.json.j2 b/ansible/roles/kuryr/templates/kuryr.json.j2
index 373c25a767..76602c1943 100644
--- a/ansible/roles/kuryr/templates/kuryr.json.j2
+++ b/ansible/roles/kuryr/templates/kuryr.json.j2
@@ -12,6 +12,13 @@
"dest": "/usr/lib/docker/plugins/kuryr/kuryr.spec",
"owner": "root",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/kuryr/policy.json",
+ "owner": "kuryr",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/magnum/templates/magnum-api.json.j2 b/ansible/roles/magnum/templates/magnum-api.json.j2
index b79de70053..e191b862f1 100644
--- a/ansible/roles/magnum/templates/magnum-api.json.j2
+++ b/ansible/roles/magnum/templates/magnum-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/magnum/magnum.conf",
"owner": "magnum",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/magnum/policy.json",
+ "owner": "magnum",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/magnum/templates/magnum-conductor.json.j2 b/ansible/roles/magnum/templates/magnum-conductor.json.j2
index 40a6fa2657..ecf1d74c0a 100644
--- a/ansible/roles/magnum/templates/magnum-conductor.json.j2
+++ b/ansible/roles/magnum/templates/magnum-conductor.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/magnum/magnum.conf",
"owner": "magnum",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/magnum/policy.json",
+ "owner": "magnum",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/manila/templates/manila-api.json.j2 b/ansible/roles/manila/templates/manila-api.json.j2
index 2d6196459d..9155783078 100644
--- a/ansible/roles/manila/templates/manila-api.json.j2
+++ b/ansible/roles/manila/templates/manila-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/manila/manila.conf",
"owner": "manila",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/manila/policy.json",
+ "owner": "manila",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/manila/templates/manila-data.json.j2 b/ansible/roles/manila/templates/manila-data.json.j2
index b5a8ce2bba..715f7dc0e4 100644
--- a/ansible/roles/manila/templates/manila-data.json.j2
+++ b/ansible/roles/manila/templates/manila-data.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/manila/manila.conf",
"owner": "manila",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/manila/policy.json",
+ "owner": "manila",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/manila/templates/manila-scheduler.json.j2 b/ansible/roles/manila/templates/manila-scheduler.json.j2
index e59e85b5bd..d814133885 100644
--- a/ansible/roles/manila/templates/manila-scheduler.json.j2
+++ b/ansible/roles/manila/templates/manila-scheduler.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/manila/manila.conf",
"owner": "manila",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/manila/policy.json",
+ "owner": "manila",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/manila/templates/manila-share.json.j2 b/ansible/roles/manila/templates/manila-share.json.j2
index 3108156554..974169063d 100644
--- a/ansible/roles/manila/templates/manila-share.json.j2
+++ b/ansible/roles/manila/templates/manila-share.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/manila/manila.conf",
"owner": "manila",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/manila/policy.json",
+ "owner": "manila",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/mistral/templates/mistral-api.json.j2 b/ansible/roles/mistral/templates/mistral-api.json.j2
index 3fdb470826..2b5c5c4022 100644
--- a/ansible/roles/mistral/templates/mistral-api.json.j2
+++ b/ansible/roles/mistral/templates/mistral-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/mistral/policy.json",
+ "owner": "mistral",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/mistral/templates/mistral-engine.json.j2 b/ansible/roles/mistral/templates/mistral-engine.json.j2
index a37250facd..bf3df91863 100644
--- a/ansible/roles/mistral/templates/mistral-engine.json.j2
+++ b/ansible/roles/mistral/templates/mistral-engine.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/mistral/policy.json",
+ "owner": "mistral",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/mistral/templates/mistral-executor.json.j2 b/ansible/roles/mistral/templates/mistral-executor.json.j2
index 405a20183d..091818ad59 100644
--- a/ansible/roles/mistral/templates/mistral-executor.json.j2
+++ b/ansible/roles/mistral/templates/mistral-executor.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/mistral/policy.json",
+ "owner": "mistral",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/murano/templates/murano-api.json.j2 b/ansible/roles/murano/templates/murano-api.json.j2
index 07a6b8693d..b1a9f59c6a 100644
--- a/ansible/roles/murano/templates/murano-api.json.j2
+++ b/ansible/roles/murano/templates/murano-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/murano/murano.conf",
"owner": "murano",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/murano/policy.json",
+ "owner": "murano",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/murano/templates/murano-engine.json.j2 b/ansible/roles/murano/templates/murano-engine.json.j2
