From 6b99f21341ba28cecdef4002127784d6b4eea6b3 Mon Sep 17 00:00:00 2001
From: Dai Dang Van <daidv@vn.fujitsu.com>
Date: Mon, 8 Jan 2018 16:00:22 +0700
Subject: [PATCH] Support policy.yaml file [part 4]
- Barbican
- Ceilometer
- Cloudkitty
- Congress
- Designate
This will copy only yaml or json policy file if they exist.
Change-Id: Iaa19f64073d8bdee948bc2de58e095ca72afc092
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>
---
ansible/roles/barbican/handlers/main.yml | 12 +++----
ansible/roles/barbican/tasks/config.yml | 32 +++++++++++++------
.../barbican/templates/barbican-api.json.j2 | 11 +++----
.../barbican-keystone-listener.json.j2 | 11 +++----
.../templates/barbican-worker.json.j2 | 11 +++----
.../roles/barbican/templates/barbican.conf.j2 | 5 +++
ansible/roles/cloudkitty/handlers/main.yml | 8 ++---
ansible/roles/cloudkitty/tasks/config.yml | 32 +++++++++++++------
.../templates/cloudkitty-api.json.j2 | 11 +++----
.../templates/cloudkitty-processor.json.j2 | 11 +++----
.../cloudkitty/templates/cloudkitty.conf.j2 | 5 +++
ansible/roles/congress/handlers/main.yml | 12 +++----
ansible/roles/congress/tasks/config.yml | 27 +++++++++++++---
.../congress/templates/congress-api.json.j2 | 11 +++----
.../templates/congress-datasource.json.j2 | 11 +++----
.../templates/congress-policy-engine.json.j2 | 11 +++----
.../roles/congress/templates/congress.conf.j2 | 5 +++
ansible/roles/designate/handlers/main.yml | 24 +++++++-------
ansible/roles/designate/tasks/config.yml | 27 +++++++++++++---
.../designate/templates/designate-api.json.j2 | 11 +++----
.../templates/designate-central.json.j2 | 11 +++----
.../templates/designate-mdns.json.j2 | 11 +++----
.../templates/designate-producer.json.j2 | 11 +++----
.../templates/designate-sink.json.j2 | 11 +++----
.../templates/designate-worker.json.j2 | 11 +++----
.../designate/templates/designate.conf.j2 | 5 +++
26 files changed, 206 insertions(+), 142 deletions(-)
diff --git a/ansible/roles/barbican/handlers/main.yml b/ansible/roles/barbican/handlers/main.yml
index 1f40186be7..f34dd8f074 100644
--- a/ansible/roles/barbican/handlers/main.yml
+++ b/ansible/roles/barbican/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_api_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or barbican_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or barbican_api_ini.changed | bool
or barbican_api_paste.changed | bool
or barbican_api_container.changed | bool
@@ -30,7 +30,7 @@
service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_keystone_listener_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -44,7 +44,7 @@
- service.enabled | bool
- config_json.changed | bool
or barbican_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or barbican_keystone_listener_container.changed | bool
- name: Restart barbican-worker container
@@ -53,7 +53,7 @@
service: "{{ barbican_services[service_name] }}"
config_json: "{{ barbican_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_conf: "{{ barbican_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ barbican_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ barbican_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
barbican_worker_container: "{{ check_barbican_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -67,5 +67,5 @@
- service.enabled | bool
- config_json.changed | bool
or barbican_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or barbican_worker_container.changed | bool
diff --git a/ansible/roles/barbican/tasks/config.yml b/ansible/roles/barbican/tasks/config.yml
index 04449c2b4e..c379c253d1 100644
--- a/ansible/roles/barbican/tasks/config.yml
+++ b/ansible/roles/barbican/tasks/config.yml
@@ -9,6 +9,23 @@
- "barbican-keystone-listener"
- "barbican-worker"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: barbican_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/barbican/"
+ skip: true
+
+- name: Set barbican policy file
+ set_fact:
+ barbican_policy_file: "{{ barbican_policy.results.0.stat.path | basename }}"
+ barbican_policy_file_path: "{{ barbican_policy.results.0.stat.path }}"
+ when:
+ - barbican_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -79,18 +96,13 @@
notify:
- Restart {{ item.key }} container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/barbican/policy.json"
- run_once: True
- register: barbican_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/barbican/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: barbican_policy_jsons
+ src: "{{ barbican_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ barbican_policy_file }}"
+ register: barbican_policy_overwriting
when:
- - barbican_policy.stat.exists
+ - barbican_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ barbican_services }}"
diff --git a/ansible/roles/barbican/templates/barbican-api.json.j2 b/ansible/roles/barbican/templates/barbican-api.json.j2
index 40c16d19f7..3ea4ee955e 100644
--- a/ansible/roles/barbican/templates/barbican-api.json.j2
+++ b/ansible/roles/barbican/templates/barbican-api.json.j2
@@ -19,14 +19,13 @@
"owner": "barbican",
"perm": "0600",
"optional": true
- },
+ }{% if barbican_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/barbican/policy.json",
+ "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
+ "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2 b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
index 5422160a59..e0f1f15618 100644
--- a/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
+++ b/ansible/roles/barbican/templates/barbican-keystone-listener.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/barbican/barbican.conf",
"owner": "barbican",
