Source template files from git or deploy host
Instead of sourcing the paste/policy files from the role,
the deploy host will first be checked, then the git source.
The current mechanism uses a lookup, causing the fetch of
the default templates to happen via curl from the deployment
node. This causes problems if the deployment node does not
have access to the repo server web service, which may be the
case in high security environments.
This patch changes the mechanism to only use the lookup
module for the file content that is on the deployment node,
then falls back to using the uri module to fetch the default
content. This ensures that the deployment node does not have
to reach into the environment for the content.
The pattern applied is the same as that used in the
combination of the following two reference patches:
- https://review.openstack.org/446235
- https://review.openstack.org/463390
The rootwrap.conf template is re-added because it cannot be
used verbatim from the upstream repository. It requires the
addition of the service venv bin in the exec_dirs. A mechanism
to implement this dynamically will be figured out in a later
review along with an implementation which will fetch the
rootwrap files directly from the git source too.
Conflicts:
defaults/main.yml
tasks/ceilometer_post_install.yml
Change-Id: I248910a544f611b590bc93449aea98434802cae3
(cherry picked from commit 9e96b65126
)
This commit is contained in:
parent
9641155f61
commit
b4fa7cfc85
@ -27,7 +27,6 @@ ceilometer_developer_mode: false
|
||||
## The git source/branch
|
||||
ceilometer_git_repo: https://git.openstack.org/openstack/ceilometer
|
||||
ceilometer_git_install_branch: stable/ocata
|
||||
ceilometer_git_config_lookup_location: https://git.openstack.org/cgit/openstack/ceilometer/plain/
|
||||
|
||||
## The packages to build from source (used in developer mode)
|
||||
ceilometer_developer_constraints:
|
||||
@ -194,18 +193,47 @@ ceilometer_required_secrets:
|
||||
# by the py_pkgs lookup.
|
||||
ceilometer_role_project_group: ceilometer_all
|
||||
|
||||
## Tunable overrides
|
||||
ceilometer_policy_overrides: {}
|
||||
ceilometer_rootwrap_conf_overrides: {}
|
||||
ceilometer_ceilometer_conf_overrides: {}
|
||||
#: Tunable file-based overrides
|
||||
# The contents of these files, if they exist, are read from the
|
||||
# specified path on the deployment host, interpreted by the
|
||||
# template engine and copied to the target host. If they do
|
||||
# not exist then the default files will be sourced from the
|
||||
# service git repository.
|
||||
ceilometer_api_paste_default_file_path: "/etc/openstack_deploy/ceilometer/api_paste.ini"
|
||||
ceilometer_event_definitions_default_file_path: "/etc/openstack_deploy/ceilometer/event_definitions.yaml"
|
||||
ceilometer_event_pipeline_default_file_path: "/etc/openstack_deploy/ceilometer/event_pipeline.yaml"
|
||||
ceilometer_gnocchi_resources_default_file_path: "/etc/openstack_deploy/ceilometer/gnocchi_resources.yaml"
|
||||
ceilometer_loadbalancer_v2_meter_definitions_default_file_path: "/etc/openstack_deploy/ceilometer/loadbalancer_v2_meter_definitions.yaml"
|
||||
ceilometer_osprofiler_event_definitions_default_file_path: "/etc/openstack_deploy/ceilometer/osprofiler_event_definitions.yaml"
|
||||
ceilometer_policy_default_file_path: "/etc/openstack_deploy/ceilometer/policy.json"
|
||||
ceilometer_polling_default_file_path: "/etc/openstack_deploy/ceilometer/polling.yaml"
|
||||
|
||||
# If the above-mentioned files do not exist, then these
|
||||
# paths will be used to find the files from the git config
|
||||
# lookup location.
|
||||
ceilometer_git_config_lookup_location: https://git.openstack.org/cgit/openstack/ceilometer/plain
|
||||
ceilometer_api_paste_git_file_path: "etc/ceilometer/api_paste.ini?h={{ ceilometer_git_install_branch }}"
|
||||
ceilometer_event_definitions_git_file_path: "etc/ceilometer/event_definitions.yaml?h={{ ceilometer_git_install_branch }}"
|
||||
ceilometer_event_pipeline_git_file_path: "etc/ceilometer/event_pipeline.yaml?h={{ ceilometer_git_install_branch }}"
|
||||
ceilometer_gnocchi_resources_git_file_path: "ceilometer/dispatcher/data/gnocchi_resources.yaml?h={{ ceilometer_git_install_branch }}"
|
||||
ceilometer_loadbalancer_v2_meter_definitions_git_file_path: "etc/ceilometer/examples/loadbalancer_v2_meter_definitions.yaml?h={{ ceilometer_git_install_branch }}"
|
||||
ceilometer_osprofiler_event_definitions_git_file_path: "etc/ceilometer/examples/osprofiler_event_definitions.yaml?h={{ ceilometer_git_install_branch }}"
|
||||
ceilometer_policy_git_file_path: "etc/ceilometer/policy.json?h={{ ceilometer_git_install_branch }}"
|
||||
ceilometer_polling_git_file_path: "etc/ceilometer/polling.yaml?h={{ ceilometer_git_install_branch }}"
