diff --git a/ansible/roles/heat/handlers/main.yml b/ansible/roles/heat/handlers/main.yml
index d3365001821dfbc090cd1db20ff07c3add714e8b..aea3a22d2ed51928c8c9f57ef80f3d283de758c3 100644
--- a/ansible/roles/heat/handlers/main.yml
+++ b/ansible/roles/heat/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ heat_services[service_name] }}"
config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
heat_api_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or heat_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or heat_api_container.changed | bool
- name: Restart heat-api-cfn container
@@ -28,7 +28,7 @@
service: "{{ heat_services[service_name] }}"
config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
heat_api_cfn_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or heat_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or heat_api_cfn_container.changed | bool
- name: Restart heat-engine container
@@ -51,7 +51,7 @@
service: "{{ heat_services[service_name] }}"
config_json: "{{ heat_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
heat_conf: "{{ heat_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ heat_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ heat_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
heat_engine_container: "{{ check_heat_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -65,5 +65,5 @@
- service.enabled | bool
- config_json.changed | bool
or heat_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or heat_engine_container.changed | bool
diff --git a/ansible/roles/heat/tasks/config.yml b/ansible/roles/heat/tasks/config.yml
index 03ab85b948be9afa8f1518df2c96c8b79a58bbde..5a49edf9d8a409049a2f02783882c53539025296 100644
--- a/ansible/roles/heat/tasks/config.yml
+++ b/ansible/roles/heat/tasks/config.yml
@@ -13,6 +13,23 @@
- item.value.enabled | bool
with_dict: "{{ heat_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: heat_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/heat/"
+ skip: true
+
+- name: Set heat policy file
+ set_fact:
+ heat_policy_file: "{{ heat_policy.results.0.stat.path | basename }}"
+ heat_policy_file_path: "{{ heat_policy.results.0.stat.path }}"
+ when:
+ - heat_policy.results
+
- name: Copying over config.json files for services
become: true
template:
@@ -61,20 +78,15 @@
- Restart heat-api-cfn container
- Restart heat-engine container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/heat/policy.json"
- run_once: True
- register: heat_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
become: true
template:
- src: "{{ node_custom_config }}/heat/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+ src: "{{ heat_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ heat_policy_file }}"
mode: "0660"
- register: heat_policy_jsons
+ register: heat_policy_overwriting
when:
- - heat_policy.stat.exists
+ - heat_policy_file is defined
- inventory_hostname in groups[item.value.group]
with_dict: "{{ heat_services }}"
notify:
diff --git a/ansible/roles/heat/templates/heat-api-cfn.json.j2 b/ansible/roles/heat/templates/heat-api-cfn.json.j2
index 40d7987c94ca5b38e966859926f5f16fcc7055b4..4077ab4cd20c68c20bb1363f73ed957d24684b5b 100644
--- a/ansible/roles/heat/templates/heat-api-cfn.json.j2
+++ b/ansible/roles/heat/templates/heat-api-cfn.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/heat/heat.conf",
"owner": "heat",
"perm": "0600"
- },
+ }{% if heat_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/heat/policy.json",
+ "source": "{{ container_config_directory }}/{{ heat_policy_file }}",
+ "dest": "/etc/heat/{{ heat_policy_file }}",
"owner": "heat",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/heat/templates/heat-api.json.j2 b/ansible/roles/heat/templates/heat-api.json.j2
index bc11a53e01aabe7d6572a63f9c5240918fc4881c..00a7ac2da20e08d018eeb146f10e977abf6199f8 100644
--- a/ansible/roles/heat/templates/heat-api.json.j2
+++ b/ansible/roles/heat/templates/heat-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/heat/heat.conf",
"owner": "heat",
"perm": "0600"
- },
+ }{% if heat_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/heat/policy.json",
+ "source": "{{ container_config_directory }}/{{ heat_policy_file }}",
+ "dest": "/etc/heat/{{ heat_policy_file }}",
"owner": "heat",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/heat/templates/heat-engine.json.j2 b/ansible/roles/heat/templates/heat-engine.json.j2
index c9bda6aaf76e52652574055d88526b83ea0b2e89..e2bdb277385a76bbfdeb55c1c19516b87ea27d9e 100644
--- a/ansible/roles/heat/templates/heat-engine.json.j2
