From 69bc7b4ee2859bd2464e76d3fab06594145cbad0 Mon Sep 17 00:00:00 2001
From: "wu.chunyang" <wu.chunyang@99cloud.net>
Date: Mon, 13 Aug 2018 08:12:00 +0000
Subject: [PATCH] add trove policy file customization

now,the trove does not support policy customization.
this ps to add it.

Change-Id: I32d62d0293ddf63572cf754a7108ed74f94b216a
---
 ansible/roles/trove/handlers/main.yml         |  6 ++++
 ansible/roles/trove/tasks/config.yml          | 31 +++++++++++++++++++
 .../roles/trove/templates/trove-api.json.j2   |  8 ++++-
 .../trove/templates/trove-conductor.json.j2   |  8 ++++-
 .../trove/templates/trove-taskmanager.json.j2 |  8 ++++-
 ansible/roles/trove/templates/trove.conf.j2   |  5 +++
 6 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/trove/handlers/main.yml b/ansible/roles/trove/handlers/main.yml
index 30a7768b07..b7d927e12e 100644
--- a/ansible/roles/trove/handlers/main.yml
+++ b/ansible/roles/trove/handlers/main.yml
@@ -5,6 +5,7 @@
     service: "{{ trove_services[service_name] }}"
     config_json: "{{ trove_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     trove_conf: "{{ trove_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ trove_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     trove_api_container: "{{ check_trove_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   become: true
   kolla_docker:
@@ -20,6 +21,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or trove_conf.changed | bool
+      or policy_overwriting.changed | bool
       or trove_api_container.changed | bool
 
 - name: Restart trove-conductor container
@@ -28,6 +30,7 @@
     service: "{{ trove_services[service_name] }}"
     config_json: "{{ trove_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     trove_conf: "{{ trove_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ trove_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     trove_conductor_container: "{{ check_trove_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   become: true
   kolla_docker:
@@ -43,6 +46,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or trove_conf.changed | bool
+      or policy_overwriting.changed | bool
       or trove_conductor_container.changed | bool
 
 - name: Restart trove-taskmanager container
@@ -51,6 +55,7 @@
     service: "{{ trove_services[service_name] }}"
     config_json: "{{ trove_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     trove_conf: "{{ trove_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ trove_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     trove_taskmanager_container: "{{ check_trove_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   become: true
   kolla_docker:
@@ -66,4 +71,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or trove_conf.changed | bool
+      or policy_overwriting.changed | bool
       or trove_taskmanager_container.changed | bool
diff --git a/ansible/roles/trove/tasks/config.yml b/ansible/roles/trove/tasks/config.yml
index 61160b6226..99b845b78b 100644
--- a/ansible/roles/trove/tasks/config.yml
+++ b/ansible/roles/trove/tasks/config.yml
@@ -12,6 +12,23 @@
     - item.value.enabled | bool
   with_dict: "{{ trove_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: trove_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/trove/"
+      skip: true
+
+- name: Set trove policy file
+  set_fact:
+    trove_policy_file: "{{ trove_policy.results.0.stat.path | basename }}"
+    trove_policy_file_path: "{{ trove_policy.results.0.stat.path }}"
+  when:
+    - trove_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -71,6 +88,20 @@
   notify:
     - "Restart {{ item.key }} container"
 
+- name: Copying over existing policy file
+  template:
+    src: "{{ trove_policy_file_path }}"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ trove_policy_file }}"
+  register: trove_policy_overwriting
+  when:
+    - trove_policy_file is defined
+    - inventory_hostname in groups[item.value.group]
+  with_dict: "{{ trove_services }}"
+  notify:
+    - Restart trove-api container
+    - Restart trove-conductor container
+    - Restart trove-taskmanager container
+
 - name: Check trove containers
   become: true
   kolla_docker:
diff --git a/ansible/roles/trove/templates/trove-api.json.j2 b/ansible/roles/trove/templates/trove-api.json.j2
index 01831afbcc..be2acebeae 100644
--- a/ansible/roles/trove/templates/trove-api.json.j2
+++ b/ansible/roles/trove/templates/trove-api.json.j2
@@ -6,7 +6,13 @@
             "dest": "/etc/trove/trove.conf",
             "owner": "trove",
             "perm": "0600"
-        }
+    }{% if trove_policy_file is defined %},
+        {
+            "source": "{{ container_config_directory }}/{{ trove_policy_file }}",
+            "dest": "/etc/trove/{{ trove_policy_file }}",
+            "owner": "trove",
+            "perm": "0600"
+        }{% endif %}
     ],
     "permissions": [
         {
diff --git a/ansible/roles/trove/templates/trove-conductor.json.j2 b/ansible/roles/trove/templates/trove-conductor.json.j2
index 1d5b0601b5..e6ae59c0da 100644
--- a/ansible/roles/trove/templates/trove-conductor.json.j2
+++ b/ansible/roles/trove/templates/trove-conductor.json.j2
@@ -6,7 +6,13 @@
             "dest": "/etc/trove/trove-conductor.conf",
             "owner": "trove",
             "perm": "0600"
-        }
+    }{% if trove_policy_file is defined %},
+        {
+            "source": "{{ container_config_directory }}/{{ trove_policy_file }}",
+            "dest": "/etc/trove/{{ trove_policy_file }}",
+            "owner": "trove",
+            "perm": "0600"
+        }{% endif %}
     ],
     "permissions": [
         {
diff --git a/ansible/roles/trove/templates/trove-taskmanager.json.j2 b/ansible/roles/trove/templates/trove-taskmanager.json.j2
index 41c4321e3e..30288ee748 100644
--- a/ansible/roles/trove/templates/trove-taskmanager.json.j2
+++ b/ansible/roles/trove/templates/trove-taskmanager.json.j2
@@ -6,7 +6,13 @@
             "dest": "/etc/trove/trove-taskmanager.conf",
             "owner": "trove",
             "perm": "0600"
-        }
+    }{% if trove_policy_file is defined %},
+        {
+            "source": "{{ container_config_directory }}/{{ trove_policy_file }}",
+            "dest": "/etc/trove/{{ trove_policy_file }}",
+            "owner": "trove",
+            "perm": "0600"
+        }{% endif %}
     ],
     "permissions": [
         {
diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2
index 76ad8d747d..6dc71f38fe 100644
--- a/ansible/roles/trove/templates/trove.conf.j2
+++ b/ansible/roles/trove/templates/trove.conf.j2
@@ -56,3 +56,8 @@ trace_sqlalchemy = true
 hmac_keys = {{ osprofiler_secret }}
 connection_string = {{ osprofiler_backend_connection_string }}
 {% endif %}
+
+{% if trove_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ trove_policy_file }}
+{% endif %}
-- 
GitLab