From 6b99f21341ba28cecdef4002127784d6b4eea6b3 Mon Sep 17 00:00:00 2001 From: Dai Dang Van Date: Mon, 8 Jan 2018 16:00:22 +0700 Subject: [PATCH] Support policy.yaml file [part 4] - Barbican - Ceilometer - Cloudkitty - Congress - Designate This will copy only yaml or json policy file if they exist. Change-Id: Iaa19f64073d8bdee948bc2de58e095ca72afc092 Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang --- ansible/roles/barbican/handlers/main.yml | 12 +++---- ansible/roles/barbican/tasks/config.yml | 32 +++++++++++++------ .../barbican/templates/barbican-api.json.j2 | 11 +++---- .../barbican-keystone-listener.json.j2 | 11 +++---- .../templates/barbican-worker.json.j2 | 11 +++---- .../roles/barbican/templates/barbican.conf.j2 | 5 +++ ansible/roles/cloudkitty/handlers/main.yml | 8 ++--- ansible/roles/cloudkitty/tasks/config.yml | 32 +++++++++++++------ .../templates/cloudkitty-api.json.j2 | 11 +++---- .../templates/cloudkitty-processor.json.j2 | 11 +++---- .../cloudkitty/templates/cloudkitty.conf.j2 | 5 +++ ansible/roles/congress/handlers/main.yml | 12 +++---- ansible/roles/congress/tasks/config.yml | 27 +++++++++++++--- .../congress/templates/congress-api.json.j2 | 11 +++---- .../templates/congress-datasource.json.j2 | 11 +++---- .../templates/congress-policy-engine.json.j2 | 11 +++---- .../roles/congress/templates/congress.conf.j2 | 5 +++ ansible/roles/designate/handlers/main.yml | 24 +++++++------- ansible/roles/designate/tasks/config.yml | 27 +++++++++++++--- .../designate/templates/designate-api.json.j2 | 11 +++---- .../templates/designate-central.json.j2 | 11 +++---- .../templates/designate-mdns.json.j2 | 11 +++---- .../templates/designate-producer.json.j2 | 11 +++---- .../templates/designate-sink.json.j2 | 11 +++---- .../templates/designate-worker.json.j2 | 11 +++---- .../designate/templates/designate.conf.j2 | 5 +++ 26 files changed, 206 insertions(+), 142 deletions(-) diff --git a/ansible/roles/barbican/handlers/main.yml b/ansible/roles/barbican/handlers/main.yml index 1f40186be7..f34dd8f074 100644 --- a/ansible/roles/barbican/handlers/main.yml +++ b/ansible/roles/barbican/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ barbican_services[service_name] }}" config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_api_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or barbican_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or barbican_api_ini.changed | bool or barbican_api_paste.changed | bool or barbican_api_container.changed | bool @@ -30,7 +30,7 @@ service: "{{ barbican_services[service_name] }}" config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_keystone_listener_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -44,7 +44,7 @@ - service.enabled | bool - config_json.changed | bool or barbican_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or barbican_keystone_listener_container.changed | bool - name: Restart barbican-worker container @@ -53,7 +53,7 @@ service: "{{ barbican_services[service_name] }}" config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" barbican_worker_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -67,5 +67,5 @@ - service.enabled | bool - config_json.changed | bool or barbican_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or barbican_worker_container.changed | bool diff --git a/ansible/roles/barbican/tasks/config.yml b/ansible/roles/barbican/tasks/config.yml index 04449c2b4e..c379c253d1 100644 --- a/ansible/roles/barbican/tasks/config.yml +++ b/ansible/roles/barbican/tasks/config.yml @@ -9,6 +9,23 @@ - "barbican-keystone-listener" - "barbican-worker" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: barbican_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/barbican/" + skip: true + +- name: Set barbican policy file + set_fact: + barbican_policy_file: "{{ barbican_policy.results.0.stat.path | basename }}" + barbican_policy_file_path: "{{ barbican_policy.results.0.stat.path }}" + when: + - barbican_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -79,18 +96,13 @@ notify: - Restart {{ item.key }} container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/barbican/policy.json" - run_once: True - register: barbican_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/barbican/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: barbican_policy_jsons + src: "{{ barbican_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ barbican_policy_file }}" + register: barbican_policy_overwriting when: - - barbican_policy.stat.exists + - barbican_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ barbican_services }}" diff --git a/ansible/roles/barbican/templates/barbican-api.json.j2 b/ansible/roles/barbican/templates/barbican-api.json.j2 index 40c16d19f7..3ea4ee955e 100644 --- a/ansible/roles/barbican/templates/barbican-api.json.j2 +++ b/ansible/roles/barbican/templates/barbican-api.json.j2 @@ -19,14 +19,13 @@ "owner": "barbican", "perm": "0600", "optional": true - }, + }{% if barbican_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/barbican/policy.json", + "source": "{{ container_config_directory }}/{{ barbican_policy_file }}", + "dest": "/etc/barbican/{{ barbican_policy_file }}", "owner": "barbican", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 index 5422160a59..e0f1f15618 100644 --- a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 +++ b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/barbican/barbican.conf", "owner": "barbican", "perm": "0600" - }, + }{% if barbican_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/barbican/policy.json", + "source": "{{ container_config_directory }}/{{ barbican_policy_file }}", + "dest": "/etc/barbican/{{ barbican_policy_file }}", "owner": "barbican", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/barbican/templates/barbican-worker.json.j2 b/ansible/roles/barbican/templates/barbican-worker.json.j2 index 56fb1cf27d..81a0ca7b17 100644 --- a/ansible/roles/barbican/templates/barbican-worker.json.j2 +++ b/ansible/roles/barbican/templates/barbican-worker.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/barbican/barbican.conf", "owner": "barbican", "perm": "0600" - }, + }{% if barbican_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/barbican/policy.json", + "source": "{{ container_config_directory }}/{{ barbican_policy_file }}", + "dest": "/etc/barbican/{{ barbican_policy_file }}", "owner": "barbican", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2 index b3328e5d4c..1ccd397141 100644 --- a/ansible/roles/barbican/templates/barbican.conf.j2 +++ b/ansible/roles/barbican/templates/barbican.conf.j2 @@ -73,3 +73,8 @@ auth_type = password [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} + +{% if barbican_policy_file is defined %} +[oslo_policy] +policy_file = {{ barbican_policy_file }} +{% endif %} diff --git a/ansible/roles/cloudkitty/handlers/main.yml b/ansible/roles/cloudkitty/handlers/main.yml index 339442e422..158e60c6b5 100644 --- a/ansible/roles/cloudkitty/handlers/main.yml +++ b/ansible/roles/cloudkitty/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ cloudkitty_services[service_name] }}" config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_api_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -20,7 +20,7 @@ - config_json.changed | bool or cloudkitty_conf.changed | bool or cloudkitty_conf_wsgi.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or cloudkitty_api_container.changed | bool - name: Restart cloudkitty-processor container @@ -29,7 +29,7 @@ service: "{{ cloudkitty_services[service_name] }}" config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" cloudkitty_processor_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -43,5 +43,5 @@ - service.enabled | bool - config_json.changed | bool or cloudkitty_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or cloudkitty_processor_container.changed | bool diff --git a/ansible/roles/cloudkitty/tasks/config.yml b/ansible/roles/cloudkitty/tasks/config.yml index d5616a7502..e62b2a2eb1 100644 --- a/ansible/roles/cloudkitty/tasks/config.yml +++ b/ansible/roles/cloudkitty/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ cloudkitty_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: cloudkitty_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/cloudkitty/" + skip: true + +- name: Set cloudkitty policy file + set_fact: + cloudkitty_policy_file: "{{ cloudkitty_policy.results.0.stat.path | basename }}" + cloudkitty_policy_file_path: "{{ cloudkitty_policy.results.0.stat.path }}" + when: + - cloudkitty_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -55,18 +72,13 @@ notify: - Restart cloudkitty-api container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json" - run_once: True - register: cloudkitty_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/cloudkitty/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: cloudkitty_policy_jsons + src: "{{ cloudkitty_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ cloudkitty_policy_file }}" + register: cloudkitty_policy_overwriting when: - - cloudkitty_policy.stat.exists + - cloudkitty_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ cloudkitty_services }}" diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 index cccc9350a1..f31a43b9da 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 @@ -14,14 +14,13 @@ "dest": "/etc/{{ cloudkitty_dir }}/wsgi-cloudkitty.conf", "owner": "cloudkitty", "perm": "0600" - }, + }{% if cloudkitty_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/cloudkitty/policy.json", + "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}", + "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}", "owner": "cloudkitty", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 