"perm": "0600"
- },
+ }{% if barbican_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/barbican/policy.json",
+ "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
+ "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/barbican/templates/barbican-worker.json.j2 b/ansible/roles/barbican/templates/barbican-worker.json.j2
index 56fb1cf27d..81a0ca7b17 100644
--- a/ansible/roles/barbican/templates/barbican-worker.json.j2
+++ b/ansible/roles/barbican/templates/barbican-worker.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/barbican/barbican.conf",
"owner": "barbican",
"perm": "0600"
- },
+ }{% if barbican_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/barbican/policy.json",
+ "source": "{{ container_config_directory }}/{{ barbican_policy_file }}",
+ "dest": "/etc/barbican/{{ barbican_policy_file }}",
"owner": "barbican",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/barbican/templates/barbican.conf.j2 b/ansible/roles/barbican/templates/barbican.conf.j2
index b3328e5d4c..1ccd397141 100644
--- a/ansible/roles/barbican/templates/barbican.conf.j2
+++ b/ansible/roles/barbican/templates/barbican.conf.j2
@@ -73,3 +73,8 @@ auth_type = password
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
+
+{% if barbican_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ barbican_policy_file }}
+{% endif %}
diff --git a/ansible/roles/cloudkitty/handlers/main.yml b/ansible/roles/cloudkitty/handlers/main.yml
index 339442e422..158e60c6b5 100644
--- a/ansible/roles/cloudkitty/handlers/main.yml
+++ b/ansible/roles/cloudkitty/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ cloudkitty_services[service_name] }}"
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_api_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -20,7 +20,7 @@
- config_json.changed | bool
or cloudkitty_conf.changed | bool
or cloudkitty_conf_wsgi.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or cloudkitty_api_container.changed | bool
- name: Restart cloudkitty-processor container
@@ -29,7 +29,7 @@
service: "{{ cloudkitty_services[service_name] }}"
config_json: "{{ cloudkitty_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_conf: "{{ cloudkitty_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ cloudkitty_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ cloudkitty_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
cloudkitty_processor_container: "{{ check_cloudkitty_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -43,5 +43,5 @@
- service.enabled | bool
- config_json.changed | bool
or cloudkitty_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or cloudkitty_processor_container.changed | bool
diff --git a/ansible/roles/cloudkitty/tasks/config.yml b/ansible/roles/cloudkitty/tasks/config.yml
index d5616a7502..e62b2a2eb1 100644
--- a/ansible/roles/cloudkitty/tasks/config.yml
+++ b/ansible/roles/cloudkitty/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ cloudkitty_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: cloudkitty_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/cloudkitty/"
+ skip: true
+
+- name: Set cloudkitty policy file
+ set_fact:
+ cloudkitty_policy_file: "{{ cloudkitty_policy.results.0.stat.path | basename }}"
+ cloudkitty_policy_file_path: "{{ cloudkitty_policy.results.0.stat.path }}"
+ when:
+ - cloudkitty_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -55,18 +72,13 @@
notify:
- Restart cloudkitty-api container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/cloudkitty/policy.json"
- run_once: True
- register: cloudkitty_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/cloudkitty/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: cloudkitty_policy_jsons
+ src: "{{ cloudkitty_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ cloudkitty_policy_file }}"
+ register: cloudkitty_policy_overwriting
when:
- - cloudkitty_policy.stat.exists
+ - cloudkitty_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ cloudkitty_services }}"
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
index cccc9350a1..f31a43b9da 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty-api.json.j2
@@ -14,14 +14,13 @@
"dest": "/etc/{{ cloudkitty_dir }}/wsgi-cloudkitty.conf",
"owner": "cloudkitty",
"perm": "0600"
- },
+ }{% if cloudkitty_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/cloudkitty/policy.json",
+ "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
+ "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
"owner": "cloudkitty",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2 b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
index 06f83feada..7d57ae041e 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty-processor.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/cloudkitty/cloudkitty.conf",
"owner": "cloudkitty",
"perm": "0600"
- },
+ }{% if cloudkitty_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/cloudkitty/policy.json",
+ "source": "{{ container_config_directory }}/{{ cloudkitty_policy_file }}",
+ "dest": "/etc/cloudkitty/{{ cloudkitty_policy_file }}",
"owner": "cloudkitty",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2 b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
index 45c1a6aa21..910d151bce 100644
--- a/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
+++ b/ansible/roles/cloudkitty/templates/cloudkitty.conf.j2
@@ -31,6 +31,11 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_concurrency]
lock_path = /var/lib/cloudkitty/tmp
+{% if cloudkitty_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ cloudkitty_policy_file }}
+{% endif %}
+
[collect]
collector = {{ cloudkitty_collector_backend }}
