diff --git a/defaults/main.yml b/defaults/main.yml index 47844ee..52cce58 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -368,3 +368,4 @@ zun_compute_init_overrides: {} zun_kuryr_init_overrides: {} zun_docker_init_overrides: {} zun_docker_cleanup_init_overrides: {} +zun_policy_overrides: {} diff --git a/releasenotes/notes/zun_policy_overrides-bc4e5d658969f0c8.yaml b/releasenotes/notes/zun_policy_overrides-bc4e5d658969f0c8.yaml new file mode 100644 index 0000000..6ca19a1 --- /dev/null +++ b/releasenotes/notes/zun_policy_overrides-bc4e5d658969f0c8.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Added variable ``zun_policy_overrides`` that aims to allow deploying + policy.yaml file with provided overrides for Zun service. diff --git a/tasks/zun_post_install.yml b/tasks/zun_post_install.yml index 20cd4ff..95d3333 100644 --- a/tasks/zun_post_install.yml +++ b/tasks/zun_post_install.yml @@ -60,6 +60,25 @@ - zun-config - zun-post-install +- name: Implement policy.yaml if there are overrides configured + config_template: + content: "{{ zun_policy_overrides }}" + dest: "/etc/zun/policy.yaml" + config_type: yaml + when: + - zun_policy_overrides | length > 0 + tags: + - zun-policy-override + +- name: Remove legacy policy.yaml file + file: + path: "/etc/zun/policy.yaml" + state: absent + when: + - zun_policy_overrides | length == 0 + tags: + - zun-policy-override + - name: Synchronize the zun DB schema command: "{{ zun_bin }}/zun-db-manage --config-dir /etc/zun upgrade" become: yes