diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 9e43567cb1..3eb02f2938 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -330,6 +330,11 @@ openstack_logging_debug: "False" openstack_region_name: "RegionOne" +# A list of policy file formats that are supported by Oslo.policy +supported_policy_format_list: + - policy.yaml + - policy.json + # In the context of multi-regions, list here the name of all your regions. multiple_regions_names: - "{{ openstack_region_name }}" diff --git a/ansible/roles/aodh/handlers/main.yml b/ansible/roles/aodh/handlers/main.yml index 9cce8c6ba8..1f12b7f87f 100644 --- a/ansible/roles/aodh/handlers/main.yml +++ b/ansible/roles/aodh/handlers/main.yml @@ -5,7 +5,7 @@ service: "{{ aodh_services[service_name] }}" config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_api_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -19,7 +19,7 @@ - service.enabled | bool - config_json.changed | bool or aodh_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or aodh_conf_wsgi.changed | bool or aodh_api_container.changed | bool @@ -29,7 +29,7 @@ service: "{{ aodh_services[service_name] }}" config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_evaluator_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -43,7 +43,7 @@ - service.enabled | bool - config_json.changed | bool or aodh_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or aodh_evaluator_container.changed | bool - name: Restart aodh-listener container @@ -52,7 +52,7 @@ service: "{{ aodh_services[service_name] }}" config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_listener_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -66,7 +66,7 @@ - service.enabled | bool - config_json.changed | bool or aodh_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or aodh_listener_container.changed | bool - name: Restart aodh-notifier container @@ -75,7 +75,7 @@ service: "{{ aodh_services[service_name] }}" config_json: "{{ aodh_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_conf: "{{ aodh_confs.results|selectattr('item.key', 'equalto', service_name)|first }}" - policy_json: "{{ aodh_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}" + policy_overwriting: "{{ aodh_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}" aodh_notifier_container: "{{ check_aodh_containers.results|selectattr('item.key', 'equalto', service_name)|first }}" kolla_docker: action: "recreate_or_restart_container" @@ -89,5 +89,5 @@ - service.enabled | bool - config_json.changed | bool or aodh_conf.changed | bool - or policy_json.changed | bool + or policy_overwriting.changed | bool or aodh_notifier_container.changed | bool diff --git a/ansible/roles/aodh/tasks/config.yml b/ansible/roles/aodh/tasks/config.yml index 36565fcbf4..996fc57f76 100644 --- a/ansible/roles/aodh/tasks/config.yml +++ b/ansible/roles/aodh/tasks/config.yml @@ -9,6 +9,39 @@ - inventory_hostname in groups[item.value.group] with_dict: "{{ aodh_services }}" +- name: Check if policies shall be overwritten + local_action: stat path="{{ item }}" + run_once: True + register: aodh_policy + with_first_found: + - files: "{{ supported_policy_format_list }}" + paths: + - "{{ node_custom_config }}/aodh/" + skip: true + +- name: Set aodh polify file + set_fact: + aodh_policy_file: "{{ aodh_policy.results.0.stat.path | basename }}" + aodh_policy_file_path: "{{ aodh_policy.results.0.stat.path }}" + when: + - aodh_policy.results + +- name: Copying over existing policy file + template: + src: "{{ aodh_policy_file_path }}" + dest: "{{ node_config_directory }}/{{ item.key }}/{{ aodh_policy_file }}" + register: aodh_policy_overwriting + when: + - aodh_policy_file is defined + - inventory_hostname in groups[item.value.group] + - item.value.enabled | bool + with_dict: "{{ aodh_services }}" + notify: + - Restart aodh-api container + - Restart aodh-evaluator container + - Restart aodh-listener container + - Restart aodh-notifier container + - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" @@ -59,27 +92,6 @@ notify: - Restart aodh-api container -- name: Check if policies shall be overwritten - local_action: stat path="{{ node_custom_config }}/aodh/policy.json" - run_once: True - register: aodh_policy - -- name: Copying over existing policy.json - template: - src: "{{ node_custom_config }}/aodh/policy.json" - dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" - register: aodh_policy_jsons - when: - - aodh_policy.stat.exists - - inventory_hostname in groups[item.value.group] - - item.value.enabled | bool - with_dict: "{{ aodh_services }}" - notify: - - Restart aodh-api container - - Restart aodh-evaluator container - - Restart aodh-listener container - - Restart aodh-notifier container - - name: Check aodh containers kolla_docker: action: "compare_container" diff --git a/ansible/roles/aodh/templates/aodh-api.json.j2 b/ansible/roles/aodh/templates/aodh-api.json.j2 index f18d5a5723..f9aa6cdfb0 100644 --- a/ansible/roles/aodh/templates/aodh-api.json.j2 +++ b/ansible/roles/aodh/templates/aodh-api.json.j2 @@ -14,14 +14,13 @@ "dest": "/etc/{{ aodh_dir }}/wsgi-aodh.conf", "owner": "root", "perm": "0600" - }, + }{% if aodh_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/aodh/policy.json", + "source": "{{ container_config_directory }}/{{ aodh_policy_file }}", + "dest": "/etc/aodh/{{ aodh_policy_file }}", "owner": "aodh", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/aodh/templates/aodh-evaluator.json.j2 b/ansible/roles/aodh/templates/aodh-evaluator.json.j2 index 9f9b4aaf6e..995802a8b4 100644 --- a/ansible/roles/aodh/templates/aodh-evaluator.json.j2 +++ b/ansible/roles/aodh/templates/aodh-evaluator.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/aodh/aodh.conf", "owner": "aodh", "perm": "0600" - }, + }{% if aodh_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/aodh/policy.json", + "source": "{{ container_config_directory }}/{{ aodh_policy_file }}", + "dest": "/etc/aodh/{{ aodh_policy_file }}", "owner": "aodh", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/aodh/templates/aodh-listener.json.j2 b/ansible/roles/aodh/templates/aodh-listener.json.j2 index afd2173336..31d1af6c92 100644 --- a/ansible/roles/aodh/templates/aodh-listener.json.j2 +++ b/ansible/roles/aodh/templates/aodh-listener.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/aodh/aodh.conf", "owner": "aodh", "perm": "0600" - }, + }{% if aodh_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/aodh/policy.json", + "source": "{{ container_config_directory }}/{{ aodh_policy_file }}", + "dest": "/etc/aodh/{{ aodh_policy_file }}", "owner": "aodh", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/aodh/templates/aodh-notifier.json.j2 b/ansible/roles/aodh/templates/aodh-notifier.json.j2 index 9ab985bb1b..49339eaa36 100644 --- a/ansible/roles/aodh/templates/aodh-notifier.json.j2 +++ b/ansible/roles/aodh/templates/aodh-notifier.json.j2 @@ -6,14 +6,13 @@ "dest": "/etc/aodh/aodh.conf", "owner": "aodh", "perm": "0600" - }, + }{% if aodh_policy_file is defined %}, { - "source": "{{ container_config_directory }}/policy.json", - "dest": "/etc/aodh/policy.json", + "source": "{{ container_config_directory }}/{{ aodh_policy_file }}", + "dest": "/etc/aodh/{{ aodh_policy_file }}", "owner": "aodh", - "perm": "0600", - "optional": true - } + "perm": "0600" + }{% endif %} ], "permissions": [ { diff --git a/ansible/roles/aodh/templates/aodh.conf.j2 b/ansible/roles/aodh/templates/aodh.conf.j2 index bdd408779c..b16d4fc311 100644 --- a/ansible/roles/aodh/templates/aodh.conf.j2 +++ b/ansible/roles/aodh/templates/aodh.conf.j2 @@ -28,6 +28,10 @@ password = {{ aodh_keystone_password }} auth_url = {{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }} auth_type = password +{% if aodh_policy_file is defined %} +[oslo_policy] +policy_file = {{ aodh_policy_file }} +{% endif %} [service_credentials] auth_url = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3