+++ b/ansible/roles/heat/templates/heat-engine.json.j2
@@ -12,14 +12,13 @@
"dest": "/etc/heat/environment.d/_deprecated.yaml",
"owner": "heat",
"perm": "0600"
- },
+ }{% if heat_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/heat/policy.json",
+ "source": "{{ container_config_directory }}/{{ heat_policy_file }}",
+ "dest": "/etc/heat/{{ heat_policy_file }}",
"owner": "heat",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/heat/templates/heat.conf.j2 b/ansible/roles/heat/templates/heat.conf.j2
index 317bee5ff024d4a430412e86ea7c20e2c21abf74..106d24ea47e07036bb31757edaf1054b372cf9de 100644
--- a/ansible/roles/heat/templates/heat.conf.j2
+++ b/ansible/roles/heat/templates/heat.conf.j2
@@ -84,6 +84,11 @@ topics = 'notifications'
driver = noop
{% endif %}
+{% if heat_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ heat_policy_file }}
+{% endif %}
+
[clients]
endpoint_type = internalURL
diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml
index e93a9f7774f3ebea7a6d2ed044ae64bbc318717d..9a76968de1e41eb030c862e0a33f8eed88ff283b 100644
--- a/ansible/roles/ironic/tasks/config.yml
+++ b/ansible/roles/ironic/tasks/config.yml
@@ -11,6 +11,23 @@
- "ironic-pxe"
- "ironic-dnsmasq"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: ironic_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/ironic/"
+ skip: true
+
+- name: Set ironic policy file
+ set_fact:
+ ironic_policy_file: "{{ ironic_policy.results.0.stat.path | basename }}"
+ ironic_policy_file_path: "{{ ironic_policy.results.0.stat.path }}"
+ when:
+ - ironic_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
@@ -99,19 +116,14 @@
- inventory_hostname in groups['ironic-pxe']
- not enable_ironic_pxe_uefi
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/ironic/policy.json"
- run_once: True
- register: ironic_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/ironic/policy.json"
- dest: "{{ node_config_directory }}/{{ item }}/policy.json"
+ src: "{{ ironic_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item }}/{{ ironic_policy_file }}"
with_items:
- "ironic-api"
- "ironic-conductor"
- "ironic-inspector"
- "ironic-pxe"
when:
- ironic_policy.stat.exists
+ ironic_policy_file is defined
diff --git a/ansible/roles/ironic/templates/ironic-api.json.j2 b/ansible/roles/ironic/templates/ironic-api.json.j2
index ff0917118f881926f55393a7effaecbd083004be..075b0d04eef355eb7f1db2a28ec2466d835fb7a3 100644
--- a/ansible/roles/ironic/templates/ironic-api.json.j2
+++ b/ansible/roles/ironic/templates/ironic-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/ironic/ironic.conf",
"owner": "ironic",
"perm": "0600"
- },
+ }{% if ironic_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/ironic/policy.json",
+ "source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
+ "dest": "/etc/ironic/{{ ironic_policy_file }}",
"owner": "ironic",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/ironic/templates/ironic-conductor.json.j2 b/ansible/roles/ironic/templates/ironic-conductor.json.j2
index 969b1f749644edbec644f6ccc67d044d02df38be..94dfe227a5b95cbdb6672412b1d61bc19f0c64d0 100644
--- a/ansible/roles/ironic/templates/ironic-conductor.json.j2
+++ b/ansible/roles/ironic/templates/ironic-conductor.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/ironic/ironic.conf",
"owner": "ironic",
"perm": "0600"
- },
+ }{% if ironic_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/ironic/policy.json",
+ "source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
+ "dest": "/etc/ironic/{{ ironic_policy_file }}",
"owner": "ironic",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index 65353b8dc6aed6677fbe5bb77e8fc3e37eced104..2357d452c1c87927cc50563c7aab2e11f1cca34d 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -29,6 +29,11 @@ memcache_security_strategy = ENCRYPT
memcache_secret_key = {{ memcache_secret_key }}
memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
+{% if ironic_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ ironic_policy_file }}
+{% endif %}
+
[firewall]
dnsmasq_interface = {{ ironic_dnsmasq_interface }}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2
index f5550a6d5f93c5e11b56a7fcf14492cbff1ef4fe..d82d506d3dfdd267f50f14cadd0f432c8cc0ea70 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.json.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2
@@ -6,13 +6,12 @@
"dest": "/etc/ironic-inspector/inspector.conf",
"owner": "ironic-inspector",
"perm": "0600"
- },
+ }{% if ironic_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/ironic-inspector/policy.json",
