From 92deddca88ab289cf9bb7e6fc5d5c3011f49874a Mon Sep 17 00:00:00 2001
From: Scott Solkhon <scottsolkhon@gmail.com>
Date: Wed, 15 Jan 2020 10:54:30 +0000
Subject: [PATCH] Support Neutron policy file in both .json and .yaml format
Change-Id: I22a995195a1d12bb759cba9777527c23475124f2
---
ansible/roles/neutron/tasks/config.yml | 67 +++++++++----------
.../templates/neutron-bgp-dragent.json.j2 | 11 ++-
.../templates/neutron-dhcp-agent.json.j2 | 11 ++-
.../templates/neutron-l3-agent.json.j2 | 11 ++-
.../neutron-linuxbridge-agent.json.j2 | 15 ++---
.../templates/neutron-metadata-agent.json.j2 | 11 ++-
.../templates/neutron-metering-agent.json.j2 | 11 ++-
.../neutron-openvswitch-agent-xenapi.json.j2 | 11 ++-
.../neutron-openvswitch-agent.json.j2 | 19 +++---
.../neutron/templates/neutron-server.json.j2 | 31 +++++----
.../templates/neutron-sriov-agent.json.j2 | 11 ++-
.../roles/neutron/templates/neutron.conf.j2 | 5 ++
...-support-policy-yaml-d573149c4efee7ad.yaml | 4 ++
13 files changed, 108 insertions(+), 110 deletions(-)
create mode 100644 releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml
diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml
index bf8b3bcb4..1f70bb1af 100644
--- a/ansible/roles/neutron/tasks/config.yml
+++ b/ansible/roles/neutron/tasks/config.yml
@@ -34,6 +34,39 @@
notify:
- "Restart {{ item.key }} container"
+- name: Check if policies shall be overwritten
+ stat:
+ path: "{{ item }}"
+ delegate_to: localhost
+ run_once: True
+ register: neutron_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/neutron/"
+ skip: true
+
+- name: Set neutron policy file
+ set_fact:
+ neutron_policy_file: "{{ neutron_policy.results.0.stat.path | basename }}"
+ neutron_policy_file_path: "{{ neutron_policy.results.0.stat.path }}"
+ when:
+ - neutron_policy.results
+
+- name: Copying over existing policy file
+ template:
+ src: "{{ neutron_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ neutron_policy_file }}"
+ mode: "0660"
+ become: true
+ when:
+ - neutron_policy_file is defined
+ - item.value.enabled | bool
+ - item.value.host_in_groups | bool
+ with_dict: "{{ neutron_services }}"
+ notify:
+ - "Restart {{ item.key }} container"
+
- name: Copying over config.json files for services
become: true
template:
@@ -351,13 +384,6 @@
notify:
- "Restart {{ service_name }} container"
-- name: Check if policies shall be overwritten
- stat:
- path: "{{ node_custom_config }}/neutron/policy.json"
- delegate_to: localhost
- run_once: True
- register: neutron_policy
-
- name: Copying over nsx.ini
vars:
service_name: "neutron-server"
@@ -376,33 +402,6 @@
notify:
- "Restart {{ service_name }} container"
-- name: Copying over existing policy.json
- become: true
- vars:
- service_name: "{{ item.key }}"
- services_need_policy_json:
- - "neutron-dhcp-agent"
- - "neutron-l3-agent"
- - "neutron-linuxbridge-agent"
- - "neutron-metadata-agent"
- - "neutron-metering-agent"
- - "neutron-openvswitch-agent"
- - "neutron-openvswitch-agent-xenapi"
- - "neutron-server"
- - "neutron-bgp-dragent"
- - "neutron-sriov-agent"
- template:
- src: "{{ node_custom_config }}/neutron/policy.json"
- dest: "{{ node_config_directory }}/{{ service_name }}/policy.json"
- mode: "0660"
- when:
- - neutron_policy.stat.exists
- - item.value.enabled | bool
- - item.value.host_in_groups | bool
- with_dict: "{{ neutron_services }}"
- notify:
- - "Restart {{ item.key }} container"
-
- name: Copy neutron-l3-agent-wrapper script
become: true
vars:
diff --git a/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2 b/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2
index bfc514ffb..cfce2042d 100644
--- a/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-bgp-dragent.json.j2
@@ -12,14 +12,13 @@
"dest": "/etc/neutron/bgp_dragent.ini",
"owner": "neutron",
"perm": "0600"
- },
+ }{% if neutron_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2 b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
index a727bc7f1..f913957a1 100644
--- a/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-dhcp-agent.json.j2
@@ -18,14 +18,13 @@
"dest": "/etc/neutron/dnsmasq.conf",
"owner": "neutron",
"perm": "0600"
- },
+ }{% if neutron_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2 b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
index b856c0932..81654edaa 100644
--- a/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-l3-agent.json.j2
@@ -30,14 +30,13 @@
"dest": "/etc/neutron/l3_agent.ini",
"owner": "neutron",
"perm": "0600"
- },
+ }{% if neutron_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2 b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
index cf82cc602..2ea1dff2a 100644
--- a/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-linuxbridge-agent.json.j2
@@ -7,12 +7,12 @@
"owner": "neutron",
"perm": "0600"
},
- {
- "source": "{{ container_config_directory }}/linuxbridge_agent.ini",
- "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
+ {% if neutron_policy_file is defined %}{
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
"perm": "0600"
- },
+ },{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@@ -22,11 +22,10 @@
},
{% endfor %}{% endif %}
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/linuxbridge_agent.ini",
