diff --git a/ansible/roles/barbican/handlers/main.yml b/ansible/roles/barbican/handlers/main.yml
index 1f40186be745374c9db89ca1c5b08a34804d19a2..f34dd8f0743e3572ccbd97af99f1071fb67b7f95 100644
--- a/ansible/roles/barbican/handlers/main.yml
+++ b/ansible/roles/barbican/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_api_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or barbican_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or barbican_api_ini.changed | bool
or barbican_api_paste.changed | bool
or barbican_api_container.changed | bool
@@ -30,7 +30,7 @@
service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_keystone_listener_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -44,7 +44,7 @@
- service.enabled | bool
- config_json.changed | bool
or barbican_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or barbican_keystone_listener_container.changed | bool
- name: Restart barbican-worker container
@@ -53,7 +53,7 @@
service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_worker_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -67,5 +67,5 @@
- service.enabled | bool
- config_json.changed | bool
or barbican_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or barbican_worker_container.changed | bool
diff --git a/ansible/roles/barbican/tasks/config.yml b/ansible/roles/barbican/tasks/config.yml
index 04449c2b4e30270b2d990fd86f138910018b14ec..c379c253d19ce6186fedc601c36356e91c10b86e 100644
--- a/ansible/roles/barbican/tasks/config.yml
+++ b/ansible/roles/barbican/tasks/config.yml
@@ -9,6 +9,23 @@
- "barbican-keystone-listener"
- "barbican-worker"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: barbican_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/barbican/"
+ skip: true
+
+- name: Set barbican policy file
+ set_fact:
+ barbican_policy_file: "{{ barbican_policy.results.0.stat.path | basename }}"
+ barbican_policy_file_path: "{{ barbican_policy.results.0.stat.path }}"
+ when:
+ - barbican_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -79,18 +96,13 @@
notify:
- Restart {{ item.key }} container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/barbican/policy.json"
- run_once: True
- register: barbican_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/barbican/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: barbican_policy_jsons
+ src: "{{ barbican_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ barbican_policy_file }}"
+ register: barbican_policy_overwriting
when:
- - barbican_policy.stat.exists
+ - barbican_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ barbican_services }}"
diff --git a/ansible/roles/barbican/templates/barbican-api.json.j2 b/ansible/roles/barbican/templates/barbican-api.json.j2
index 40c16d19f78ce4760979536cba70c133800ad1f2..3ea4ee955e221c38480eba688d5aa656582672a6 100644
--- a/ansible/roles/barbican/templates/barbican-api.json.j2
+++ b/ansible/roles/barbican/templates/barbican-api.json.j2
@@ -19,14 +19,13 @@
"owner": "barbican",
"perm": "0600",
"optional": true
- },
+ }{% if barbican_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/barbican/policy.json",
+ "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
+ "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
index 5422160a596e9254bc66931cd3ad1e99eca9eb34..e0f1f15618c511c48adb0eca1c5c1bc60e4f192f 100644
--- a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
+++ b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/barbican/barbican.conf",
"owner": "barbican",
"perm": "0600"
- },
+ }{% if barbican_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/barbican/policy.json",
+ "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
+ "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/barbican/templates/barbican-worker.json.j2 b/ansible/roles/barbican/templates/barbican-worker.json.j2
index 56fb1cf27d60c8d3894fc0ee07554a39c06bdfa6..81a0ca7b17ed2c14a1b917be20836325f536337c 100644
--- a/ansible/roles/barbican/templates/barbican-worker.json.j2
+++ b/ansible/roles/barbican/templates/barbican-worker.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/barbican/barbican.conf",
"owner": "barbican",
"perm": "0600"
- },
+ }{% if barbican_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/barbican/policy.json",
+ "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
+ "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2
index b3328e5d4ce9b050d3bac464dcb12857124bbbfd..1ccd397141d62fad19dc46cb69b7793497d4d6db 100644
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@@ -73,3 +73,8 @@ auth_type = password
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
+
+{% if barbican_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ barbican_policy_file }}
+{% endif %}
diff --git a/ansible/roles/cloudkitty/handlers/main.yml b/ansible/roles/cloudkitty/handlers/main.yml