index 98a328e72b..dd25aea65f 100644
--- a/ansible/roles/murano/templates/murano-engine.json.j2
+++ b/ansible/roles/murano/templates/murano-engine.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/murano/murano.conf",
"owner": "murano",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/murano/policy.json",
+ "owner": "murano",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
index f5eed2a526..5244a5b7e9 100644
--- a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/neutron/dnsmasq.conf",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
index d3ef7653fb..03fcadb12e 100644
--- a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/neutron/l3_agent.ini",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2 b/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2
index 0955c30514..3ad6253b62 100644
--- a/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-lbaas-agent.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
index 6055414af3..6dfd44811f 100644
--- a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
@@ -12,6 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
index 205ad3bd34..f4b48ac763 100644
--- a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/neutron/metadata_agent.ini",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
index 853db81085..e5dfd784c7 100644
--- a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
@@ -12,6 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2
index 36402f0a5e..3305eb4fa1 100644
--- a/ansible/roles/neutron/templates/neutron-server.json.j2
+++ b/ansible/roles/neutron/templates/neutron-server.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2 b/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2
index 2c0853d488..265c935a62 100644
--- a/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-vpnaas-agent.json.j2
@@ -30,6 +30,13 @@
"dest": "/etc/neutron/vpnaas_agent.ini",
"owner": "neutron",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/neutron/policy.json",
+ "owner": "neutron",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-api.json.j2 b/ansible/roles/nova/templates/nova-api.json.j2
index 28642bd593..d669bfdaf8 100644
--- a/ansible/roles/nova/templates/nova-api.json.j2
+++ b/ansible/roles/nova/templates/nova-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-compute-ironic.json.j2 b/ansible/roles/nova/templates/nova-compute-ironic.json.j2
index 94e2b5faef..92c0ee71b7 100644
--- a/ansible/roles/nova/templates/nova-compute-ironic.json.j2
+++ b/ansible/roles/nova/templates/nova-compute-ironic.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-compute.json.j2 b/ansible/roles/nova/templates/nova-compute.json.j2
index 018bf7a809..d37f071573 100644
--- a/ansible/roles/nova/templates/nova-compute.json.j2
+++ b/ansible/roles/nova/templates/nova-compute.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}{% if nova_backend == "rbd" %},
{
"source": "{{ container_config_directory }}/ceph.*",
diff --git a/ansible/roles/nova/templates/nova-conductor.json.j2 b/ansible/roles/nova/templates/nova-conductor.json.j2
index 6a7328713d..50bcd53693 100644
--- a/ansible/roles/nova/templates/nova-conductor.json.j2
+++ b/ansible/roles/nova/templates/nova-conductor.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-consoleauth.json.j2 b/ansible/roles/nova/templates/nova-consoleauth.json.j2
index 9cc3240d7d..af6a6c992c 100644
--- a/ansible/roles/nova/templates/nova-consoleauth.json.j2
+++ b/ansible/roles/nova/templates/nova-consoleauth.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-novncproxy.json.j2 b/ansible/roles/nova/templates/nova-novncproxy.json.j2
index d34efb3d69..11e2bbf06b 100644
--- a/ansible/roles/nova/templates/nova-novncproxy.json.j2
+++ b/ansible/roles/nova/templates/nova-novncproxy.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-scheduler.json.j2 b/ansible/roles/nova/templates/nova-scheduler.json.j2
index 36638987a0..b59f2f0e47 100644
--- a/ansible/roles/nova/templates/nova-scheduler.json.j2
+++ b/ansible/roles/nova/templates/nova-scheduler.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2 b/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2
index e12354bf43..b1a218bb82 100644
--- a/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2
+++ b/ansible/roles/nova/templates/nova-spicehtml5proxy.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/nova/nova.conf",
"owner": "nova",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/nova/policy.json",
+ "owner": "nova",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/rally/templates/rally.json.j2 b/ansible/roles/rally/templates/rally.json.j2
index 3db0d88109..99cf576253 100644
--- a/ansible/roles/rally/templates/rally.json.j2
+++ b/ansible/roles/rally/templates/rally.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/rally/rally.conf",
"owner": "rally",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/rally/policy.json",
+ "owner": "rally",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/sahara/templates/sahara-api.json.j2 b/ansible/roles/sahara/templates/sahara-api.json.j2
index 33e45f49ec..8b28d30c99 100644