+ "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
"owner": "neutron",
- "perm": "0600",
- "optional": true
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
index 531bf6ed0..8d9606722 100644
--- a/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-metadata-agent.json.j2
@@ -12,14 +12,13 @@
"dest": "/etc/neutron/metadata_agent.ini",
"owner": "neutron",
"perm": "0600"
- },
+ }{% if neutron_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron-metering-agent.json.j2 b/ansible/roles/neutron/templates/neutron-metering-agent.json.j2
index ad8272975..6a1d6cef8 100644
--- a/ansible/roles/neutron/templates/neutron-metering-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-metering-agent.json.j2
@@ -12,14 +12,13 @@
"dest": "/etc/neutron/metering_agent.ini",
"owner": "neutron",
"perm": "0600"
- },
+ }{% if neutron_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2 b/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2
index 83be24eb7..66e969c8a 100644
--- a/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2
+++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent-xenapi.json.j2
@@ -12,14 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
"perm": "0600"
- },
+ }{% if neutron_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2 b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
index b59632bc6..2cca76036 100644
--- a/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-openvswitch-agent.json.j2
@@ -7,12 +7,6 @@
"owner": "neutron",
"perm": "0600"
},
- {
- "source": "{{ container_config_directory }}/openvswitch_agent.ini",
- "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
- "owner": "neutron",
- "perm": "0600"
- },
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@@ -21,12 +15,17 @@
"perm": "0600"
},
{% endfor %}{% endif %}
+ {% if neutron_policy_file is defined %}{
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
+ "owner": "neutron",
+ "perm": "0600"
+ },{% endif %}
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/openvswitch_agent.ini",
+ "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
- "perm": "0600",
- "optional": true
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/neutron/templates/neutron-server.json.j2 b/ansible/roles/neutron/templates/neutron-server.json.j2
index 77ea2f2dd..91064c577 100644
--- a/ansible/roles/neutron/templates/neutron-server.json.j2
+++ b/ansible/roles/neutron/templates/neutron-server.json.j2
@@ -19,34 +19,33 @@
"owner": "neutron",
"perm": "0600"
},
+ {% if neutron_policy_file is defined %}{
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
+ "owner": "neutron",
+ "perm": "0600"
+ },{% endif %}
+{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%}
{
- "source": "{{ container_config_directory }}/ml2_conf.ini",
- "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
+ "source": "{{ container_config_directory }}/nsx.ini",
+ "dest": "/etc/neutron/plugins/vmware/nsx.ini",
"owner": "neutron",
+ "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }},
"perm": "0600"
- },
+ }{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
"dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}",
"owner": "neutron",
"perm": "0600"
- },
-{% endfor %}{% endif %}
+ },{% endfor %}{% endif %}
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
- "owner": "neutron",
- "perm": "0600",
- "optional": true
- }{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%},
- {
- "source": "{{ container_config_directory }}/nsx.ini",
- "dest": "/etc/neutron/plugins/vmware/nsx.ini",
+ "source": "{{ container_config_directory }}/ml2_conf.ini",
+ "dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
- "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }},
"perm": "0600"
- }{% endif %}
+ }
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2 b/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2
index 52cb2be8a..83abe58df 100644
--- a/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2
+++ b/ansible/roles/neutron/templates/neutron-sriov-agent.json.j2
@@ -12,14 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/sriov_agent.ini",
"owner": "neutron",
"perm": "0600"
- },
+ }{% if neutron_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/neutron/policy.json",
+ "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
+ "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/neutron/templates/neutron.conf.j2 b/ansible/roles/neutron/templates/neutron.conf.j2
index 1b9c01c9a..3b579c29e 100644
--- a/ansible/roles/neutron/templates/neutron.conf.j2
+++ b/ansible/roles/neutron/templates/neutron.conf.j2
@@ -124,6 +124,11 @@ topics = {{ neutron_enabled_notification_topics | map(attribute='name') | join('
driver = noop
{% endif %}
+{% if neutron_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ neutron_policy_file }}
+{% endif %}
+
{% if enable_neutron_sfc | bool %}
[sfc]
drivers = ovs
diff --git a/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml b/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml
new file mode 100644
index 000000000..20b1f1656
--- /dev/null
+++ b/releasenotes/notes/neutron-support-policy-yaml-d573149c4efee7ad.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Adds support for the Neutron policy file in both .json and .yaml format.
--
GitLab