diff --git a/ansible/roles/trove/handlers/main.yml b/ansible/roles/trove/handlers/main.yml index 30a7768b07..b7d927e12e 100644 --- a/ansible/roles/trove/handlers/main.yml +++ b/ansible/roles/trove/handlers/main.yml @@ -5,6 +5,7 @@ service: "{{ trove_services[service_name] }}" config_json: "{{ trove_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" trove_conf: "{{ trove_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ trove_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" trove_api_container: "{{ check_trove_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" become: true kolla_docker: @@ -20,6 +21,7 @@ - service.enabled | bool - config_json.changed | bool or trove_conf.changed | bool + or policy_overwriting.changed | bool or trove_api_container.changed | bool - name: Restart trove-conductor container @@ -28,6 +30,7 @@ service: "{{ trove_services[service_name] }}" config_json: "{{ trove_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" trove_conf: "{{ trove_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ trove_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" trove_conductor_container: "{{ check_trove_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" become: true kolla_docker: @@ -43,6 +46,7 @@ - service.enabled | bool - config_json.changed | bool or trove_conf.changed | bool + or policy_overwriting.changed | bool or trove_conductor_container.changed | bool - name: Restart trove-taskmanager container @@ -51,6 +55,7 @@ service: "{{ trove_services[service_name] }}" config_json: "{{ trove_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" trove_conf: "{{ trove_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ trove_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" trove_taskmanager_container: "{{ check_trove_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" become: true kolla_docker: @@ -66,4 +71,5 @@ - service.enabled | bool - config_json.changed | bool or trove_conf.changed | bool + or policy_overwriting.changed | bool or trove_taskmanager_container.changed | bool diff --git a/ansible/roles/trove/tasks/config.yml b/ansible/roles/trove/tasks/config.yml index 61160b6226..99b845b78b 100644 --- a/ansible/roles/trove/tasks/config.yml +++ b/ansible/roles/trove/tasks/config.yml @@ -12,6 +12,23 @@ - item.value.enabled | bool with_dict: "{{ trove_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: trove_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/trove/" + skip: true + +- name: Set trove policy file + set_fact: + trove_policy_file: "{{ trove_policy.results.0.stat.path | basename }}" + trove_policy_file_path: "{{ trove_policy.results.0.stat.path }}" + when: + - trove_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -71,6 +88,20 @@ notify: - "Restart {{ item.key }} container" +- name: Copying over existing policy file + template: + src: "{{ trove_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ trove_policy_file }}" + register: trove_policy_overwriting + when: + - trove_policy_file is defined + - inventory_hostname in groups[item.value.group] + with_dict: "{{ trove_services }}" + notify: + - Restart trove-api container + - Restart trove-conductor container + - Restart trove-taskmanager container + - name: Check trove containers become: true kolla_docker: diff --git a/ansible/roles/trove/templates/trove-api.json.j2 b/ansible/roles/trove/templates/trove-api.json.j2 index 01831afbcc..be2acebeae 100644 --- a/ansible/roles/trove/templates/trove-api.json.j2 +++ b/ansible/roles/trove/templates/trove-api.json.j2 @@ -6,7 +6,13 @@ "dest": "/etc/trove/trove.conf", "owner": "trove", "perm": "0600" - } + }{% if trove_policy_file is defined %}, + { + "source": "{{ container_config_directory }}/{{ trove_policy_file }}", + "dest": "/etc/trove/{{ trove_policy_file }}", + "owner": "trove", + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/trove/templates/trove-conductor.json.j2 b/ansible/roles/trove/templates/trove-conductor.json.j2 index 1d5b0601b5..e6ae59c0da 100644 --- a/ansible/roles/trove/templates/trove-conductor.json.j2 +++ b/ansible/roles/trove/templates/trove-conductor.json.j2 @@ -6,7 +6,13 @@ "dest": "/etc/trove/trove-conductor.conf", "owner": "trove", "perm": "0600" - } + }{% if trove_policy_file is defined %}, + { + "source": "{{ container_config_directory }}/{{ trove_policy_file }}", + "dest": "/etc/trove/{{ trove_policy_file }}", + "owner": "trove", + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/trove/templates/trove-taskmanager.json.j2 b/ansible/roles/trove/templates/trove-taskmanager.json.j2 index 41c4321e3e..30288ee748 100644 --- a/ansible/roles/trove/templates/trove-taskmanager.json.j2 +++ b/ansible/roles/trove/templates/trove-taskmanager.json.j2 @@ -6,7 +6,13 @@ "dest": "/etc/trove/trove-taskmanager.conf", "owner": "trove", "perm": "0600" - } + }{% if trove_policy_file is defined %}, + { + "source": "{{ container_config_directory }}/{{ trove_policy_file }}", + "dest": "/etc/trove/{{ trove_policy_file }}", + "owner": "trove", + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/trove/templates/trove.conf.j2 b/ansible/roles/trove/templates/trove.conf.j2 index 76ad8d747d..6dc71f38fe 100644 --- a/ansible/roles/trove/templates/trove.conf.j2 +++ b/ansible/roles/trove/templates/trove.conf.j2 @@ -56,3 +56,8 @@ trace_sqlalchemy = true hmac_keys = {{ osprofiler_secret }} connection_string = {{ osprofiler_backend_connection_string }} {% endif %} + +{% if trove_policy_file is defined %} +[oslo_policy] +policy_file = {{ trove_policy_file }} +{% endif %}