index 339442e42299009f959ad7d8f562bc150bdf7542..158e60c6b5b3e26c938c8f0412ab4e7ccb0f06b3 100644
--- a/ansible/roles/cloudkitty/handlers/main.yml
+++ b/ansible/roles/cloudkitty/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ cloudkitty_services[service_name] }}"
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_api_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -20,7 +20,7 @@
- config_json.changed | bool
or cloudkitty_conf.changed | bool
or cloudkitty_conf_wsgi.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or cloudkitty_api_container.changed | bool
- name: Restart cloudkitty-processor container
@@ -29,7 +29,7 @@
service: "{{ cloudkitty_services[service_name] }}"
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_processor_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -43,5 +43,5 @@
- service.enabled | bool
- config_json.changed | bool
or cloudkitty_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or cloudkitty_processor_container.changed | bool
diff --git a/ansible/roles/cloudkitty/tasks/config.yml b/ansible/roles/cloudkitty/tasks/config.yml
index d5616a7502600a1a4d4042eebcfd92c9b7a2df01..e62b2a2eb1c21b7119297102e7acf90118c9d1c8 100644
--- a/ansible/roles/cloudkitty/tasks/config.yml
+++ b/ansible/roles/cloudkitty/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ cloudkitty_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: cloudkitty_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/cloudkitty/"
+ skip: true
+
+- name: Set cloudkitty policy file
+ set_fact:
+ cloudkitty_policy_file: "{{ cloudkitty_policy.results.0.stat.path | basename }}"
+ cloudkitty_policy_file_path: "{{ cloudkitty_policy.results.0.stat.path }}"
+ when:
+ - cloudkitty_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -55,18 +72,13 @@
notify:
- Restart cloudkitty-api container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json"
- run_once: True
- register: cloudkitty_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/cloudkitty/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: cloudkitty_policy_jsons
+ src: "{{ cloudkitty_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ cloudkitty_policy_file }}"
+ register: cloudkitty_policy_overwriting
when:
- - cloudkitty_policy.stat.exists
+ - cloudkitty_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ cloudkitty_services }}"
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
index cccc9350a1af12bad54ba2b579bb3c43bcac4d40..f31a43b9dad36823c1c9c35227233c1cd0dacffa 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
@@ -14,14 +14,13 @@
"dest": "/etc/{{ cloudkitty_dir }}/wsgi-cloudkitty.conf",
"owner": "cloudkitty",
"perm": "0600"
- },
+ }{% if cloudkitty_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/cloudkitty/policy.json",
+ "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
+ "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
"owner": "cloudkitty",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
index 06f83feadad15b87bb8f31547d98c63f49d30df7..7d57ae041ea38096dddb9af2dd84a5204db119ef 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/cloudkitty/cloudkitty.conf",
"owner": "cloudkitty",
"perm": "0600"
- },
+ }{% if cloudkitty_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/cloudkitty/policy.json",
+ "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
+ "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
"owner": "cloudkitty",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index 45c1a6aa21fcbcec3f4ccfdbae20b1e6b4ccbe9b..910d151bce510b4c5dfde9c0bbca0cbabb0d613a 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -31,6 +31,11 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_concurrency]
lock_path = /var/lib/cloudkitty/tmp
+{% if cloudkitty_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ cloudkitty_policy_file }}
+{% endif %}
+
[collect]
collector = {{ cloudkitty_collector_backend }}
services = compute,image{% if enable_cinder | bool %},volume{% endif %},network.bw.out,network.bw.in,network.floating
diff --git a/ansible/roles/congress/handlers/main.yml b/ansible/roles/congress/handlers/main.yml
index ac02c45084c13796868b1128ad80a2024aabe305..c6f386f7b3e80451e318a447ae208a7f567aeef1 100644
--- a/ansible/roles/congress/handlers/main.yml
+++ b/ansible/roles/congress/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_api_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or congress_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or congress_api_container.changed | bool
- name: Restart congress-policy-engine container
@@ -28,7 +28,7 @@
service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_policy_engin_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or congress_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or congress_policy_engin_container.changed | bool
- name: Restart congress-datasource container
