From ef1fd6b8c0c36ff0b72f1c4d389093ff76ba548f Mon Sep 17 00:00:00 2001 From: Eduardo Gonzalez Date: Thu, 27 Oct 2016 10:36:35 +0200 Subject: [PATCH] Custom policy files Allow operators to use their custom policy files. Avoid maintain policy files in kolla repos, only copying the files when an operator add their custom config. Implements: blueprint custom-policies Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862 --- ansible/roles/aodh/tasks/config.yml | 11 +++++++++++ ansible/roles/barbican/tasks/config.yml | 11 +++++++++++ ansible/roles/ceilometer/tasks/config.yml | 11 +++++++++++ ansible/roles/cinder/tasks/config.yml | 11 +++++++++++ ansible/roles/cloudkitty/tasks/config.yml | 11 +++++++++++ ansible/roles/congress/tasks/config.yml | 11 +++++++++++ ansible/roles/glance/tasks/config.yml | 11 +++++++++++ ansible/roles/gnocchi/tasks/config.yml | 11 +++++++++++ ansible/roles/heat/tasks/config.yml | 11 +++++++++++ ansible/roles/ironic/tasks/config.yml | 11 +++++++++++ ansible/roles/keystone/tasks/config.yml | 2 +- ansible/roles/kuryr/tasks/config.yml | 11 +++++++++++ ansible/roles/magnum/tasks/config.yml | 11 +++++++++++ ansible/roles/manila/tasks/config.yml | 11 +++++++++++ ansible/roles/mistral/tasks/config.yml | 11 +++++++++++ ansible/roles/murano/tasks/config.yml | 11 +++++++++++ ansible/roles/neutron/tasks/config.yml | 11 +++++++++++ ansible/roles/nova/tasks/config.yml | 11 +++++++++++ ansible/roles/rally/tasks/config.yml | 11 +++++++++++ ansible/roles/sahara/tasks/config.yml | 11 +++++++++++ ansible/roles/searchlight/tasks/config.yml | 11 +++++++++++ ansible/roles/senlin/tasks/config.yml | 11 +++++++++++ ansible/roles/swift/tasks/config.yml | 11 +++++++++++ ansible/roles/tempest/tasks/config.yml | 11 +++++++++++ ansible/roles/watcher/tasks/config.yml | 11 +++++++++++ .../notes/custom-policies-5a9bb2b59d19b484.yaml | 3 +++ 26 files changed, 268 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/custom-policies-5a9bb2b59d19b484.yaml diff --git a/ansible/roles/aodh/tasks/config.yml b/ansible/roles/aodh/tasks/config.yml index d420bd6c61..90179933a9 100644 --- a/ansible/roles/aodh/tasks/config.yml +++ b/ansible/roles/aodh/tasks/config.yml @@ -45,3 +45,14 @@ dest: "{{ node_config_directory }}/{{ item }}/wsgi-aodh.conf" with_items: - "aodh-api" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/aodh/policy.json" + register: aodh_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/aodh/policy.json" + dest: "{{ node_config_directory }}/aodh/policy.json" + when: + aodh_policy.stat.exists diff --git a/ansible/roles/barbican/tasks/config.yml b/ansible/roles/barbican/tasks/config.yml index 38383d5448..fab9b3ddac 100644 --- a/ansible/roles/barbican/tasks/config.yml +++ b/ansible/roles/barbican/tasks/config.yml @@ -51,3 +51,14 @@ - "barbican-api" - "barbican-keystone-listener" - "barbican-worker" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/barbican/policy.json" + register: barbican_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/barbican/policy.json" + dest: "{{ node_config_directory }}/barbican/policy.json" + when: + barbican_policy.stat.exists diff --git a/ansible/roles/ceilometer/tasks/config.yml b/ansible/roles/ceilometer/tasks/config.yml index 5d9336fec9..ef990c4477 100644 --- a/ansible/roles/ceilometer/tasks/config.yml +++ b/ansible/roles/ceilometer/tasks/config.yml @@ -59,3 +59,14 @@ - "event_definitions.yaml" - "event_pipeline.yaml" - "pipeline.yaml" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/ceilometer/policy.json" + register: ceilometer_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/ceilometer/policy.json" + dest: "{{ node_config_directory }}/ceilometer/policy.json" + when: + ceilometer_policy.stat.exist diff --git a/ansible/roles/cinder/tasks/config.yml b/ansible/roles/cinder/tasks/config.yml index f401878160..800401615b 100644 --- a/ansible/roles/cinder/tasks/config.yml +++ b/ansible/roles/cinder/tasks/config.yml @@ -38,3 +38,14 @@ - "cinder-backup" - "cinder-scheduler" - "cinder-volume" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/cinder/policy.json" + register: cinder_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/cinder/policy.json" + dest: "{{ node_config_directory }}/cinder/policy.json" + when: + cinder_policy.stat.exists diff --git a/ansible/roles/cloudkitty/tasks/config.yml b/ansible/roles/cloudkitty/tasks/config.yml index 234109eba8..ea3d13cbbf 100644 --- a/ansible/roles/cloudkitty/tasks/config.yml +++ b/ansible/roles/cloudkitty/tasks/config.yml @@ -32,3 +32,14 @@ with_items: - "cloudkitty-api" - "cloudkitty-processor" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json" + register: cloudkitty_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/cloudkitty/policy.json" + dest: "{{ node_config_directory }}/cloudkitty/policy.json" + when: + cloudkitty_policy.stat.exists diff --git a/ansible/roles/congress/tasks/config.yml b/ansible/roles/congress/tasks/config.yml index 832a2da865..0e9a631356 100644 --- a/ansible/roles/congress/tasks/config.yml +++ b/ansible/roles/congress/tasks/config.yml @@ -35,3 +35,14 @@ - "congress-api" - "congress-policy-engine" - "congress-datasource" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/congress/policy.json" + register: congress_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/congress/policy.json" + dest: "{{ node_config_directory }}/congress/policy.json" + when: + congress_policy.stat.exists diff --git a/ansible/roles/glance/tasks/config.yml b/ansible/roles/glance/tasks/config.yml index 88cb5c446a..743815ba88 100644 --- a/ansible/roles/glance/tasks/config.yml +++ b/ansible/roles/glance/tasks/config.yml @@ -29,3 +29,14 @@ dest: "{{ node_config_directory }}/{{ item.service }}/{{ item.service }}.conf" when: inventory_hostname in groups[item.group] with_items: "{{ glance_service_groups }}" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/glance/policy.json" + register: glance_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/glance/policy.json" + dest: "{{ node_config_directory }}/glance/policy.json" + when: + glance_policy.stat.exists diff --git a/ansible/roles/gnocchi/tasks/config.yml b/ansible/roles/gnocchi/tasks/config.yml index 2e7a75a8a4..b6fa16dd07 100644 --- a/ansible/roles/gnocchi/tasks/config.yml +++ b/ansible/roles/gnocchi/tasks/config.yml @@ -50,3 +50,14 @@ dest: "{{ node_config_directory }}/{{ item }}/wsgi-gnocchi.conf" with_items: - "gnocchi-api" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/gnocchi/policy.json" + register: gnocchi_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/gnocchi/policy.json" + dest: "{{ node_config_directory }}/gnocchi/policy.json" + when: + gnocchi_policy.stat.exists diff --git a/ansible/roles/heat/tasks/config.yml b/ansible/roles/heat/tasks/config.yml index 41b9effaf4..dca462a508 100644 --- a/ansible/roles/heat/tasks/config.yml +++ b/ansible/roles/heat/tasks/config.yml @@ -42,3 +42,14 @@ - "heat-api" - "heat-api-cfn" - "heat-engine" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/heat/policy.json" + register: heat_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/heat/policy.json" + dest: "{{ node_config_directory }}/heat/policy.json" + when: + heat_policy.stat.exists diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml index 89ac3b51c3..797b494824 100644 --- a/ansible/roles/ironic/tasks/config.yml +++ b/ansible/roles/ironic/tasks/config.yml @@ -37,3 +37,14 @@ - "ironic-api" - "ironic-conductor" - "ironic-inspector" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/ironic/policy.json" + register: ironic_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/ironic/policy.json" + dest: "{{ node_config_directory }}/ironic/policy.json" + when: + ironic_policy.stat.exists diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml index e39e7d6188..e531d68690 100644 --- a/ansible/roles/keystone/tasks/config.yml +++ b/ansible/roles/keystone/tasks/config.yml @@ -1,5 +1,5 @@ --- -- name: Check if Policies shall be overwritten +- name: Check if policies shall be overwritten local_action: stat path="{{ node_custom_config }}/keystone/policy.json" register: keystone_policy diff --git a/ansible/roles/kuryr/tasks/config.yml