octavia: Add support for disabling amphora provider

Change-Id: I1010ee42aaf1c650d9e3b5332ebf828646a6badf

octavia: Add support for disabling amphora provider
810c4d94 · Michał Nasiadka · Michal Nasiadka · 93c44483 · 810c4d94 · 810c4d94
Commit 810c4d94 authored 4 years ago by Michał Nasiadka Committed by Michal Nasiadka 4 years ago
--- a/ansible/roles/octavia/tasks/config.yml
+++ b/ansible/roles/octavia/tasks/config.yml
@@ -100,69 +100,67 @@
  notify:
    - "Restart {{ item.key }} container"
- name: Copying over Octavia SSH key
+- block:
-  copy:
-    content: "{{ octavia_amp_ssh_key.private_key }}"
-    dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
-    owner: "{{ config_owner_user }}"
-    group: "{{ config_owner_group }}"
-    mode: "0400"
-  become: True
-  when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
- name: Copying certificate files for octavia-worker
+    - name: Copying over Octavia SSH key
-  vars:
+      copy:
-    service: "{{ octavia_services['octavia-worker'] }}"
+        content: "{{ octavia_amp_ssh_key.private_key }}"
-  copy:
+        dest: "{{ node_config_directory }}/octavia-worker/{{ octavia_amp_ssh_key_name }}"
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
+        owner: "{{ config_owner_user }}"
-    dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
+        group: "{{ config_owner_group }}"
-    mode: "0660"
+        mode: "0400"
-  become: true
+      become: True
-  when:
+      when: inventory_hostname in groups[octavia_services['octavia-worker']['group']]
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-worker container
- name: Copying certificate files for octavia-housekeeping
+    - name: Copying certificate files for octavia-worker
-  vars:
+      vars:
-    service: "{{ octavia_services['octavia-housekeeping'] }}"
+        service: "{{ octavia_services['octavia-worker'] }}"
-  copy:
+      copy:
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
-    dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-worker/{{ item }}"
-    mode: "0660"
+        mode: "0660"
-  become: true
+      become: true
-  when:
+      when:
-    - inventory_hostname in groups[service.group]
+        - inventory_hostname in groups[service.group]
-    - service.enabled | bool
+        - service.enabled | bool
-  with_items:
+      with_items: "{{ octavia_amphora_keys }}"
-    - client.cert-and-key.pem
+      notify:
-    - client_ca.cert.pem
+        - Restart octavia-worker container
-    - server_ca.cert.pem
-    - server_ca.key.pem
+    - name: Copying certificate files for octavia-housekeeping
-  notify:
+      vars:
-    - Restart octavia-housekeeping container
+        service: "{{ octavia_services['octavia-housekeeping'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-housekeeping container
+    - name: Copying certificate files for octavia-health-manager
+      vars:
+        service: "{{ octavia_services['octavia-health-manager'] }}"
+      copy:
+        src: "{{ node_custom_config }}/octavia/{{ item }}"
+        dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
+        mode: "0660"
+      become: true
+      when:
+        - inventory_hostname in groups[service.group]
+        - service.enabled | bool
+      with_items: "{{ octavia_amphora_keys }}"
+      notify:
+        - Restart octavia-health-manager container
- name: Copying certificate files for octavia-health-manager
+  when: "'amphora' in octavia_provider_drivers"
  vars:
-    service: "{{ octavia_services['octavia-health-manager'] }}"
+    octavia_amphora_keys:
-  copy:
+      - client.cert-and-key.pem
-    src: "{{ node_custom_config }}/octavia/{{ item }}"
+      - client_ca.cert.pem
-    dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}"
+      - server_ca.cert.pem
-    mode: "0660"
+      - server_ca.key.pem
-  become: true
-  when:
-    - inventory_hostname in groups[service.group]
-    - service.enabled | bool
-  with_items:
-    - client.cert-and-key.pem
-    - client_ca.cert.pem
-    - server_ca.cert.pem
-    - server_ca.key.pem
-  notify:
-    - Restart octavia-health-manager container
--- a/ansible/roles/octavia/tasks/precheck.yml
+++ b/ansible/roles/octavia/tasks/precheck.yml
@@ -41,6 +41,7 @@
      Octavia's certificate configuration has been changed since Train. The new
      configuration requires 4 PEM files. Please check certificate configuration
      guide at https://docs.openstack.org/octavia/latest/admin/guides/certificates.html
+  when: "'amphora' in octavia_provider_drivers"
 - name: Checking certificate files exist for octavia
  stat:
@@ -49,7 +50,9 @@
  run_once: True
  register: result
  failed_when: not result.stat.exists
-  when: inventory_hostname in groups['octavia-worker']
+  when:
+    - inventory_hostname in groups['octavia-worker']
+    - "'amphora' in octavia_provider_drivers"
  with_items:
    - client.cert-and-key.pem
    - client_ca.cert.pem

--- a/ansible/roles/octavia/templates/octavia-health-manager.json.j2
+++ b/ansible/roles/octavia/templates/octavia-health-manager.json.j2
@@ -6,7 +6,7 @@
            "dest": "/etc/octavia/octavia.conf",
            "owner": "octavia",
            "perm": "0600"
-        },
+        }{% if 'amphora' in octavia_provider_drivers %},
        {
            "source": "{{ container_config_directory }}/client.cert-and-key.pem",
            "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@@ -30,6 +30,6 @@
            "dest": "/etc/octavia/certs/server_ca.key.pem",
            "owner": "octavia",
            "perm": "0600"
-        }
+        }{% endif %}
    ]
 }
--- a/ansible/roles/octavia/templates/octavia-housekeeping.json.j2
+++ b/ansible/roles/octavia/templates/octavia-housekeeping.json.j2
@@ -6,7 +6,7 @@
            "dest": "/etc/octavia/octavia.conf",
            "owner": "octavia",
            "perm": "0600"
-        },
+        }{% if 'amphora' in octavia_provider_drivers %},
        {
            "source": "{{ container_config_directory }}/client.cert-and-key.pem",
            "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@@ -30,6 +30,6 @@
            "dest": "/etc/octavia/certs/server_ca.key.pem",
            "owner": "octavia",
            "perm": "0600"
-        }
+        }{% endif %}
    ]
 }
--- a/ansible/roles/octavia/templates/octavia-worker.json.j2
+++ b/ansible/roles/octavia/templates/octavia-worker.json.j2
@@ -6,7 +6,7 @@
            "dest": "/etc/octavia/octavia.conf",
            "owner": "octavia",
            "perm": "0600"
-        },
+        }{% if 'amphora' in octavia_provider_drivers %},
        {
            "source": "{{ container_config_directory }}/client.cert-and-key.pem",
            "dest": "/etc/octavia/certs/client.cert-and-key.pem",
@@ -30,6 +30,6 @@
            "dest": "/etc/octavia/certs/server_ca.key.pem",
            "owner": "octavia",
            "perm": "0600"
-        }
+        }{% endif %}
    ]
 }