From e846d487808f22340f7cdc9c38b7b399810ead43 Mon Sep 17 00:00:00 2001 From: Dai Dang Van Date: Mon, 8 Jan 2018 17:19:34 +0700 Subject: [PATCH] Support policy.yaml file [part 6] - Sahara - Searchlight - Senlin - Tacker This will copy only yaml or json policy file if they exist. Change-Id: I97c8bf300f14ae6d7c55c5f8962c5781cee2c40a Implements: blueprint support-custom-policy-yaml Co-authored-By: Duong Ha-Quang --- ansible/roles/sahara/handlers/main.yml | 8 ++--- ansible/roles/sahara/tasks/config.yml | 32 +++++++++++++------ .../roles/sahara/templates/sahara-api.json.j2 | 11 +++---- .../sahara/templates/sahara-engine.json.j2 | 11 +++---- ansible/roles/sahara/templates/sahara.conf.j2 | 6 ++++ ansible/roles/searchlight/handlers/main.yml | 8 ++--- ansible/roles/searchlight/tasks/config.yml | 32 +++++++++++++------ .../templates/searchlight-api.json.j2 | 11 +++---- .../templates/searchlight-listener.json.j2 | 11 +++---- .../searchlight/templates/searchlight.conf.j2 | 5 +++ ansible/roles/senlin/handlers/main.yml | 8 ++--- ansible/roles/senlin/tasks/config.yml | 32 +++++++++++++------ .../roles/senlin/templates/senlin-api.json.j2 | 11 +++---- .../senlin/templates/senlin-engine.json.j2 | 11 +++---- ansible/roles/senlin/templates/senlin.conf.j2 | 5 +++ ansible/roles/tacker/handlers/main.yml | 8 ++--- ansible/roles/tacker/tasks/config.yml | 32 +++++++++++++------ .../tacker/templates/tacker-conductor.json.j2 | 11 +++---- .../tacker/templates/tacker-server.json.j2 | 11 +++---- ansible/roles/tacker/templates/tacker.conf.j2 | 5 +++ 20 files changed, 165 insertions(+), 104 deletions(-) diff --git a/ansible/roles/sahara/handlers/main.yml b/ansible/roles/sahara/handlers/main.yml index 0dbec54fc7..d45993426c 100644 --- a/ansible/roles/sahara/handlers/main.yml +++ b/ansible/roles/sahara/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ sahara_services[service_name] }}" config_json: "{{ sahara_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" sahara_conf: "{{ sahara_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ sahara_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ sahara_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" sahara_api_container: "{{ check_sahara_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or sahara_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or sahara_api_container.changed | bool - name: Restart sahara-engine container @@ -28,7 +28,7 @@ service: "{{ sahara_services[service_name] }}" config_json: "{{ sahara_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" sahara_conf: "{{ sahara_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ sahara_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ sahara_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" sahara_engine_container: "{{ check_sahara_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -43,5 +43,5 @@ - service.enabled | bool - config_json.changed | bool or sahara_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or sahara_engine_container.changed | bool diff --git a/ansible/roles/sahara/tasks/config.yml b/ansible/roles/sahara/tasks/config.yml index fdca318b18..c6d2ddae1d 100644 --- a/ansible/roles/sahara/tasks/config.yml +++ b/ansible/roles/sahara/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ sahara_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: sahara_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/sahara/" + skip: true + +- name: Set sahara policy file + set_fact: + sahara_policy_file: "{{ sahara_policy.results.0.stat.path | basename }}" + sahara_policy_file_path: "{{ sahara_policy.results.0.stat.path }}" + when: + - sahara_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -42,18 +59,13 @@ - Restart sahara-api container - Restart sahara-engine container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/sahara/policy.json" - run_once: True - register: sahara_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/sahara/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: sahara_policy_jsons + src: "{{ sahara_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ sahara_policy_file }}" + register: sahara_policy_overwriting when: - - sahara_policy.stat.exists + - sahara_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ sahara_services }}" diff --git a/ansible/roles/sahara/templates/sahara-api.json.j2 b/ansible/roles/sahara/templates/sahara-api.json.j2 index 8b28d30c99..4c0378fda3 100644 --- a/ansible/roles/sahara/templates/sahara-api.json.j2 +++ b/ansible/roles/sahara/templates/sahara-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/sahara/sahara.conf", "owner": "sahara", "perm": "0600" - }, + }{% if sahara_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/sahara/policy.json", + "source": "{{ container_config_directory }}/{{ sahara_policy_file }}", + "dest": "/etc/sahara/{{ sahara_policy_file }}", "owner": "sahara", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/sahara/templates/sahara-engine.json.j2 b/ansible/roles/sahara/templates/sahara-engine.json.j2 index 3e3a70de3b..11f32fa6a9 100644 --- a/ansible/roles/sahara/templates/sahara-engine.json.j2 +++ b/ansible/roles/sahara/templates/sahara-engine.