b/ansible/roles/kuryr/tasks/config.yml index 8b31c7ab14..001793780c 100644 --- a/ansible/roles/kuryr/tasks/config.yml +++ b/ansible/roles/kuryr/tasks/config.yml @@ -23,3 +23,14 @@ template: src: "kuryr.spec.j2" dest: "{{ node_config_directory }}/kuryr/kuryr.spec" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/kuryr/policy.json" + register: kuryr_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/kuryr/policy.json" + dest: "{{ node_config_directory }}/kuryr/policy.json" + when: + kuryr_policy.stat.exists diff --git a/ansible/roles/magnum/tasks/config.yml b/ansible/roles/magnum/tasks/config.yml index 183b6bb43f..5baa4a6ca8 100644 --- a/ansible/roles/magnum/tasks/config.yml +++ b/ansible/roles/magnum/tasks/config.yml @@ -32,3 +32,14 @@ with_items: - "magnum-api" - "magnum-conductor" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/magnum/policy.json" + register: magnum_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/magnum/policy.json" + dest: "{{ node_config_directory }}/magnum/policy.json" + when: + magnum_policy.stat.exists diff --git a/ansible/roles/manila/tasks/config.yml b/ansible/roles/manila/tasks/config.yml index 4f83ff55b4..9ae45d1d66 100644 --- a/ansible/roles/manila/tasks/config.yml +++ b/ansible/roles/manila/tasks/config.yml @@ -52,3 +52,14 @@ dest: "{{ node_config_directory }}/{{ item }}/manila.conf" with_items: - "manila-share" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/manila/policy.json" + register: manila_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/manila/policy.json" + dest: "{{ node_config_directory }}/manila/policy.json" + when: + manila_policy.stat.exists diff --git a/ansible/roles/mistral/tasks/config.yml b/ansible/roles/mistral/tasks/config.yml index 8c6d0d616c..723074eac4 100644 --- a/ansible/roles/mistral/tasks/config.yml +++ b/ansible/roles/mistral/tasks/config.yml @@ -35,3 +35,14 @@ - "mistral-api" - "mistral-engine" - "mistral-executor" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/mistral/policy.json" + register: mistral_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/mistral/policy.json" + dest: "{{ node_config_directory }}/mistral/policy.json" + when: + mistral_policy.stat.exists diff --git a/ansible/roles/murano/tasks/config.yml b/ansible/roles/murano/tasks/config.yml index a544a4a087..779c277d54 100644 --- a/ansible/roles/murano/tasks/config.yml +++ b/ansible/roles/murano/tasks/config.yml @@ -32,3 +32,14 @@ with_items: - "murano-api" - "murano-engine" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/murano/policy.json" + register: murano_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/murano/policy.json" + dest: "{{ node_config_directory }}/murano/policy.json" + when: + murano_policy.stat.exists diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index 1c7d0238b7..82921cd96e 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -183,3 +183,14 @@ dest: "{{ node_config_directory }}/{{ item }}/vpnaas_agent.ini" with_items: - "neutron-vpnaas-agent" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/neutron/policy.json" + register: neutron_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/neutron/policy.json" + dest: "{{ node_config_directory }}/neutron/policy.json" + when: + neutron_policy.stat.exists diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index 8841635704..b8750b9300 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -83,3 +83,14 @@ - { src: "id_rsa", dest: "id_rsa" } - { src: "id_rsa.pub", dest: "id_rsa.pub" } - { src: "ssh_config.j2", dest: "ssh_config" } + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/nova/policy.json" + register: nova_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/nova/policy.json" + dest: "{{ node_config_directory }}/nova/policy.json" + when: + nova_policy.stat.exists diff --git a/ansible/roles/rally/tasks/config.yml b/ansible/roles/rally/tasks/config.yml index c210dc338f..3304915de3 100644 --- a/ansible/roles/rally/tasks/config.yml +++ b/ansible/roles/rally/tasks/config.yml @@ -24,3 +24,14 @@ dest: "{{ node_config_directory }}/{{ item }}/rally.conf" with_items: - "rally" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/rally/policy.json" + register: rally_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/rally/policy.json" + dest: "{{ node_config_directory }}/rally/policy.json" + when: + rally_policy.stat.exists diff --git a/ansible/roles/sahara/tasks/config.yml b/ansible/roles/sahara/tasks/config.yml index b3a3405cca..a83df50cae 100644 --- a/ansible/roles/sahara/tasks/config.yml +++ b/ansible/roles/sahara/tasks/config.yml @@ -32,3 +32,14 @@ with_items: - "sahara-api" - "sahara-engine" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/sahara/policy.json" + register: sahara_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/sahara/policy.json" + dest: "{{ node_config_directory }}/sahara/policy.json" + when: + sahara_policy.stat.exists diff --git a/ansible/roles/searchlight/tasks/config.yml b/ansible/roles/searchlight/tasks/config.yml index b31b1d81e1..4237b6bdd9 100644 --- a/ansible/roles/searchlight/tasks/config.yml +++ b/ansible/roles/searchlight/tasks/config.yml @@ -30,3 +30,14 @@ with_items: - "searchlight-api" - "searchlight-listener" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/searchlight/policy.json" + register: searchlight_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/searchlight/policy.json" + dest: "{{ node_config_directory }}/searchlight/policy.json" + when: + searchlight_policy.stat.exists diff --git a/ansible/roles/senlin/tasks/config.yml b/ansible/roles/senlin/tasks/config.yml index fa714f5508..17ff0f83aa 100644 --- a/ansible/roles/senlin/tasks/config.yml +++ b/ansible/roles/senlin/tasks/config.yml @@ -32,3 +32,14 @@ with_items: - "senlin-api" - "senlin-engine" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/senlin/policy.json" + register: senlin_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/senlin/policy.json" + dest: "{{ node_config_directory }}/senlin/policy.json" + when: + senlin_policy.stat.exists diff --git a/ansible/roles/swift/tasks/config.yml b/ansible/roles/swift/tasks/config.yml index dc04ffaff5..10c26de5a6 100644 --- a/ansible/roles/swift/tasks/config.yml +++ b/ansible/roles/swift/tasks/config.yml @@ -152,3 +152,14 @@ - "container.ring.gz" - "object.builder" - "object.ring.gz" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/swift/policy.json" + register: swift_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/swift/policy.json" + dest: "{{ node_config_directory }}/swift/policy.json" + when: + swift_policy.stat.exists diff --git a/ansible/roles/tempest/tasks/config.yml b/ansible/roles/tempest/tasks/config.yml index 3375790f90..6422270d3a 100644 --- a/ansible/roles/tempest/tasks/config.yml +++ b/ansible/roles/tempest/tasks/config.yml @@ -24,3 +24,14 @@ dest: "{{ node_config_directory }}/{{ item }}/tempest.conf" with_items: - "tempest" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/tempest/policy.json" + register: tempest_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/tempest/policy.json" + dest: "{{ node_config_directory }}/tempest/policy.json" + when: + tempest_policy.stat.exists diff --git a/ansible/roles/watcher/tasks/config.yml b/ansible/roles/watcher/tasks/config.yml index 5116c3ebb4..9d4ae9f7a9 100644 --- a/ansible/roles/watcher/tasks/config.yml +++ b/ansible/roles/watcher/tasks/config.yml @@ -35,3 +35,14 @@ - "watcher-api" - "watcher-engine" - "watcher-applier" + +- name: Check if policies shall be overwritten + local_action: stat path="{{ node_custom_config }}/watcher/policy.json" + register: watcher_policy + +- name: Copying over existing policy.json + template: + src: "{{ node_custom_config }}/watcher/policy.json" + dest: "{{ node_config_directory }}/watcher/policy.json" + when: + watcher_policy.stat.exists diff --git a/releasenotes/notes/custom-policies-5a9bb2b59d19b484.yaml b/releasenotes/notes/custom-policies-5a9bb2b59d19b484.yaml new file mode 100644 index 0000000000..8097b2c2d1 --- /dev/null +++ b/releasenotes/notes/custom-policies-5a9bb2b59d19b484.yaml @@ -0,0 +1,3 @@ +--- +features: + - Allow customisation of policy.json files per service.