- "owner": "ironic-inspector",
- "perm": "0600",
- "optional": true
- }
+ "source": "{{ container_config_directory }}/{{ ironic_policy_file }}",
+ "dest": "/etc/ironic/{{ ironic_policy_file }}",
+ "owner": "ironic",
+ "perm": "0600"
+ }{% endif %}
]
}
diff --git a/ansible/roles/ironic/templates/ironic.conf.j2 b/ansible/roles/ironic/templates/ironic.conf.j2
index ff6a5bc58a6ceeab92eb5770bc85b6bbcef8863b..6c58f97e345dff0ac4bdf36cc75fb0dd9da1dc2a 100644
--- a/ansible/roles/ironic/templates/ironic.conf.j2
+++ b/ansible/roles/ironic/templates/ironic.conf.j2
@@ -20,6 +20,11 @@ transport_url = {{ rpc_transport_url }}
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
+{% if ironic_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ ironic_policy_file }}
+{% endif %}
+
{% if service_name == 'ironic-api' %}
[api]
host_ip = {{ api_interface_address }}
diff --git a/ansible/roles/magnum/handlers/main.yml b/ansible/roles/magnum/handlers/main.yml
index 301f1346b01bd9b8b1d5d89691cad01a0345c997..bc6ab3047469843d45a60def2a993cf7686cd475 100644
--- a/ansible/roles/magnum/handlers/main.yml
+++ b/ansible/roles/magnum/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ magnum_services[service_name] }}"
config_json: "{{ magnum_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
magnum_conf: "{{ magnum_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ magnum_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ magnum_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
magnum_api_container: "{{ check_magnum_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -20,7 +20,7 @@
- service.enabled | bool
- config_json.changed | bool
or magnum_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or magnum_api_container.changed | bool
- name: Restart magnum-conductor container
@@ -29,7 +29,7 @@
service: "{{ magnum_services[service_name] }}"
config_json: "{{ magnum_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
magnum_conf: "{{ magnum_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ magnum_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ magnum_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
magnum_conductor_container: "{{ check_magnum_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -44,5 +44,5 @@
- service.enabled | bool
- config_json.changed | bool
or magnum_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or magnum_conductor_container.changed | bool
diff --git a/ansible/roles/magnum/tasks/config.yml b/ansible/roles/magnum/tasks/config.yml
index 400caf48084214ed554ccebf3e074e2603863a11..0d8468eed861430a92f8f10ad099f1631b4cb141 100644
--- a/ansible/roles/magnum/tasks/config.yml
+++ b/ansible/roles/magnum/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ magnum_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: magnum_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/magnum/"
+ skip: true
+
+- name: Set magnum policy file
+ set_fact:
+ magnum_policy_file: "{{ magnum_policy.results.0.stat.path | basename }}"
+ magnum_policy_file_path: "{{ magnum_policy.results.0.stat.path }}"
+ when:
+ - magnum_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -42,18 +59,13 @@
- Restart magnum-api container
- Restart magnum-conductor container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/magnum/policy.json"
- run_once: True
- register: magnum_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/magnum/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: magnum_policy_jsons
+ src: "{{ magnum_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ magnum_policy_file }}"
+ register: magnum_policy_overwriting
when:
- - magnum_policy.stat.exists
+ - magnum_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ magnum_services }}"
diff --git a/ansible/roles/magnum/templates/magnum-api.json.j2 b/ansible/roles/magnum/templates/magnum-api.json.j2
index e191b862f1755f787f34ddda10b00f3b0982a19f..9737ad8072a71b8878f03a38b05632dfa989c52b 100644
--- a/ansible/roles/magnum/templates/magnum-api.json.j2
+++ b/ansible/roles/magnum/templates/magnum-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/magnum/magnum.conf",
"owner": "magnum",
"perm": "0600"
- },
+ }{% if magnum_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/magnum/policy.json",
+ "source": "{{ container_config_directory }}/{{ magnum_policy_file }}",
+ "dest": "/etc/magnum/{{ magnum_policy_file }}",
"owner": "magnum",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/magnum/templates/magnum-conductor.json.j2 b/ansible/roles/magnum/templates/magnum-conductor.json.j2
