e3d5a91a90
This patch introduces an optional backend encryption for Horizon and Placement services. When used in conjunction with enabling TLS for service API endpoints, network communcation will be encrypted end to end, from client through HAProxy to the Horizon and Placement services. Change-Id: I9cb274141c95aea20e733baa623da071b30acf2d Partially-Implements: blueprint add-ssl-internal-network
115 lines
3.4 KiB
YAML
115 lines
3.4 KiB
YAML
---
|
|
- name: Ensuring config directories exist
|
|
become: true
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item.key }}"
|
|
state: "directory"
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
mode: "0770"
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
with_dict: "{{ placement_services }}"
|
|
|
|
- name: Check if policies shall be overwritten
|
|
stat:
|
|
path: "{{ item }}"
|
|
delegate_to: localhost
|
|
run_once: True
|
|
register: placement_policy
|
|
with_first_found:
|
|
- files: "{{ supported_policy_format_list }}"
|
|
paths:
|
|
- "{{ node_custom_config }}/placement/"
|
|
skip: true
|
|
|
|
- name: Set placement policy file
|
|
set_fact:
|
|
placement_policy_file: "{{ placement_policy.results.0.stat.path | basename }}"
|
|
placement_policy_file_path: "{{ placement_policy.results.0.stat.path }}"
|
|
when:
|
|
- placement_policy.results
|
|
|
|
- include_tasks: copy-certs.yml
|
|
when:
|
|
- kolla_copy_ca_into_containers | bool or placement_enable_tls_backend | bool
|
|
|
|
- name: Copying over config.json files for services
|
|
become: true
|
|
template:
|
|
src: "{{ item.key }}.json.j2"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
|
|
mode: "0660"
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
with_dict: "{{ placement_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over placement.conf
|
|
become: true
|
|
vars:
|
|
service_name: "{{ item.key }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/placement.conf.j2"
|
|
- "{{ node_custom_config }}/global.conf"
|
|
- "{{ node_custom_config }}/placement.conf"
|
|
- "{{ node_custom_config }}/placement/{{ item.key }}.conf"
|
|
- "{{ node_custom_config }}/placement/{{ inventory_hostname }}/placement.conf"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/placement.conf"
|
|
mode: "0660"
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
with_dict: "{{ placement_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over placement-api wsgi configuration
|
|
become: true
|
|
vars:
|
|
service: "{{ placement_services['placement-api'] }}"
|
|
template:
|
|
src: "placement-api-wsgi.conf.j2"
|
|
dest: "{{ node_config_directory }}/placement-api/placement-api-wsgi.conf"
|
|
mode: "0660"
|
|
when:
|
|
- inventory_hostname in groups[service.group]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart placement-api container
|
|
|
|
- name: Copying over migrate-db.rc.j2 configuration
|
|
become: true
|
|
vars:
|
|
service: "{{ placement_services['placement-api'] }}"
|
|
template:
|
|
src: "migrate-db.rc.j2"
|
|
dest: "{{ node_config_directory }}/placement-api/migrate-db.rc"
|
|
mode: "0660"
|
|
when:
|
|
- inventory_hostname in groups[service.group]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart placement-api container
|
|
|
|
- name: Copying over existing policy file
|
|
become: true
|
|
template:
|
|
src: "{{ placement_policy_file_path }}"
|
|
dest: "{{ placement_config_directory }}/{{ item.key }}/{{ placement_policy_file }}"
|
|
mode: "0660"
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
- placement_policy_file is defined
|
|
with_dict: "{{ placement_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- include_tasks: check-containers.yml
|
|
when: kolla_action != "config"
|