Support policy.yaml file [part 6]

- Sahara
- Searchlight
- Senlin
- Tacker

This will copy only yaml or json policy file if they exist.

Change-Id: I97c8bf300f14ae6d7c55c5f8962c5781cee2c40a
Implements: blueprint support-custom-policy-yaml
Co-authored-By: Duong Ha-Quang <duonghq@vn.fujitsu.com>

ansible/roles/sahara/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ sahara_services[service_name] }}"
     config_json: "{{ sahara_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     sahara_conf: "{{ sahara_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ sahara_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ sahara_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     sahara_api_container: "{{ check_sahara_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or sahara_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or sahara_api_container.changed | bool
 
 - name: Restart sahara-engine container
@@ -28,7 +28,7 @@
     service: "{{ sahara_services[service_name] }}"
     config_json: "{{ sahara_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     sahara_conf: "{{ sahara_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ sahara_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ sahara_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     sahara_engine_container: "{{ check_sahara_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -43,5 +43,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or sahara_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or sahara_engine_container.changed | bool

ansible/roles/sahara/tasks/config.yml

@@ -9,6 +9,23 @@
     - item.value.enabled | bool
   with_dict: "{{ sahara_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: sahara_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/sahara/"
+      skip: true
+
+- name: Set sahara policy file
+  set_fact:
+    sahara_policy_file: "{{ sahara_policy.results.0.stat.path | basename }}"
+    sahara_policy_file_path: "{{ sahara_policy.results.0.stat.path }}"
+  when:
+    - sahara_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -42,18 +59,13 @@
     - Restart sahara-api container
     - Restart sahara-engine container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/sahara/policy.json"
-  run_once: True
-  register: sahara_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/sahara/policy.json"
+    src: "{{ sahara_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ sahara_policy_file }}"
-  register: sahara_policy_jsons
+  register: sahara_policy_overwriting
   when:
-    - sahara_policy.stat.exists
+    - sahara_policy_file is defined
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool
   with_dict: "{{ sahara_services }}"

ansible/roles/sahara/templates/sahara-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/sahara/sahara.conf",
             "owner": "sahara",
             "perm": "0600"
-        },
+        }{% if sahara_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ sahara_policy_file }}",
-            "dest": "/etc/sahara/policy.json",
+            "dest": "/etc/sahara/{{ sahara_policy_file }}",
             "owner": "sahara",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/sahara/templates/sahara-engine.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/sahara/sahara.conf",
             "owner": "sahara",
             "perm": "0600"
-        },
+        }{% if sahara_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ sahara_policy_file }}",
-            "dest": "/etc/sahara/policy.json",
+            "dest": "/etc/sahara/{{ sahara_policy_file }}",
             "owner": "sahara",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/sahara/templates/sahara.conf.j2

@@ -49,5 +49,11 @@ topics = 'notifications'
 driver = noop
 {% endif %}
 
+{% if sahara_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ sahara_policy_file }}
+{% endif %}
+
+
 [profiler]
 enabled = False

ansible/roles/searchlight/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ searchlight_services[service_name] }}"
     config_json: "{{ searchlight_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     searchlight_conf: "{{ searchlight_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ searchlight_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ searchlight_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     searchlight_api_container: "{{ check_searchlight_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or searchlight_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or searchlight_api_container.changed | bool
 
 - name: Restart searchlight-listener container
@@ -28,7 +28,7 @@
     service: "{{ searchlight_services[service_name] }}"
     config_json: "{{ searchlight_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     searchlight_conf: "{{ searchlight_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ searchlight_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ searchlight_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     searchlight_listener_container: "{{ check_searchlight_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -42,5 +42,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or searchlight_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or searchlight_listener_container.changed | bool

ansible/roles/searchlight/tasks/config.yml

@@ -9,6 +9,23 @@
     - item.value.enabled | bool
   with_dict: "{{ searchlight_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: searchlight_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/searchlight/"
+      skip: true
+
+- name: Set searchlight policy file
+  set_fact:
+    searchlight_policy_file: "{{ searchlight_policy.results.0.stat.path | basename }}"
+    searchlight_policy_file_path: "{{ searchlight_policy.results.0.stat.path }}"
+  when:
+    - searchlight_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -38,18 +55,13 @@
     - Restart searchlight-api container
     - Restart searchlight-listener container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/searchlight/policy.json"
-  run_once: True
-  register: searchlight_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/searchlight/policy.json"
+    src: "{{ searchlight_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ searchlight_policy_file }}"
-  register: searchlight_policy_jsons
+  register: searchlight_policy_overwriting
   when:
-    - searchlight_policy.stat.exists
+    - searchlight_policy_file is defined
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool
   with_dict: "{{ searchlight_services }}"