index ecf1d74c0a8489666b6958ad5f593548f85fdfd7..f77b1609d1d66458158f86ffc35fd048b81910ec 100644
--- a/ansible/roles/magnum/templates/magnum-conductor.json.j2
+++ b/ansible/roles/magnum/templates/magnum-conductor.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/magnum/magnum.conf",
"owner": "magnum",
"perm": "0600"
- },
+ }{% if magnum_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/magnum/policy.json",
+ "source": "{{ container_config_directory }}/{{ magnum_policy_file }}",
+ "dest": "/etc/magnum/{{ magnum_policy_file }}",
"owner": "magnum",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2
index 22b8c2d8e2ed891a10c9f92d4d48d615b9c259a6..f72df54d58ed4dc694fb018b50f10c8998d3b959 100644
--- a/ansible/roles/magnum/templates/magnum.conf.j2
+++ b/ansible/roles/magnum/templates/magnum.conf.j2
@@ -93,6 +93,11 @@ topics = 'notifications'
driver = noop
{% endif %}
+{% if magnum_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ magnum_policy_file }}
+{% endif %}
+
{% if enable_osprofiler | bool %}
[profiler]
enabled = true
diff --git a/ansible/roles/manila/handlers/main.yml b/ansible/roles/manila/handlers/main.yml
index 85ced457ea471e923691c71da4bc3a892692eb68..a1638eab87342c82ca4dcd3756d13a778dafabb4 100644
--- a/ansible/roles/manila/handlers/main.yml
+++ b/ansible/roles/manila/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ manila_services[service_name] }}"
config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
manila_api_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or manila_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or manila_api_container.changed | bool
- name: Restart manila-data container
@@ -28,7 +28,7 @@
service: "{{ manila_services[service_name] }}"
config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
manila_data_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -43,7 +43,7 @@
- service.enabled | bool
- config_json.changed | bool
or manila_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or manila_data_container.changed | bool
- name: Restart manila-scheduler container
@@ -52,7 +52,7 @@
service: "{{ manila_services[service_name] }}"
config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
manila_conf: "{{ manila_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
manila_scheduler_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -66,7 +66,7 @@
- service.enabled | bool
- config_json.changed | bool
or manila_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or manila_scheduler_container.changed | bool
- name: Restart manila-share container
@@ -74,7 +74,7 @@
service_name: "manila-share"
service: "{{ manila_services[service_name] }}"
config_json: "{{ manila_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ manila_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
manila_share_container: "{{ check_manila_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -89,5 +89,5 @@
- service.enabled | bool
- config_json.changed | bool
or manila_conf_share.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or manila_share_container.changed | bool
diff --git a/ansible/roles/manila/tasks/config.yml b/ansible/roles/manila/tasks/config.yml
index c280347bb361912304340d4089fc219fa3812428..2a9496608e148edc621f6277c78f382e7584f23a 100644
--- a/ansible/roles/manila/tasks/config.yml
+++ b/ansible/roles/manila/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ manila_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: manila_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/manila/"
+ skip: true
+
+- name: Set manila policy file
+ set_fact:
+ manila_policy_file: "{{ manila_policy.results.0.stat.path | basename }}"
+ manila_policy_file_path: "{{ manila_policy.results.0.stat.path }}"
+ when:
+ - manila_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -66,18 +83,13 @@
notify:
- Restart manila-share container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/manila/policy.json"
- run_once: True
- register: manila_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/manila/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: policy_jsons
+ src: "{{ manila_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ manila_policy_file }}"
+ register: manila_policy_overwriting
when:
- - manila_policy.stat.exists
+ - manila_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ manila_services }}"
diff --git a/ansible/roles/manila/templates/manila-api.json.j2 b/ansible/roles/manila/templates/manila-api.json.j2
index 9155783078fdbcb16540f20cf7ccbfbc03f093a2..e1d6c8af8b9cfa97bdfaaa059a8f86cb3be82fe5 100644