services = compute,image{% if enable_cinder | bool %},volume{% endif %},network.bw.out,network.bw.in,network.floating
diff --git a/ansible/roles/congress/handlers/main.yml b/ansible/roles/congress/handlers/main.yml
index ac02c45084..c6f386f7b3 100644
--- a/ansible/roles/congress/handlers/main.yml
+++ b/ansible/roles/congress/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_api_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or congress_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or congress_api_container.changed | bool
- name: Restart congress-policy-engine container
@@ -28,7 +28,7 @@
service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_policy_engin_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or congress_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or congress_policy_engin_container.changed | bool
- name: Restart congress-datasource container
@@ -51,7 +51,7 @@
service: "{{ congress_services[service_name] }}"
config_json: "{{ congress_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_conf: "{{ congress_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ congress_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ congress_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
congress_datasource_container: "{{ check_congress_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -65,5 +65,5 @@
- service.enabled | bool
- config_json.changed | bool
or congress_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or congress_datasource_container.changed | bool
diff --git a/ansible/roles/congress/tasks/config.yml b/ansible/roles/congress/tasks/config.yml
index f8293f68aa..779b504478 100644
--- a/ansible/roles/congress/tasks/config.yml
+++ b/ansible/roles/congress/tasks/config.yml
@@ -7,6 +7,23 @@
when: inventory_hostname in groups[item.value.group]
with_dict: "{{ congress_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: congress_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/congress/"
+ skip: true
+
+- name: Set congress policy file
+ set_fact:
+ congress_policy_file: "{{ congress_policy.results.0.stat.path | basename }}"
+ congress_policy_file_path: "{{ congress_policy.results.0.stat.path }}"
+ when:
+ - congress_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -43,13 +60,13 @@
run_once: True
register: congress_policy
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/congress/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: congress_policy_jsons
+ src: "{{ congress_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ congress_policy_file }}"
+ register: congress_policy_overwriting
when:
- - congress_policy.stat.exists
+ - congress_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ congress_services }}"
diff --git a/ansible/roles/congress/templates/congress-api.json.j2 b/ansible/roles/congress/templates/congress-api.json.j2
index f436301a0e..bc8e67291d 100644
--- a/ansible/roles/congress/templates/congress-api.json.j2
+++ b/ansible/roles/congress/templates/congress-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
- },
+ }{% if congress_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/congress/policy.json",
+ "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
+ "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/congress/templates/congress-datasource.json.j2 b/ansible/roles/congress/templates/congress-datasource.json.j2
index d3edbb9280..ad75b611c1 100644
--- a/ansible/roles/congress/templates/congress-datasource.json.j2
+++ b/ansible/roles/congress/templates/congress-datasource.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
- },
+ }{% if congress_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/congress/policy.json",
+ "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
+ "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/congress/templates/congress-policy-engine.json.j2 b/ansible/roles/congress/templates/congress-policy-engine.json.j2
index f3853e96b2..ca1dc4bbbe 100644
--- a/ansible/roles/congress/templates/congress-policy-engine.json.j2
+++ b/ansible/roles/congress/templates/congress-policy-engine.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/congress/congress.conf",
"owner": "congress",
"perm": "0600"
- },
+ }{% if congress_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/congress/policy.json",
+ "source": "{{ container_config_directory }}/{{ congress_policy_file }}",
+ "dest": "/etc/congress/{{ congress_policy_file }}",
"owner": "congress",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/congress/templates/congress.conf.j2 b/ansible/roles/congress/templates/congress.conf.j2
index 2c38293e5d..15094c28da 100644
--- a/ansible/roles/congress/templates/congress.conf.j2
+++ b/ansible/roles/congress/templates/congress.conf.j2
@@ -45,5 +45,10 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
+{% if congress_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ congress_policy_file }}
+{% endif %}
+
[congress]
url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ congress_api_port }}
diff --git a/ansible/roles/designate/handlers/main.yml b/ansible/roles/designate/handlers/main.yml
index 39d9956172..8da26c2ffa 100644
--- a/ansible/roles/designate/handlers/main.yml
+++ b/ansible/roles/designate/handlers/main.yml
@@ -27,7 +27,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_api_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -41,7 +41,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_api_container.changed | bool
- name: Restart designate-central container
