Support Neutron policy file in both .json and .yaml format

Change-Id: I22a995195a1d12bb759cba9777527c23475124f2
This commit is contained in:
Scott Solkhon 2020-01-15 10:54:30 +00:00
parent cee03f4b00
commit 92deddca88
13 changed files with 112 additions and 114 deletions

View File

@ -34,6 +34,39 @@
notify: notify:
- "Restart {{ item.key }} container" - "Restart {{ item.key }} container"
- name: Check if policies shall be overwritten
stat:
path: "{{ item }}"
delegate_to: localhost
run_once: True
register: neutron_policy
with_first_found:
- files: "{{ supported_policy_format_list }}"
paths:
- "{{ node_custom_config }}/neutron/"
skip: true
- name: Set neutron policy file
set_fact:
neutron_policy_file: "{{ neutron_policy.results.0.stat.path | basename }}"
neutron_policy_file_path: "{{ neutron_policy.results.0.stat.path }}"
when:
- neutron_policy.results
- name: Copying over existing policy file
template:
src: "{{ neutron_policy_file_path }}"
dest: "{{ node_config_directory }}/{{ item.key }}/{{ neutron_policy_file }}"
mode: "0660"
become: true
when:
- neutron_policy_file is defined
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copying over config.json files for services - name: Copying over config.json files for services
become: true become: true
template: template:
@ -351,13 +384,6 @@
notify: notify:
- "Restart {{ service_name }} container" - "Restart {{ service_name }} container"
- name: Check if policies shall be overwritten
stat:
path: "{{ node_custom_config }}/neutron/policy.json"
delegate_to: localhost
run_once: True
register: neutron_policy
- name: Copying over nsx.ini - name: Copying over nsx.ini
vars: vars:
service_name: "neutron-server" service_name: "neutron-server"
@ -376,33 +402,6 @@
notify: notify:
- "Restart {{ service_name }} container" - "Restart {{ service_name }} container"
- name: Copying over existing policy.json
become: true
vars:
service_name: "{{ item.key }}"
services_need_policy_json:
- "neutron-dhcp-agent"
- "neutron-l3-agent"
- "neutron-linuxbridge-agent"
- "neutron-metadata-agent"
- "neutron-metering-agent"
- "neutron-openvswitch-agent"
- "neutron-openvswitch-agent-xenapi"
- "neutron-server"
- "neutron-bgp-dragent"
- "neutron-sriov-agent"
template:
src: "{{ node_custom_config }}/neutron/policy.json"
dest: "{{ node_config_directory }}/{{ service_name }}/policy.json"
mode: "0660"
when:
- neutron_policy.stat.exists
- item.value.enabled | bool
- item.value.host_in_groups | bool
with_dict: "{{ neutron_services }}"
notify:
- "Restart {{ item.key }} container"
- name: Copy neutron-l3-agent-wrapper script - name: Copy neutron-l3-agent-wrapper script
become: true become: true
vars: vars:

View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/bgp_dragent.ini", "dest": "/etc/neutron/bgp_dragent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -18,14 +18,13 @@
"dest": "/etc/neutron/dnsmasq.conf", "dest": "/etc/neutron/dnsmasq.conf",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -30,14 +30,13 @@
"dest": "/etc/neutron/l3_agent.ini", "dest": "/etc/neutron/l3_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -7,12 +7,12 @@
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },
{ {% if neutron_policy_file is defined %}{
"source": "{{ container_config_directory }}/linuxbridge_agent.ini", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{ {
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}", "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@ -22,11 +22,10 @@
}, },
{% endfor %}{% endif %} {% endfor %}{% endif %}
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/linuxbridge_agent.ini",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/plugins/ml2/linuxbridge_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true
} }
], ],
"permissions": [ "permissions": [

View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/metadata_agent.ini", "dest": "/etc/neutron/metadata_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/metering_agent.ini", "dest": "/etc/neutron/metering_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini", "dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -7,12 +7,6 @@
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },
{
"source": "{{ container_config_directory }}/openvswitch_agent.ini",
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
"perm": "0600"
},
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} {% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{ {
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}", "source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
@ -21,12 +15,17 @@
"perm": "0600" "perm": "0600"
}, },
{% endfor %}{% endif %} {% endfor %}{% endif %}
{ {% if neutron_policy_file is defined %}{
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true },{% endif %}
{
"source": "{{ container_config_directory }}/openvswitch_agent.ini",
"dest": "/etc/neutron/plugins/ml2/openvswitch_agent.ini",
"owner": "neutron",
"perm": "0600"
} }
], ],
"permissions": [ "permissions": [

View File

@ -19,27 +19,13 @@
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },
{ {% if neutron_policy_file is defined %}{
"source": "{{ container_config_directory }}/ml2_conf.ini", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, },{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %} {% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%}
{
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
"dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}",
"owner": "neutron",
"perm": "0600"
},
{% endfor %}{% endif %}
{
"source": "{{ container_config_directory }}/policy.json",
"dest": "/etc/neutron/policy.json",
"owner": "neutron",
"perm": "0600",
"optional": true
}{% if neutron_plugin_agent in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs'] -%},
{ {
"source": "{{ container_config_directory }}/nsx.ini", "source": "{{ container_config_directory }}/nsx.ini",
"dest": "/etc/neutron/plugins/vmware/nsx.ini", "dest": "/etc/neutron/plugins/vmware/nsx.ini",
@ -47,6 +33,19 @@
"optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }}, "optional": {{ (neutron_plugin_agent not in ['vmware_nsxv', 'vmware_nsxv3', 'vmware_dvs']) | string | lower }},
"perm": "0600" "perm": "0600"
}{% endif %} }{% endif %}
{% if check_extra_ml2_plugins is defined and check_extra_ml2_plugins.matched > 0 %}{% for plugin in check_extra_ml2_plugins.files %}
{
"source": "{{ container_config_directory }}/{{ plugin.path | basename }}",
"dest": "/etc/neutron/plugins/ml2/{{ plugin.path | basename }}",
"owner": "neutron",
"perm": "0600"
},{% endfor %}{% endif %}
{
"source": "{{ container_config_directory }}/ml2_conf.ini",
"dest": "/etc/neutron/plugins/ml2/ml2_conf.ini",
"owner": "neutron",
"perm": "0600"
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -12,14 +12,13 @@
"dest": "/etc/neutron/plugins/ml2/sriov_agent.ini", "dest": "/etc/neutron/plugins/ml2/sriov_agent.ini",
"owner": "neutron", "owner": "neutron",
"perm": "0600" "perm": "0600"
}, }{% if neutron_policy_file is defined %},
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/{{ neutron_policy_file }}",
"dest": "/etc/neutron/policy.json", "dest": "/etc/neutron/{{ neutron_policy_file }}",
"owner": "neutron", "owner": "neutron",
"perm": "0600", "perm": "0600"
"optional": true }{% endif %}
}
], ],
"permissions": [ "permissions": [
{ {

View File

@ -124,6 +124,11 @@ topics = {{ neutron_enabled_notification_topics | map(attribute='name') | join('
driver = noop driver = noop
{% endif %} {% endif %}
{% if neutron_policy_file is defined %}
[oslo_policy]
policy_file = {{ neutron_policy_file }}
{% endif %}
{% if enable_neutron_sfc | bool %} {% if enable_neutron_sfc | bool %}
[sfc] [sfc]
drivers = ovs drivers = ovs

View File

@ -0,0 +1,4 @@
---
features:
- |
Adds support for the Neutron policy file in both .json and .yaml format.