--- a/ansible/roles/manila/templates/manila-api.json.j2
+++ b/ansible/roles/manila/templates/manila-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/manila/manila.conf",
"owner": "manila",
"perm": "0600"
- },
+ }{% if manila_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/manila/policy.json",
+ "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
+ "dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/manila/templates/manila-data.json.j2 b/ansible/roles/manila/templates/manila-data.json.j2
index 715f7dc0e445944232cf68aac20922e1bdb62c1a..7c1f82316cb6bf56eed893bda42dd4613c10cd1f 100644
--- a/ansible/roles/manila/templates/manila-data.json.j2
+++ b/ansible/roles/manila/templates/manila-data.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/manila/manila.conf",
"owner": "manila",
"perm": "0600"
- },
+ }{% if manila_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/manila/policy.json",
+ "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
+ "dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/manila/templates/manila-scheduler.json.j2 b/ansible/roles/manila/templates/manila-scheduler.json.j2
index d814133885c56014965de0618d9ccde4478ca42b..2d6987af648efa77e1f385cbf736f5b5aedd69f3 100644
--- a/ansible/roles/manila/templates/manila-scheduler.json.j2
+++ b/ansible/roles/manila/templates/manila-scheduler.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/manila/manila.conf",
"owner": "manila",
"perm": "0600"
- },
+ }{% if manila_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/manila/policy.json",
+ "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
+ "dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/manila/templates/manila-share.conf.j2 b/ansible/roles/manila/templates/manila-share.conf.j2
index 9bb751d2da99adaff04261f17a5c54bb1cf20830..9899b09806cdd0a3f91af2df02c7fc63ad158cff 100644
--- a/ansible/roles/manila/templates/manila-share.conf.j2
+++ b/ansible/roles/manila/templates/manila-share.conf.j2
@@ -72,6 +72,11 @@ service_image_name = manila-service-image
share_backend_name = GENERIC
{% endif %}
+{% if manila_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ manila_policy_file }}
+{% endif %}
+
{% if enable_manila_backend_hnas | bool %}
[hnas1]
share_backend_name = HNAS1
diff --git a/ansible/roles/manila/templates/manila-share.json.j2 b/ansible/roles/manila/templates/manila-share.json.j2
index 3484b6f16a7ed236a26275a7134e11de67efb274..00e7db83480a0f59956e42d7460b386303dc18b1 100644
--- a/ansible/roles/manila/templates/manila-share.json.j2
+++ b/ansible/roles/manila/templates/manila-share.json.j2
@@ -12,14 +12,13 @@
"dest": "/etc/ceph/",
"owner": "manila",
"perm": "0600"
- }{% endif %},
+ }{% endif %}{% if manila_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/manila/policy.json",
+ "source": "{{ container_config_directory }}/{{ manila_policy_file }}",
+ "dest": "/etc/manila/{{ manila_policy_file }}",
"owner": "manila",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/manila/templates/manila.conf.j2 b/ansible/roles/manila/templates/manila.conf.j2
index 0bc17ee5acf6ecabd1366f6c157afa53b2195874..7aace90134ff9f51d2b11eefd1737d48cda0b00a 100644
--- a/ansible/roles/manila/templates/manila.conf.j2
+++ b/ansible/roles/manila/templates/manila.conf.j2
@@ -44,3 +44,8 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
+
+{% if manila_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ manila_policy_file }}
+{% endif %}
diff --git a/ansible/roles/mistral/handlers/main.yml b/ansible/roles/mistral/handlers/main.yml
index b7d68951b68c5da108ab09511f46e7d7d1fa0dcb..dfbbd057349bdc52be37c37ecc7d26b6284d7a38 100644
--- a/ansible/roles/mistral/handlers/main.yml
+++ b/ansible/roles/mistral/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ mistral_services[service_name] }}"
config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
mistral_api_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or mistral_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or mistral_api_container.changed | bool
- name: Restart mistral-engine container
@@ -28,7 +28,7 @@
service: "{{ mistral_services[service_name] }}"
config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
mistral_engine_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or mistral_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or mistral_engine_container.changed | bool
- name: Restart mistral-executor container
@@ -51,7 +51,7 @@
service: "{{ mistral_services[service_name] }}"