index 06f83feada..7d57ae041e 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/cloudkitty/cloudkitty.conf", "owner": "cloudkitty", "perm": "0600" - }, + }{% if cloudkitty_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/cloudkitty/policy.json", + "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}", + "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}", "owner": "cloudkitty", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 index 45c1a6aa21..910d151bce 100644 --- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 +++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 @@ -31,6 +31,11 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi [oslo_concurrency] lock_path = /var/lib/cloudkitty/tmp +{% if cloudkitty_policy_file is defined %} +[oslo_policy] +policy_file = {{ cloudkitty_policy_file }} +{% endif %} + [collect] collector = {{ cloudkitty_collector_backend }} services = compute,image{% if enable_cinder | bool %},volume{% endif %},network.bw.out,network.bw.in,network.floating diff --git a/ansible/roles/congress/handlers/main.yml b/ansible/roles/congress/handlers/main.yml index ac02c45084..c6f386f7b3 100644 --- a/ansible/roles/congress/handlers/main.yml +++ b/ansible/roles/congress/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ congress_services[service_name] }}" config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_api_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or congress_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or congress_api_container.changed | bool - name: Restart congress-policy-engine container @@ -28,7 +28,7 @@ service: "{{ congress_services[service_name] }}" config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_policy_engin_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,7 +42,7 @@ - service.enabled | bool - config_json.changed | bool or congress_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or congress_policy_engin_container.changed | bool - name: Restart congress-datasource container @@ -51,7 +51,7 @@ service: "{{ congress_services[service_name] }}" config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" congress_datasource_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -65,5 +65,5 @@ - service.enabled | bool - config_json.changed | bool or congress_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or congress_datasource_container.changed | bool diff --git a/ansible/roles/congress/tasks/config.yml b/ansible/roles/congress/tasks/config.yml index f8293f68aa..779b504478 100644 --- a/ansible/roles/congress/tasks/config.yml +++ b/ansible/roles/congress/tasks/config.yml @@ -7,6 +7,23 @@ when: inventory_hostname in groups[item.value.group] with_dict: "{{ congress_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: congress_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/congress/" + skip: true + +- name: Set congress policy file + set_fact: + congress_policy_file: "{{ congress_policy.results.0.stat.path | basename }}" + congress_policy_file_path: "{{ congress_policy.results.0.stat.path }}" + when: + - congress_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -43,13 +60,13 @@ run_once: True register: congress_policy -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/congress/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: congress_policy_jsons + src: "{{ congress_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ congress_policy_file }}" + register: congress_policy_overwriting when: - - congress_policy.stat.exists + - congress_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ congress_services }}" diff --git a/ansible/roles/congress/templates/congress-api.json.j2 b/ansible/roles/congress/templates/congress-api.json.j2 index f436301a0e..bc8e67291d 100644 --- a/ansible/roles/congress/templates/congress-api.json.j2 +++ b/ansible/roles/congress/templates/congress-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/congress/congress.conf", "owner": "congress", "perm": "0600" - }, + }{% if congress_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/congress/policy.json", + "source": "{{ container_config_directory }}/{{ congress_policy_file }}", + "dest": "/etc/congress/{{ congress_policy_file }}", "owner": "congress", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/congress/templates/congress-datasource.json.j2 b/ansible/roles/congress/templates/congress-datasource.json.j2 index d3edbb9280..ad75b611c1 100644 --- a/ansible/roles/congress/templates/congress-datasource.json.j2 +++ b/ansible/roles/congress/templates/congress-datasource.