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/sahara/sahara.conf", "owner": "sahara", "perm": "0600" - }, + }{% if sahara_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/sahara/policy.json", + "source": "{{ container_config_directory }}/{{ sahara_policy_file }}", + "dest": "/etc/sahara/{{ sahara_policy_file }}", "owner": "sahara", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/sahara/templates/sahara.conf.j2 b/ansible/roles/sahara/templates/sahara.conf.j2 index 0f4f6617ef..6286aea8a0 100644 --- a/ansible/roles/sahara/templates/sahara.conf.j2 +++ b/ansible/roles/sahara/templates/sahara.conf.j2 @@ -49,5 +49,11 @@ topics = 'notifications' driver = noop {% endif %} +{% if sahara_policy_file is defined %} +[oslo_policy] +policy_file = {{ sahara_policy_file }} +{% endif %} + + [profiler] enabled = False diff --git a/ansible/roles/searchlight/handlers/main.yml b/ansible/roles/searchlight/handlers/main.yml index 715217dee2..485a62bd90 100644 --- a/ansible/roles/searchlight/handlers/main.yml +++ b/ansible/roles/searchlight/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ searchlight_services[service_name] }}" config_json: "{{ searchlight_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" searchlight_conf: "{{ searchlight_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ searchlight_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ searchlight_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" searchlight_api_container: "{{ check_searchlight_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or searchlight_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or searchlight_api_container.changed | bool - name: Restart searchlight-listener container @@ -28,7 +28,7 @@ service: "{{ searchlight_services[service_name] }}" config_json: "{{ searchlight_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" searchlight_conf: "{{ searchlight_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ searchlight_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ searchlight_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" searchlight_listener_container: "{{ check_searchlight_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,5 +42,5 @@ - service.enabled | bool - config_json.changed | bool or searchlight_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or searchlight_listener_container.changed | bool diff --git a/ansible/roles/searchlight/tasks/config.yml b/ansible/roles/searchlight/tasks/config.yml index 129693d8f1..4b968b800b 100644 --- a/ansible/roles/searchlight/tasks/config.yml +++ b/ansible/roles/searchlight/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ searchlight_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: searchlight_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/searchlight/" + skip: true + +- name: Set searchlight policy file + set_fact: + searchlight_policy_file: "{{ searchlight_policy.results.0.stat.path | basename }}" + searchlight_policy_file_path: "{{ searchlight_policy.results.0.stat.path }}" + when: + - searchlight_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -38,18 +55,13 @@ - Restart searchlight-api container - Restart searchlight-listener container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/searchlight/policy.json" - run_once: True - register: searchlight_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/searchlight/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: searchlight_policy_jsons + src: "{{ searchlight_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ searchlight_policy_file }}" + register: searchlight_policy_overwriting when: - - searchlight_policy.stat.exists + - searchlight_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ searchlight_services }}" diff --git a/ansible/roles/searchlight/templates/searchlight-api.json.j2 b/ansible/roles/searchlight/templates/searchlight-api.json.j2 index bab8e9963a..4dc10528e5 100644 --- a/ansible/roles/searchlight/templates/searchlight-api.json.j2 +++ b/ansible/roles/searchlight/templates/searchlight-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/searchlight/searchlight.conf", "owner": "searchlight", "perm": "0600" - }, + }{% if searchlight_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/searchlight/policy.json", + "source": "{{ container_config_directory }}/{{ searchlight_policy_file }}", + "dest": "/etc/searchlight/{{ searchlight_policy_file }}", "owner": "searchlight", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/searchlight/templates/searchlight-listener.json.j2 b/ansible/roles/searchlight/templates/searchlight-listener.json.j2 index 18ec8e51b1..88a631a15d 100644 --- a/ansible/roles/searchlight/templates/searchlight-listener.json.j2 +++ b/ansible/roles/searchlight/templates/searchlight-listener.