--- a/ansible/roles/sahara/templates/sahara-api.json.j2
+++ b/ansible/roles/sahara/templates/sahara-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/sahara/sahara.conf",
"owner": "sahara",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/sahara/policy.json",
+ "owner": "sahara",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/sahara/templates/sahara-engine.json.j2 b/ansible/roles/sahara/templates/sahara-engine.json.j2
index f677b503d5..3e3a70de3b 100644
--- a/ansible/roles/sahara/templates/sahara-engine.json.j2
+++ b/ansible/roles/sahara/templates/sahara-engine.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/sahara/sahara.conf",
"owner": "sahara",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/sahara/policy.json",
+ "owner": "sahara",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/searchlight/templates/searchlight-api.json.j2 b/ansible/roles/searchlight/templates/searchlight-api.json.j2
index a003291ba8..bab8e9963a 100644
--- a/ansible/roles/searchlight/templates/searchlight-api.json.j2
+++ b/ansible/roles/searchlight/templates/searchlight-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/searchlight/searchlight.conf",
"owner": "searchlight",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/searchlight/policy.json",
+ "owner": "searchlight",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/searchlight/templates/searchlight-listener.json.j2 b/ansible/roles/searchlight/templates/searchlight-listener.json.j2
index 5f06a04993..18ec8e51b1 100644
--- a/ansible/roles/searchlight/templates/searchlight-listener.json.j2
+++ b/ansible/roles/searchlight/templates/searchlight-listener.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/searchlight/searchlight.conf",
"owner": "searchlight",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/searchlight/policy.json",
+ "owner": "searchlight",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/senlin/templates/senlin-api.json.j2 b/ansible/roles/senlin/templates/senlin-api.json.j2
index 0e287719b8..ce59e5d7ff 100644
--- a/ansible/roles/senlin/templates/senlin-api.json.j2
+++ b/ansible/roles/senlin/templates/senlin-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/senlin/senlin.conf",
"owner": "senlin",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/senlin/policy.json",
+ "owner": "senlin",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/senlin/templates/senlin-engine.json.j2 b/ansible/roles/senlin/templates/senlin-engine.json.j2
index bc643475ed..f05f8f6fe6 100644
--- a/ansible/roles/senlin/templates/senlin-engine.json.j2
+++ b/ansible/roles/senlin/templates/senlin-engine.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/senlin/senlin.conf",
"owner": "senlin",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/senlin/policy.json",
+ "owner": "senlin",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/swift/templates/swift-account-auditor.json.j2 b/ansible/roles/swift/templates/swift-account-auditor.json.j2
index ccdd21a429..38e65d81aa 100644
--- a/ansible/roles/swift/templates/swift-account-auditor.json.j2
+++ b/ansible/roles/swift/templates/swift-account-auditor.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/swift/account-auditor.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-account-reaper.json.j2 b/ansible/roles/swift/templates/swift-account-reaper.json.j2
index 9471bfd502..b93ccf36cf 100644
--- a/ansible/roles/swift/templates/swift-account-reaper.json.j2
+++ b/ansible/roles/swift/templates/swift-account-reaper.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/swift/account-reaper.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-account-replicator.json.j2 b/ansible/roles/swift/templates/swift-account-replicator.json.j2
index a079cd13af..a49731935b 100644
--- a/ansible/roles/swift/templates/swift-account-replicator.json.j2
+++ b/ansible/roles/swift/templates/swift-account-replicator.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/swift/account-replicator.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-account-server.json.j2 b/ansible/roles/swift/templates/swift-account-server.json.j2
index 516c836d88..998e06b138 100644
--- a/ansible/roles/swift/templates/swift-account-server.json.j2
+++ b/ansible/roles/swift/templates/swift-account-server.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/swift/account-server.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-container-auditor.json.j2 b/ansible/roles/swift/templates/swift-container-auditor.json.j2
index 05ed8105a2..7044109718 100644
--- a/ansible/roles/swift/templates/swift-container-auditor.json.j2
+++ b/ansible/roles/swift/templates/swift-container-auditor.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/swift/container-auditor.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-container-replicator.json.j2 b/ansible/roles/swift/templates/swift-container-replicator.json.j2
index 5821930a29..76d0a190df 100644
--- a/ansible/roles/swift/templates/swift-container-replicator.json.j2