@@ -50,7 +50,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_central_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -64,7 +64,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_central_container.changed | bool
- name: Restart designate-producer container
@@ -73,7 +73,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_producer_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -87,7 +87,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_producer_container.changed | bool
- name: Restart designate-mdns container
@@ -96,7 +96,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_mdns_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -110,7 +110,7 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_mdns_container.changed | bool
- name: Restart designate-worker container
@@ -119,7 +119,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_worker_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -135,7 +135,7 @@
or designate_conf.changed | bool
or designate_rndc_conf.changed | bool
or designate_rndc_key_file.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_worker_container.changed | bool
- name: Restart designate-sink container
@@ -144,7 +144,7 @@
service: "{{ designate_services[service_name] }}"
config_json: "{{ designate_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_conf: "{{ designate_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ designate_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ designate_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
designate_sink_container: "{{ check_designate_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -158,5 +158,5 @@
- service.enabled | bool
- config_json.changed | bool
or designate_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or designate_sink_container.changed | bool
diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml
index f0cd639262..05721cb0fd 100644
--- a/ansible/roles/designate/tasks/config.yml
+++ b/ansible/roles/designate/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ designate_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: designate_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/designate/"
+ skip: true
+
+- name: Set designate policy file
+ set_fact:
+ designate_policy_file: "{{ designate_policy.results.0.stat.path | basename }}"
+ designate_policy_file_path: "{{ designate_policy.results.0.stat.path }}"
+ when:
+ - designate_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -124,13 +141,13 @@
run_once: True
register: designate_policy
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/designate/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: designate_policy_jsons
+ src: "{{ designate_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ designate_policy_file }}"
+ register: designate_policy_overwriting
when:
- - designate_policy.stat.exists
+ - designate_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ designate_services }}"
diff --git a/ansible/roles/designate/templates/designate-api.json.j2 b/ansible/roles/designate/templates/designate-api.json.j2
index 31ad788480..73c1011096 100644
--- a/ansible/roles/designate/templates/designate-api.json.j2
+++ b/ansible/roles/designate/templates/designate-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-central.json.j2 b/ansible/roles/designate/templates/designate-central.json.j2
index ddde828cd3..3605761b4d 100644
--- a/ansible/roles/designate/templates/designate-central.json.j2
+++ b/ansible/roles/designate/templates/designate-central.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-mdns.json.j2 b/ansible/roles/designate/templates/designate-mdns.json.j2
index d7b2d58a65..6e83d5e611 100644
--- a/ansible/roles/designate/templates/designate-mdns.json.j2
+++ b/ansible/roles/designate/templates/designate-mdns.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-producer.json.j2 b/ansible/roles/designate/templates/designate-producer.json.j2
index 442766cd58..7e3c257031 100644
--- a/ansible/roles/designate/templates/designate-producer.json.j2
+++ b/ansible/roles/designate/templates/designate-producer.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-sink.json.j2 b/ansible/roles/designate/templates/designate-sink.json.j2
index e2d8190010..c8d0768c70 100644
--- a/ansible/roles/designate/templates/designate-sink.json.j2
+++ b/ansible/roles/designate/templates/designate-sink.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/designate/templates/designate-worker.json.j2 b/ansible/roles/designate/templates/designate-worker.json.j2
index 9c394bd57a..c1d8f765d0 100644
--- a/ansible/roles/designate/templates/designate-worker.json.j2
+++ b/ansible/roles/designate/templates/designate-worker.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/designate/designate.conf",
"owner": "designate",
"perm": "0600"
- },
+ }{% if designate_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/designate/policy.json",
+ "source": "{{ container_config_directory }}/{{ designate_policy_file }}",
+ "dest": "/etc/designate/{{ designate_policy_file }}",
"owner": "designate",
- "perm": "0600",
- "optional": true
- },
+ "perm": "0600"
+ }{% endif %},
{
"source": "{{ container_config_directory }}/pools.yaml",
"dest": "/etc/designate/pools.yaml",
diff --git a/ansible/roles/designate/templates/designate.conf.j2 b/ansible/roles/designate/templates/designate.conf.j2
index 69419de3c4..51b0eca09e 100644
--- a/ansible/roles/designate/templates/designate.conf.j2
+++ b/ansible/roles/designate/templates/designate.conf.j2
@@ -105,3 +105,8 @@ driver = messagingv2
[oslo_concurrency]
lock_path = /var/lib/designate/tmp
+
+{% if designate_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ designate_policy_file }}
+{% endif %}
--
GitLab