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/searchlight/searchlight.conf", "owner": "searchlight", "perm": "0600" - }, + }{% if searchlight_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/searchlight/policy.json", + "source": "{{ container_config_directory }}/{{ searchlight_policy_file }}", + "dest": "/etc/searchlight/{{ searchlight_policy_file }}", "owner": "searchlight", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/searchlight/templates/searchlight.conf.j2 b/ansible/roles/searchlight/templates/searchlight.conf.j2 index cd69151b23..2b1ff359c2 100644 --- a/ansible/roles/searchlight/templates/searchlight.conf.j2 +++ b/ansible/roles/searchlight/templates/searchlight.conf.j2 @@ -38,6 +38,11 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi [oslo_messaging_notifications] transport_url = {{ notify_transport_url }} +{% if searchlight_policy_file is defined %} +[oslo_policy] +policy_file = {{ searchlight_policy_file }} +{% endif %} + [service_credentials] auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} diff --git a/ansible/roles/senlin/handlers/main.yml b/ansible/roles/senlin/handlers/main.yml index df0ac9c42c..efd10f592a 100644 --- a/ansible/roles/senlin/handlers/main.yml +++ b/ansible/roles/senlin/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ senlin_services[service_name] }}" config_json: "{{ senlin_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" senlin_conf: "{{ senlin_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ senlin_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ senlin_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" senlin_api_container: "{{ check_senlin_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or senlin_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or senlin_api_container.changed | bool - name: Restart senlin-engine container @@ -28,7 +28,7 @@ service: "{{ senlin_services[service_name] }}" config_json: "{{ senlin_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" senlin_conf: "{{ senlin_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ senlin_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ senlin_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" senlin_engine_container: "{{ check_senlin_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,5 +42,5 @@ - service.enabled | bool - config_json.changed | bool or senlin_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or senlin_engine_container.changed | bool diff --git a/ansible/roles/senlin/tasks/config.yml b/ansible/roles/senlin/tasks/config.yml index fe50e6f78e..a7aeb800e6 100644 --- a/ansible/roles/senlin/tasks/config.yml +++ b/ansible/roles/senlin/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled | bool with_dict: "{{ senlin_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: senlin_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/senlin/" + skip: true + +- name: Set senlin policy file + set_fact: + senlin_policy_file: "{{ senlin_policy.results.0.stat.path | basename }}" + senlin_policy_file_path: "{{ senlin_policy.results.0.stat.path }}" + when: + - senlin_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -42,18 +59,13 @@ - Restart senlin-api container - Restart senlin-engine container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/senlin/policy.json" - run_once: True - register: senlin_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/senlin/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: senlin_policy_jsons + src: "{{ senlin_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ senlin_policy_file }}" + register: senlin_policy_overwriting when: - - senlin_policy.stat.exists + - senlin_policy_file is defined - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ senlin_services }}" diff --git a/ansible/roles/senlin/templates/senlin-api.json.j2 b/ansible/roles/senlin/templates/senlin-api.json.j2 index ce59e5d7ff..91f0e297d2 100644 --- a/ansible/roles/senlin/templates/senlin-api.json.j2 +++ b/ansible/roles/senlin/templates/senlin-api.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/senlin/senlin.conf", "owner": "senlin", "perm": "0600" - }, + }{% if senlin_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/senlin/policy.json", + "source": "{{ container_config_directory }}/{{ senlin_policy_file }}", + "dest": "/etc/senlin/{{ senlin_policy_file }}", "owner": "senlin", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/senlin/templates/senlin-engine.json.j2 b/ansible/roles/senlin/templates/senlin-engine.json.j2 index f05f8f6fe6..3e3c579743 100644 --- a/ansible/roles/senlin/templates/senlin-engine.json.j2 +++ b/ansible/roles/senlin/templates/senlin-engine.