ansible/roles/searchlight/templates/searchlight-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/searchlight/searchlight.conf",
             "owner": "searchlight",
             "perm": "0600"
-        },
+        }{% if searchlight_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ searchlight_policy_file }}",
-            "dest": "/etc/searchlight/policy.json",
+            "dest": "/etc/searchlight/{{ searchlight_policy_file }}",
             "owner": "searchlight",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/searchlight/templates/searchlight-listener.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/searchlight/searchlight.conf",
             "owner": "searchlight",
             "perm": "0600"
-        },
+        }{% if searchlight_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ searchlight_policy_file }}",
-            "dest": "/etc/searchlight/policy.json",
+            "dest": "/etc/searchlight/{{ searchlight_policy_file }}",
             "owner": "searchlight",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/searchlight/templates/searchlight.conf.j2

@@ -38,6 +38,11 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 [oslo_messaging_notifications]
 transport_url = {{ notify_transport_url }}
 
+{% if searchlight_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ searchlight_policy_file }}
+{% endif %}
+
 [service_credentials]
 auth_uri = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}
 auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}

ansible/roles/senlin/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ senlin_services[service_name] }}"
     config_json: "{{ senlin_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     senlin_conf: "{{ senlin_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ senlin_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ senlin_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     senlin_api_container: "{{ check_senlin_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or senlin_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or senlin_api_container.changed | bool
 
 - name: Restart senlin-engine container
@@ -28,7 +28,7 @@
     service: "{{ senlin_services[service_name] }}"
     config_json: "{{ senlin_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     senlin_conf: "{{ senlin_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
-    policy_json: "{{ senlin_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ senlin_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     senlin_engine_container: "{{ check_senlin_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -42,5 +42,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or senlin_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or senlin_engine_container.changed | bool

ansible/roles/senlin/tasks/config.yml

@@ -9,6 +9,23 @@
     - item.value.enabled | bool
   with_dict: "{{ senlin_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: senlin_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/senlin/"
+      skip: true
+
+- name: Set senlin policy file
+  set_fact:
+    senlin_policy_file: "{{ senlin_policy.results.0.stat.path | basename }}"
+    senlin_policy_file_path: "{{ senlin_policy.results.0.stat.path }}"
+  when:
+    - senlin_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -42,18 +59,13 @@
     - Restart senlin-api container
     - Restart senlin-engine container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/senlin/policy.json"
-  run_once: True
-  register: senlin_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/senlin/policy.json"
+    src: "{{ senlin_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ senlin_policy_file }}"
-  register: senlin_policy_jsons
+  register: senlin_policy_overwriting
   when:
-    - senlin_policy.stat.exists
+    - senlin_policy_file is defined
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool
   with_dict: "{{ senlin_services }}"

ansible/roles/senlin/templates/senlin-api.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/senlin/senlin.conf",
             "owner": "senlin",
             "perm": "0600"
-        },
+        }{% if senlin_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ senlin_policy_file }}",
-            "dest": "/etc/senlin/policy.json",
+            "dest": "/etc/senlin/{{ senlin_policy_file }}",
             "owner": "senlin",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/senlin/templates/senlin-engine.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/senlin/senlin.conf",
             "owner": "senlin",
             "perm": "0600"
-        },
+        }{% if senlin_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ senlin_policy_file }}",
-            "dest": "/etc/senlin/policy.json",
+            "dest": "/etc/senlin/{{ senlin_policy_file }}",
             "owner": "senlin",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/senlin/templates/senlin.conf.j2