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/congress/congress.conf", "owner": "congress", "perm": "0600" - }, + }{% if congress_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/congress/policy.json", + "source": "{{ container_config_directory }}/{{ congress_policy_file }}", + "dest": "/etc/congress/{{ congress_policy_file }}", "owner": "congress", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/congress/templates/congress-policy-engine.json.j2 b/ansible/roles/congress/templates/congress-policy-engine.json.j2 index f3853e96b2..ca1dc4bbbe 100644 --- a/ansible/roles/congress/templates/congress-policy-engine.json.j2 +++ b/ansible/roles/congress/templates/congress-policy-engine.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/congress/congress.conf", "owner": "congress", "perm": "0600" - }, + }{% if congress_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/congress/policy.json", + "source": "{{ container_config_directory }}/{{ congress_policy_file }}", + "dest": "/etc/congress/{{ congress_policy_file }}", "owner": "congress", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2 index 2c38293e5d..15094c28da 100644 --- a/ansible/roles/congress/templates/congress.conf.j2 +++ b/ansible/roles/congress/templates/congress.conf.j2 @@ -45,5 +45,10 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} +{% if congress_policy_file is defined %} +[oslo_policy] +policy_file = {{ congress_policy_file }} +{% endif %} + [congress] url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }} diff --git a/ansible/roles/designate/handlers/main.yml b/ansible/roles/designate/handlers/main.yml index 39d9956172..8da26c2ffa 100644 --- a/ansible/roles/designate/handlers/main.yml +++ b/ansible/roles/designate/handlers/main.yml @@ -27,7 +27,7 @@ service: "{{ designate_services[service_name] }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_api_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -41,7 +41,7 @@ - service.enabled | bool - config_json.changed | bool or designate_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or designate_api_container.changed | bool - name: Restart designate-central container @@ -50,7 +50,7 @@ service: "{{ designate_services[service_name] }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_central_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -64,7 +64,7 @@ - service.enabled | bool - config_json.changed | bool or designate_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or designate_central_container.changed | bool - name: Restart designate-producer container @@ -73,7 +73,7 @@ service: "{{ designate_services[service_name] }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_producer_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -87,7 +87,7 @@ - service.enabled | bool - config_json.changed | bool or designate_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or designate_producer_container.changed | bool - name: Restart designate-mdns container @@ -96,7 +96,7 @@ service: "{{ designate_services[service_name] }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_mdns_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -110,7 +110,7 @@ - service.enabled | bool - config_json.changed | bool or designate_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or designate_mdns_container.changed | bool - name: Restart designate-worker container @@ -119,7 +119,7 @@ service: "{{ designate_services[service_name] }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_worker_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -135,7 +135,7 @@ or designate_conf.changed | bool or designate_rndc_conf.changed | bool or designate_rndc_key_file.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or designate_worker_container.changed | bool - name: Restart designate-sink container @@ -144,7 +144,7 @@ service: "{{ designate_services[service_name] }}" config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" designate_sink_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -158,5 +158,5 @@ - service.enabled | bool - config_json.changed | bool or designate_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or designate_sink_container.changed | bool diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml index f0cd639262..05721cb0fd 100644 --- a/ansible/roles/designate/tasks/config.yml +++ b/ansible/roles/designate/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ designate_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: designate_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/designate/" + skip: true + +- name: Set designate policy file + set_fact: + designate_policy_file: "{{ designate_policy.results.0.stat.path | basename }}" + designate_policy_file_path: "{{ designate_policy.results.0.stat.path }}" + when: + - designate_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -124,13 +141,13 @@ run_once: True register: designate_policy -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/designate/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: designate_policy_jsons + src: "{{ designate_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ designate_policy_file }}" + register: