Mark Goddard 5d28a7c89b masakari: support libvirt SASL in instance monitor
Since enabling libvirt SASL authentication, the masakari instance
monitor fails to connect to libvirt. We see the following error in logs:

    libvirt.libvirtError: authentication failed: Failed to start SASL
    negotiation: -4 (SASL(-4): no mechanism available: No worthy mechs
    found)

This change adds support for SASL authentication in Masakari instance
monitor.

Depends-On: https://review.opendev.org/c/openstack/kolla/+/834456
Closes-Bug: #1965754
Change-Id: I974046662b383a12ac6281b725523760a96657bd
2022-05-21 13:27:27 +00:00

158 lines
4.8 KiB
YAML

---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item.key }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
when:
- item.value.enabled | bool
- inventory_hostname in groups[item.value.group]
with_dict: "{{ masakari_services }}"
- name: Check if policies shall be overwritten
stat:
path: "{{ item }}"
delegate_to: localhost
run_once: True
register: masakari_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/masakari/"
skip: true
- name: Set masakari policy file
set_fact:
masakari_policy_file: "{{ masakari_policy.results.0.stat.path | basename }}"
masakari_policy_file_path: "{{ masakari_policy.results.0.stat.path }}"
when:
- masakari_policy.results
- name: Copying over existing policy file
template:
src: "{{ masakari_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item }}/{{ masakari_policy_file }}"
mode: "0660"
become: true
when:
- masakari_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ masakari_services }}"
notify:
- Restart {{ item.key }} container
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
mode: "0660"
become: true
when:
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ masakari_services }}"
notify:
- Restart {{ item.key }} container
- include_tasks: copy-certs.yml
when:
- kolla_copy_ca_into_containers | bool
- name: Copying over masakari.conf
vars:
service_name: "{{ item }}"
service: "{{ masakari_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/masakari.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/masakari.conf"
- "{{ node_custom_config }}/masakari/{{ service_name }}.conf"
- "{{ node_custom_config }}/masakari/{{ inventory_hostname }}/masakari.conf"
dest: "{{ node_config_directory }}/{{ service_name }}/masakari.conf"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- masakari-api
- masakari-engine
notify:
- Restart {{ service_name }} container
- name: Copying over masakari-monitors.conf
vars:
service_name: "{{ item }}"
service: "{{ masakari_services[service_name] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/masakari-monitors.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/masakari/{{ service_name }}.conf"
- "{{ node_custom_config }}/masakari/masakari-monitors.conf"
- "{{ node_custom_config }}/masakari/{{ inventory_hostname }}/masakari-monitors.conf"
dest: "{{ node_config_directory }}/{{ service_name }}/masakari-monitors.conf"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- masakari-instancemonitor
- masakari-hostmonitor
notify:
- Restart {{ service_name }} container
- name: Copying over wsgi-masakari file for services
vars:
service: "{{ masakari_services['masakari-api'] }}"
template:
src: "wsgi-masakari.conf.j2"
dest: "{{ node_config_directory }}/masakari-api/wsgi-masakari.conf"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
notify:
- Restart masakari-api container
- name: Copying over masakari-api-paste.ini
vars:
service: "{{ masakari_services['masakari-api'] }}"
merge_configs:
sources:
- "{{ role_path }}/templates/masakari-api-paste.ini.j2"
- "{{ node_custom_config }}/masakari/masakari-api/masakari-api-paste.ini"
dest: "{{ node_config_directory }}/masakari-api/masakari-api-paste.ini"
mode: "0660"
become: true
when:
- inventory_hostname in groups[service.group]
- service.enabled | bool
notify:
- Restart masakari-api container
- name: Copying over libvirt SASL configuration
become: true
vars:
service_name: "{{ item.service }}"
service: "{{ masakari_services[service_name] }}"
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/{{ service_name }}/{{ item.dest }}"
mode: "0660"
when:
- libvirt_enable_sasl | bool
- inventory_hostname in groups[service.group]
- service.enabled | bool
with_items:
- { src: "auth.conf.j2", dest: "auth.conf", service: "masakari-instancemonitor" }
notify:
- Restart {{ service_name }} container