@@ -51,7 +51,7 @@
service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_datasource_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -65,5 +65,5 @@
- service.enabled | bool
- config_json.changed | bool
or congress_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or congress_datasource_container.changed | bool
diff --git a/ansible/roles/congress/tasks/config.yml b/ansible/roles/congress/tasks/config.yml
index f8293f68aa928721d3c46576f6d3239f31236a73..779b50447888dd587a68d7d8425d7c23a8598835 100644
--- a/ansible/roles/congress/tasks/config.yml
+++ b/ansible/roles/congress/tasks/config.yml
@@ -7,6 +7,23 @@
when: inventory_hostname in groups[item.value.group]
with_dict: "{{ congress_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: congress_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/congress/"
+ skip: true
+
+- name: Set congress policy file
+ set_fact:
+ congress_policy_file: "{{ congress_policy.results.0.stat.path | basename }}"
+ congress_policy_file_path: "{{ congress_policy.results.0.stat.path }}"
+ when:
+ - congress_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -43,13 +60,13 @@
run_once: True
register: congress_policy
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/congress/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: congress_policy_jsons
+ src: "{{ congress_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ congress_policy_file }}"
+ register: congress_policy_overwriting
when:
- - congress_policy.stat.exists
+ - congress_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ congress_services }}"
diff --git a/ansible/roles/congress/templates/congress-api.json.j2 b/ansible/roles/congress/templates/congress-api.json.j2
index f436301a0ea5a30ade4f74231e37775de4916db8..bc8e67291d372f5bc3eab83abc5fe8b33639cf37 100644
--- a/ansible/roles/congress/templates/congress-api.json.j2
+++ b/ansible/roles/congress/templates/congress-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
- },
+ }{% if congress_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/congress/policy.json",
+ "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
+ "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/congress/templates/congress-datasource.json.j2 b/ansible/roles/congress/templates/congress-datasource.json.j2
index d3edbb928015f884144546422293ffcf77783a1d..ad75b611c13d22cd1551e90150ebd8592bd34364 100644
--- a/ansible/roles/congress/templates/congress-datasource.json.j2
+++ b/ansible/roles/congress/templates/congress-datasource.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
- },
+ }{% if congress_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/congress/policy.json",
+ "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
+ "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/congress/templates/congress-policy-engine.json.j2 b/ansible/roles/congress/templates/congress-policy-engine.json.j2
index f3853e96b2e2f29e972f96b8e374517cafafa752..ca1dc4bbbeb8454d1e6f64d6f5623270ef1c5fe3 100644
--- a/ansible/roles/congress/templates/congress-policy-engine.json.j2
+++ b/ansible/roles/congress/templates/congress-policy-engine.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
- },
+ }{% if congress_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/congress/policy.json",
+ "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
+ "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2
index 2c38293e5d46ff951ae71198981ab1ed1ecc262c..15094c28da2885adbde27fe7d09d456856706e8f 100644
--- a/ansible/roles/congress/templates/congress.conf.j2
+++ b/ansible/roles/congress/templates/congress.conf.j2
@@ -45,5 +45,10 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
+{% if congress_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ congress_policy_file }}
+{% endif %}
+
[congress]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}
diff --git a/ansible/roles/designate/handlers/main.yml b/ansible/roles/designate/handlers/main.yml
index 39d9956172f352c7873be11ae52585847ccfec1f..8da26c2ffa24fdac81b1e423ea6ed494d81fed2d 100644
--- a/ansible/roles/designate/handlers/main.yml
+++ b/ansible/roles/designate/handlers/main.yml
@@ -27,7 +27,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_api_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -41,7 +41,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_api_container.changed | bool
- name: Restart designate-central container
@@ -50,7 +50,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_central_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -64,7 +64,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_central_container.changed | bool
- name: Restart designate-producer container
@@ -73,7 +73,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_producer_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -87,7 +87,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_producer_container.changed | bool