designate_policy_overwriting when: - - designate_policy.stat.exists + - designate_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ designate_services }}" diff --git a/ansible/roles/designate/templates/designate-api.json.j2 b/ansible/roles/designate/templates/designate-api.json.j2 index 31ad788480..73c1011096 100644 --- a/ansible/roles/designate/templates/designate-api.json.j2 +++ b/ansible/roles/designate/templates/designate-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/designate/designate.conf", "owner": "designate", "perm": "0600" - }, + }{% if designate_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/designate/policy.json", + "source": "{{ container_config_directory }}/{{ designate_policy_file }}", + "dest": "/etc/designate/{{ designate_policy_file }}", "owner": "designate", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/designate/templates/designate-central.json.j2 b/ansible/roles/designate/templates/designate-central.json.j2 index ddde828cd3..3605761b4d 100644 --- a/ansible/roles/designate/templates/designate-central.json.j2 +++ b/ansible/roles/designate/templates/designate-central.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/designate/designate.conf", "owner": "designate", "perm": "0600" - }, + }{% if designate_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/designate/policy.json", + "source": "{{ container_config_directory }}/{{ designate_policy_file }}", + "dest": "/etc/designate/{{ designate_policy_file }}", "owner": "designate", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/designate/templates/designate-mdns.json.j2 b/ansible/roles/designate/templates/designate-mdns.json.j2 index d7b2d58a65..6e83d5e611 100644 --- a/ansible/roles/designate/templates/designate-mdns.json.j2 +++ b/ansible/roles/designate/templates/designate-mdns.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/designate/designate.conf", "owner": "designate", "perm": "0600" - }, + }{% if designate_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/designate/policy.json", + "source": "{{ container_config_directory }}/{{ designate_policy_file }}", + "dest": "/etc/designate/{{ designate_policy_file }}", "owner": "designate", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/designate/templates/designate-producer.json.j2 b/ansible/roles/designate/templates/designate-producer.json.j2 index 442766cd58..7e3c257031 100644 --- a/ansible/roles/designate/templates/designate-producer.json.j2 +++ b/ansible/roles/designate/templates/designate-producer.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/designate/designate.conf", "owner": "designate", "perm": "0600" - }, + }{% if designate_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/designate/policy.json", + "source": "{{ container_config_directory }}/{{ designate_policy_file }}", + "dest": "/etc/designate/{{ designate_policy_file }}", "owner": "designate", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/designate/templates/designate-sink.json.j2 b/ansible/roles/designate/templates/designate-sink.json.j2 index e2d8190010..c8d0768c70 100644 --- a/ansible/roles/designate/templates/designate-sink.json.j2 +++ b/ansible/roles/designate/templates/designate-sink.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/designate/designate.conf", "owner": "designate", "perm": "0600" - }, + }{% if designate_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/designate/policy.json", + "source": "{{ container_config_directory }}/{{ designate_policy_file }}", + "dest": "/etc/designate/{{ designate_policy_file }}", "owner": "designate", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/designate/templates/designate-worker.json.j2 b/ansible/roles/designate/templates/designate-worker.json.j2 index 9c394bd57a..c1d8f765d0 100644 --- a/ansible/roles/designate/templates/designate-worker.json.j2 +++ b/ansible/roles/designate/templates/designate-worker.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/designate/designate.conf", "owner": "designate", "perm": "0600" - }, + }{% if designate_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/designate/policy.json", + "source": "{{ container_config_directory }}/{{ designate_policy_file }}", + "dest": "/etc/designate/{{ designate_policy_file }}", "owner": "designate", - "perm": "0600", - "optional": true - }, + "perm": "0600" + }{% endif %}, { "source": "{{ container_config_directory }}/pools.yaml", "dest": "/etc/designate/pools.yaml", diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2 index 69419de3c4..51b0eca09e 100644 --- a/ansible/roles/designate/templates/designate.conf.j2 +++ b/ansible/roles/designate/templates/designate.conf.j2 @@ -105,3 +105,8 @@ driver = messagingv2 [oslo_concurrency] lock_path = /var/lib/designate/tmp + +{% if designate_policy_file is defined %} +[oslo_policy] +policy_file = {{ designate_policy_file }} +{% endif %}