@@ -52,6 +52,11 @@ topics = 'notifications'
 driver = noop
 {% endif %}
 
+{% if senlin_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ senlin_policy_file }}
+{% endif %}
+
 {% if enable_osprofiler | bool %}
 [profiler]
 enabled = true

ansible/roles/tacker/handlers/main.yml

@@ -5,7 +5,7 @@
     service: "{{ tacker_services[service_name] }}"
     config_json: "{{ tacker_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     tacker_conf: "{{ tacker_confs.results|selectattr('item.key', 'equalto', service_name)|first  }}"
-    policy_json: "{{ tacker_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ tacker_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     tacker_conductor_container: "{{ check_tacker_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
     - service.enabled | bool
     - config_json.changed | bool
       or tacker_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or tacker_conductor_container.changed | bool
 
 - name: Restart tacker-server container
@@ -28,7 +28,7 @@
     service: "{{ tacker_services[service_name] }}"
     config_json: "{{ tacker_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
     tacker_conf: "{{ tacker_confs.results|selectattr('item.key', 'equalto', service_name)|first  }}"
-    policy_json: "{{ tacker_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+    policy_overwriting: "{{ tacker_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
     tacker_server_container: "{{ check_tacker_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
   kolla_docker:
     action: "recreate_or_restart_container"
@@ -42,5 +42,5 @@
     - service.enabled | bool
     - config_json.changed | bool
       or tacker_conf.changed | bool
-      or policy_json.changed | bool
+      or policy_overwriting.changed | bool
       or tacker_server_container.changed | bool

ansible/roles/tacker/tasks/config.yml

@@ -9,6 +9,23 @@
     - item.value.enabled
   with_dict: "{{ tacker_services }}"
 
+- name: Check if policies shall be overwritten
+  local_action: stat path="{{ item }}"
+  run_once: True
+  register: tacker_policy
+  with_first_found:
+    - files: "{{ supported_policy_format_list }}"
+      paths:
+        - "{{ node_custom_config }}/tacker/"
+      skip: true
+
+- name: Set tacker policy file
+  set_fact:
+    tacker_policy_file: "{{ tacker_policy.results.0.stat.path | basename }}"
+    tacker_policy_file_path: "{{ tacker_policy.results.0.stat.path }}"
+  when:
+    - tacker_policy.results
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item.key }}.json.j2"
@@ -42,20 +59,15 @@
     - Restart tacker-server container
     - Restart tacker-conductor container
 
-- name: Check if policies shall be overwritten
+- name: Copying over existing policy file
-  local_action: stat path="{{ node_custom_config }}/tacker/policy.json"
-  run_once: True
-  register: tacker_policy
-
-- name: Copying over existing policy.json
   template:
-    src: "{{ node_custom_config }}/tacker/policy.json"
+    src: "{{ tacker_policy_file_path }}"
-    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
+    dest: "{{ node_config_directory }}/{{ item.key }}/{{ tacker_policy_file }}"
-  register: tacker_policy_jsons
+  register: tacker_policy_overwriting
   when:
     - inventory_hostname in groups[item.value.group]
     - item.value.enabled | bool
-    - tacker_policy.stat.exists
+    - tacker_policy_file is defined
   with_dict: "{{ tacker_services }}"
   notify:
     - Restart tacker-server containers

ansible/roles/tacker/templates/tacker-conductor.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/tacker/tacker.conf",
             "owner": "tacker",
             "perm": "0600"
-        },
+        }{% if tacker_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ tacker_policy_file }}",
-            "dest": "/etc/tacker/policy.json",
+            "dest": "/etc/tacker/{{ tacker_policy_file }}",
             "owner": "tacker",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/tacker/templates/tacker-server.json.j2

@@ -6,14 +6,13 @@
             "dest": "/etc/tacker/tacker.conf",
             "owner": "tacker",
             "perm": "0600"
-        },
+        }{% if tacker_policy_file is defined %},
         {
-            "source": "{{ container_config_directory }}/policy.json",
+            "source": "{{ container_config_directory }}/{{ tacker_policy_file }}",
-            "dest": "/etc/tacker/policy.json",
+            "dest": "/etc/tacker/{{ tacker_policy_file }}",
             "owner": "tacker",
-            "perm": "0600",
+            "perm": "0600"
-            "optional": true
+        }{% endif %}
-        }
     ],
     "permissions": [
         {

ansible/roles/tacker/templates/tacker.conf.j2

@@ -62,3 +62,8 @@ topics = notifications
 {% else %}
 driver = noop
 {% endif %}
+
+{% if tacker_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ tacker_policy_file }}
+{% endif %}