+++ b/ansible/roles/swift/templates/swift-container-replicator.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/swift/container-replicator.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-container-server.json.j2 b/ansible/roles/swift/templates/swift-container-server.json.j2
index 538001ee3d..a9870e5bd2 100644
--- a/ansible/roles/swift/templates/swift-container-server.json.j2
+++ b/ansible/roles/swift/templates/swift-container-server.json.j2
@@ -18,6 +18,13 @@
"dest": "/etc/swift/container-server.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-container-updater.json.j2 b/ansible/roles/swift/templates/swift-container-updater.json.j2
index 123c911cea..0f59961b6f 100644
--- a/ansible/roles/swift/templates/swift-container-updater.json.j2
+++ b/ansible/roles/swift/templates/swift-container-updater.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/swift/container-updater.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-object-auditor.json.j2 b/ansible/roles/swift/templates/swift-object-auditor.json.j2
index 46b1ad5463..3dc84a49cf 100644
--- a/ansible/roles/swift/templates/swift-object-auditor.json.j2
+++ b/ansible/roles/swift/templates/swift-object-auditor.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/swift/object-auditor.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-object-expirer.json.j2 b/ansible/roles/swift/templates/swift-object-expirer.json.j2
index 5ebb4889e9..a87390ee7f 100644
--- a/ansible/roles/swift/templates/swift-object-expirer.json.j2
+++ b/ansible/roles/swift/templates/swift-object-expirer.json.j2
@@ -30,6 +30,13 @@
"dest": "/etc/swift/object-expirer.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-object-replicator.json.j2 b/ansible/roles/swift/templates/swift-object-replicator.json.j2
index 8fc5eb1594..8b6b42a8e1 100644
--- a/ansible/roles/swift/templates/swift-object-replicator.json.j2
+++ b/ansible/roles/swift/templates/swift-object-replicator.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/swift/object-replicator.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-object-server.json.j2 b/ansible/roles/swift/templates/swift-object-server.json.j2
index 31913d4bb3..dcccab7011 100644
--- a/ansible/roles/swift/templates/swift-object-server.json.j2
+++ b/ansible/roles/swift/templates/swift-object-server.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/swift/object-server.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-object-updater.json.j2 b/ansible/roles/swift/templates/swift-object-updater.json.j2
index d34130640a..5d1347c9c5 100644
--- a/ansible/roles/swift/templates/swift-object-updater.json.j2
+++ b/ansible/roles/swift/templates/swift-object-updater.json.j2
@@ -24,6 +24,13 @@
"dest": "/etc/swift/object-updater.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/swift/templates/swift-proxy-server.json.j2 b/ansible/roles/swift/templates/swift-proxy-server.json.j2
index 39e43fb5b8..b695210a8f 100644
--- a/ansible/roles/swift/templates/swift-proxy-server.json.j2
+++ b/ansible/roles/swift/templates/swift-proxy-server.json.j2
@@ -30,6 +30,13 @@
"dest": "/etc/swift/proxy-server.conf",
"owner": "swift",
"perm": "0640"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/swift/policy.json",
+ "owner": "swift",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/tempest/templates/tempest.json.j2 b/ansible/roles/tempest/templates/tempest.json.j2
index 3ff5ea788e..36ddc9ac56 100644
--- a/ansible/roles/tempest/templates/tempest.json.j2
+++ b/ansible/roles/tempest/templates/tempest.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/tempest/tempest.conf",
"owner": "root",
"perm": "0600"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/tempest/policy.json",
+ "owner": "tempest",
+ "perm": "0600",
+ "optional": true
}
]
}
diff --git a/ansible/roles/watcher/templates/watcher-api.json.j2 b/ansible/roles/watcher/templates/watcher-api.json.j2
index 422313e777..149ceb16f7 100644
--- a/ansible/roles/watcher/templates/watcher-api.json.j2
+++ b/ansible/roles/watcher/templates/watcher-api.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/watcher/policy.json",
+ "owner": "watcher",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/watcher/templates/watcher-applier.json.j2 b/ansible/roles/watcher/templates/watcher-applier.json.j2
index 2fae81a0e7..63292e2d78 100644
--- a/ansible/roles/watcher/templates/watcher-applier.json.j2
+++ b/ansible/roles/watcher/templates/watcher-applier.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/watcher/policy.json",
+ "owner": "watcher",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [
diff --git a/ansible/roles/watcher/templates/watcher-engine.json.j2 b/ansible/roles/watcher/templates/watcher-engine.json.j2
index acf60e9305..deb285889b 100644
--- a/ansible/roles/watcher/templates/watcher-engine.json.j2
+++ b/ansible/roles/watcher/templates/watcher-engine.json.j2
@@ -6,6 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0644"
+ },
+ {
+ "source": "{{ container_config_directory }}/policy.json",
+ "dest": "/etc/watcher/policy.json",
+ "owner": "watcher",
+ "perm": "0600",
+ "optional": true
}
],
"permissions": [