- name: Restart designate-mdns container
@@ -96,7 +96,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_mdns_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -110,7 +110,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_mdns_container.changed | bool
- name: Restart designate-worker container
@@ -119,7 +119,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_worker_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -135,7 +135,7 @@
or designate_conf.changed | bool
or designate_rndc_conf.changed | bool
or designate_rndc_key_file.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_worker_container.changed | bool
- name: Restart designate-sink container
@@ -144,7 +144,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_sink_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -158,5 +158,5 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_sink_container.changed | bool
diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml
index f0cd639262fe534bf78480ec2eb9f9a8e7ebad8f..05721cb0fdb1467291c7c61c7134ef78165fac32 100644
--- a/ansible/roles/designate/tasks/config.yml
+++ b/ansible/roles/designate/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ designate_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: designate_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/designate/"
+ skip: true
+
+- name: Set designate policy file
+ set_fact:
+ designate_policy_file: "{{ designate_policy.results.0.stat.path | basename }}"
+ designate_policy_file_path: "{{ designate_policy.results.0.stat.path }}"
+ when:
+ - designate_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -124,13 +141,13 @@
run_once: True
register: designate_policy
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/designate/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: designate_policy_jsons
+ src: "{{ designate_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ designate_policy_file }}"
+ register: designate_policy_overwriting
when:
- - designate_policy.stat.exists
+ - designate_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ designate_services }}"
diff --git a/ansible/roles/designate/templates/designate-api.json.j2 b/ansible/roles/designate/templates/designate-api.json.j2
index 31ad788480f8ba6f1831d8496dcb57ca8b5f0982..73c1011096e249fc835533bf7dfeefa88c8de49c 100644
--- a/ansible/roles/designate/templates/designate-api.json.j2
+++ b/ansible/roles/designate/templates/designate-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-central.json.j2 b/ansible/roles/designate/templates/designate-central.json.j2
index ddde828cd31498edd94bb495e0522ee98ba6dce9..3605761b4dce7d2fad301925890fe68e63a10d63 100644
--- a/ansible/roles/designate/templates/designate-central.json.j2
+++ b/ansible/roles/designate/templates/designate-central.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-mdns.json.j2 b/ansible/roles/designate/templates/designate-mdns.json.j2
index d7b2d58a65503bf5b89b33897d3c899bcac0a19b..6e83d5e61193cbbce0c6bf9562a8f32d95ec2f38 100644
--- a/ansible/roles/designate/templates/designate-mdns.json.j2
+++ b/ansible/roles/designate/templates/designate-mdns.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-producer.json.j2 b/ansible/roles/designate/templates/designate-producer.json.j2
index 442766cd58a45a5e4ebb88d3c3860f96f66da38d..7e3c2570314ec09dc126154b9fa7602ee2e41b6d 100644
--- a/ansible/roles/designate/templates/designate-producer.json.j2
+++ b/ansible/roles/designate/templates/designate-producer.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-sink.json.j2 b/ansible/roles/designate/templates/designate-sink.json.j2
index e2d81900105198cd136f8d502f6898f7f42890dd..c8d0768c70c3ff18bc58e44251718b679eb9fdf6 100644
--- a/ansible/roles/designate/templates/designate-sink.json.j2
+++ b/ansible/roles/designate/templates/designate-sink.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-worker.json.j2 b/ansible/roles/designate/templates/designate-worker.json.j2
index 9c394bd57a6f89babddcc81fea0232ce942366ba..c1d8f765d0e1a0f4b5af2a95e495afb84dbf423b 100644
--- a/ansible/roles/designate/templates/designate-worker.json.j2
+++ b/ansible/roles/designate/templates/designate-worker.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- },
+ "perm": "0600"
+ }{% endif %},
{
"source": "{{ container_config_directory }}/pools.yaml",
"dest": "/etc/designate/pools.yaml",
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
index 69419de3c4fe3312666de3ce4e94e86134f35c7a..51b0eca09e75d1360520c3f20b0926f55c75c247 100644
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -105,3 +105,8 @@ driver = messagingv2
[oslo_concurrency]
lock_path = /var/lib/designate/tmp
+
+{% if designate_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ designate_policy_file }}
+{% endif %}