config_json: "{{ mistral_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
mistral_conf: "{{ mistral_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ mistral_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ mistral_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
mistral_executor_container: "{{ check_mistral_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -65,5 +65,5 @@
- service.enabled | bool
- config_json.changed | bool
or mistral_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or mistral_executor_container.changed | bool
diff --git a/ansible/roles/mistral/tasks/config.yml b/ansible/roles/mistral/tasks/config.yml
index cdbd12eceac0872ccf421f00677cc1793fbfdd49..ef063c4967280b4ce5dcf906a5071c44501dbb63 100644
--- a/ansible/roles/mistral/tasks/config.yml
+++ b/ansible/roles/mistral/tasks/config.yml
@@ -7,6 +7,23 @@
when: inventory_hostname in groups[item.value.group]
with_dict: "{{ mistral_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: mistral_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/mistral/"
+ skip: true
+
+- name: Set mistral policy file
+ set_fact:
+ mistral_policy_file: "{{ mistral_policy.results.0.stat.path | basename }}"
+ mistral_policy_file_path: "{{ mistral_policy.results.0.stat.path }}"
+ when:
+ - mistral_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -38,18 +55,15 @@
notify:
- Restart {{ item.key }} container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/mistral/policy.json"
- run_once: True
- register: mistral_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/mistral/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: mistral_policy_jsons
+ src: "{{ mistral_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ mistral_policy_file }}"
+ mode: "0660"
+ become: true
+ register: mistral_policy_overwriting
when:
- - mistral_policy.stat.exists
+ - mistral_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ mistral_services }}"
diff --git a/ansible/roles/mistral/templates/mistral-api.json.j2 b/ansible/roles/mistral/templates/mistral-api.json.j2
index aa565a0fba79467d482e6116a65622d5b733b2dc..34f2406d5d4a465b68a9b585c892159c31a11b6f 100644
--- a/ansible/roles/mistral/templates/mistral-api.json.j2
+++ b/ansible/roles/mistral/templates/mistral-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
"perm": "0600"
- },
+ }{% if mistral_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/mistral/policy.json",
+ "source": "{{ container_config_directory }}/{{ mistral_policy_file }}",
+ "dest": "/etc/mistral/{{ mistral_policy_file }}",
"owner": "mistral",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/mistral/templates/mistral-engine.json.j2 b/ansible/roles/mistral/templates/mistral-engine.json.j2
index 3393d275b11af10cbcd55a5754bcdd35596b365c..358b8e15e0ed9188480ca511b1b2c2ed3936b91b 100644
--- a/ansible/roles/mistral/templates/mistral-engine.json.j2
+++ b/ansible/roles/mistral/templates/mistral-engine.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
"perm": "0600"
- },
+ }{% if mistral_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/mistral/policy.json",
+ "source": "{{ container_config_directory }}/{{ mistral_policy_file }}",
+ "dest": "/etc/mistral/{{ mistral_policy_file }}",
"owner": "mistral",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/mistral/templates/mistral-executor.json.j2 b/ansible/roles/mistral/templates/mistral-executor.json.j2
index 8a1f438e49969f0bd48307431d87f1aa53f9e073..53c792ed32a8144765df7012e1602596984f7d27 100644
--- a/ansible/roles/mistral/templates/mistral-executor.json.j2
+++ b/ansible/roles/mistral/templates/mistral-executor.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
"perm": "0600"
- },
+ }{% if mistral_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/mistral/policy.json",
+ "source": "{{ container_config_directory }}/{{ mistral_policy_file }}",
+ "dest": "/etc/mistral/{{ mistral_policy_file }}",
"owner": "mistral",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/mistral/templates/mistral.conf.j2 b/ansible/roles/mistral/templates/mistral.conf.j2
index 0827e274b339046d1b701a7e0affd9706d4d4cd3..1c63111f484c23a6722a684f19ac4bfda0603373 100644
--- a/ansible/roles/mistral/templates/mistral.conf.j2
+++ b/ansible/roles/mistral/templates/mistral.conf.j2
@@ -57,6 +57,11 @@ default_region = {{ openstack_region_name }}
transport_url = {{ notify_transport_url }}
driver = noop
+{% if mistral_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ mistral_policy_file }}
+{% endif %}
+
{% if enable_osprofiler | bool %}
[profiler]
enabled = true