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/senlin/senlin.conf", "owner": "senlin", "perm": "0600" - }, + }{% if senlin_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/senlin/policy.json", + "source": "{{ container_config_directory }}/{{ senlin_policy_file }}", + "dest": "/etc/senlin/{{ senlin_policy_file }}", "owner": "senlin", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/senlin/templates/senlin.conf.j2 b/ansible/roles/senlin/templates/senlin.conf.j2 index 0feb603038..cf9c471430 100644 --- a/ansible/roles/senlin/templates/senlin.conf.j2 +++ b/ansible/roles/senlin/templates/senlin.conf.j2 @@ -52,6 +52,11 @@ topics = 'notifications' driver = noop {% endif %} +{% if senlin_policy_file is defined %} +[oslo_policy] +policy_file = {{ senlin_policy_file }} +{% endif %} + {% if enable_osprofiler | bool %} [profiler] enabled = true diff --git a/ansible/roles/tacker/handlers/main.yml b/ansible/roles/tacker/handlers/main.yml index 5cdef69a23..d670bbffb8 100644 --- a/ansible/roles/tacker/handlers/main.yml +++ b/ansible/roles/tacker/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ tacker_services[service_name] }}" config_json: "{{ tacker_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" tacker_conf: "{{ tacker_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ tacker_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ tacker_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" tacker_conductor_container: "{{ check_tacker_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or tacker_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or tacker_conductor_container.changed | bool - name: Restart tacker-server container @@ -28,7 +28,7 @@ service: "{{ tacker_services[service_name] }}" config_json: "{{ tacker_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" tacker_conf: "{{ tacker_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ tacker_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ tacker_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" tacker_server_container: "{{ check_tacker_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -42,5 +42,5 @@ - service.enabled | bool - config_json.changed | bool or tacker_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or tacker_server_container.changed | bool diff --git a/ansible/roles/tacker/tasks/config.yml b/ansible/roles/tacker/tasks/config.yml index df1d20f008..d5b8de471a 100644 --- a/ansible/roles/tacker/tasks/config.yml +++ b/ansible/roles/tacker/tasks/config.yml @@ -9,6 +9,23 @@ - item.value.enabled with_dict: "{{ tacker_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: tacker_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/tacker/" + skip: true + +- name: Set tacker policy file + set_fact: + tacker_policy_file: "{{ tacker_policy.results.0.stat.path | basename }}" + tacker_policy_file_path: "{{ tacker_policy.results.0.stat.path }}" + when: + - tacker_policy.results + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -42,20 +59,15 @@ - Restart tacker-server container - Restart tacker-conductor container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/tacker/policy.json" - run_once: True - register: tacker_policy - -- name: Copying over existing policy.json +- name: Copying over existing policy file template: - src: "{{ node_custom_config }}/tacker/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: tacker_policy_jsons + src: "{{ tacker_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ tacker_policy_file }}" + register: tacker_policy_overwriting when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool - - tacker_policy.stat.exists + - tacker_policy_file is defined with_dict: "{{ tacker_services }}" notify: - Restart tacker-server containers diff --git a/ansible/roles/tacker/templates/tacker-conductor.json.j2 b/ansible/roles/tacker/templates/tacker-conductor.json.j2 index 080a90a018..be013e638f 100644 --- a/ansible/roles/tacker/templates/tacker-conductor.json.j2 +++ b/ansible/roles/tacker/templates/tacker-conductor.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/tacker/tacker.conf", "owner": "tacker", "perm": "0600" - }, + }{% if tacker_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/tacker/policy.json", + "source": "{{ container_config_directory }}/{{ tacker_policy_file }}", + "dest": "/etc/tacker/{{ tacker_policy_file }}", "owner": "tacker", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/tacker/templates/tacker-server.json.j2 b/ansible/roles/tacker/templates/tacker-server.json.j2 index 81a519cf89..fca33cd520 100644 --- a/ansible/roles/tacker/templates/tacker-server.json.j2 +++ b/ansible/roles/tacker/templates/tacker-server.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/tacker/tacker.conf", "owner": "tacker", "perm": "0600" - }, + }{% if tacker_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/tacker/policy.json", + "source": "{{ container_config_directory }}/{{ tacker_policy_file }}", + "dest": "/etc/tacker/{{ tacker_policy_file }}", "owner": "tacker", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/tacker/templates/tacker.conf.j2 b/ansible/roles/tacker/templates/tacker.conf.j2 index b4a53ff947..2300b4cd4d 100644 --- a/ansible/roles/tacker/templates/tacker.conf.j2 +++ b/ansible/roles/tacker/templates/tacker.conf.j2 @@ -62,3 +62,8 @@ topics = notifications {% else %} driver = noop {% endif %} + +{% if tacker_policy_file is defined %} +[oslo_policy] +policy_file = {{ tacker_policy_file }} +{% endif %}