|
||||
|
||||
## Tunable var-based overrides
|
||||
# The contents of these are templated over the default files.
|
||||
ceilometer_api_paste_ini_overrides: {}
|
||||
ceilometer_ceilometer_conf_overrides: {}
|
||||
ceilometer_event_definitions_yaml_overrides: {}
|
||||
ceilometer_event_pipeline_yaml_overrides: {}
|
||||
ceilometer_pipeline_yaml_overrides: {}
|
||||
# The incorrectly spelled "ceilometer_gnocci_resources_yaml_overrides" is deprecated and
|
||||
# will be removed in Pike.
|
||||
ceilometer_gnocci_resources_yaml_overrides: {}
|
||||
ceilometer_gnocchi_resources_yaml_overrides: "{{ ceilometer_gnocci_resources_yaml_overrides }}"
|
||||
ceilometer_osprofiler_event_definitions_yaml_overrides: {}
|
||||
ceilometer_loadbalancer_v2_meter_definitions_yaml_overrides: {}
|
||||
ceilometer_osprofiler_event_definitions_yaml_overrides: {}
|
||||
ceilometer_pipeline_yaml_overrides: {}
|
||||
ceilometer_policy_overrides: {}
|
||||
ceilometer_polling_yaml_overrides: {}
|
||||
ceilometer_rootwrap_conf_overrides: {}
|
||||
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
features:
|
||||
- The ``os_ceilometer`` role now includes a facility where you
|
||||
can place your own templates in ``/etc/openstack_deploy/ceilometer``
|
||||
(by default) and it will be deployed to the target host after being
|
||||
interpreted by the template engine. If no file is found there, the
|
||||
fallback of the git sourced template is used.
|
@ -13,13 +13,29 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Copy ceilometer config
|
||||
- name: Retrieve default configuration files
|
||||
uri:
|
||||
url: "{{ item }}"
|
||||
return_content: yes
|
||||
with_items:
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_api_paste_git_file_path }}"
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_event_definitions_git_file_path }}"
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_event_pipeline_git_file_path }}"
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_gnocchi_resources_git_file_path }}"
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_loadbalancer_v2_meter_definitions_git_file_path }}"
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_osprofiler_event_definitions_git_file_path }}"
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_policy_git_file_path }}"
|
||||
- "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_polling_git_file_path }}"
|
||||
register: _git_file_fetch
|
||||
|
||||
- name: Copy ceilometer configuration files
|
||||
config_template:
|
||||
src: "{{ item.src }}"
|
||||
content: "{{ item.content | default(omit) }}"
|
||||
src: "{{ item.src | default(omit) }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner|default(ceilometer_system_user_name) }}"
|
||||
group: "{{ item.group|default(ceilometer_system_group_name) }}"
|
||||
mode: "0644"
|
||||
owner: "{{ item.owner | default(ceilometer_system_user_name) }}"
|
||||
group: "{{ item.group | default(ceilometer_system_group_name) }}"
|
||||
mode: "{{ item.mode | default('0644') }}"
|
||||
config_overrides: "{{ item.config_overrides }}"
|
||||
config_type: "{{ item.config_type }}"
|
||||
list_extend: "{{ item.list_extend | default(omit) }}"
|
||||
@ -33,67 +49,48 @@
|
||||
config_overrides: "{{ ceilometer_pipeline_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
notify:
|
||||
- Restart ceilometer services
|
||||
- Restart web server
|
||||
|
||||
- name: Retrieve and config_template upstream files
|
||||
config_template:
|
||||
content: "{{ lookup('pipe', 'curl ' ~ ceilometer_git_config_lookup_location ~ item.path | default('etc/ceilometer/') ~ item.name + '?h=' ~ ceilometer_git_install_branch) | string }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: "{{ item.owner | default(ceilometer_system_user_name ) }}"
|
||||
group: "{{ item.group | default(ceilometer_system_group_name) }}"
|
||||
config_overrides: "{{ item.config_overrides }}"
|
||||
config_type: "{{ item.config_type }}"
|
||||
list_extend: "{{ item.list_extend | default(omit) }}"
|
||||
with_items:
|
||||
- name: "gnocchi_resources.yaml"
|
||||
dest: "/etc/ceilometer/gnocchi_resources.yaml"
|
||||
config_overrides: "{{ ceilometer_gnocchi_resources_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
path: "ceilometer/dispatcher/data/"
|
||||
- name: "rootwrap.conf"
|
||||
- src: "rootwrap.conf.j2"
|
||||
dest: "/etc/ceilometer/rootwrap.conf"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
config_overrides: "{{ ceilometer_rootwrap_conf_overrides }}"
|
||||
config_type: "ini"
|
||||
- name: "api_paste.ini"
|
||||
dest: "/etc/ceilometer/api_paste.ini"
|
||||
- dest: "/etc/ceilometer/api_paste.ini"
|
||||
config_overrides: "{{ ceilometer_api_paste_ini_overrides }}"
|
||||
config_type: "ini"
|
||||
- name: "event_pipeline.yaml"
|
||||
dest: "/etc/ceilometer/event_pipeline.yaml"
|
||||
config_overrides: "{{ ceilometer_event_pipeline_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
- name: "event_definitions.yaml"
|
||||
dest: "/etc/ceilometer/event_definitions.yaml"
|
||||
content: "{{ ceilometer_api_paste_user_content | default(ceilometer_api_paste_default_content, true) }}"
|
||||
- dest: "/etc/ceilometer/event_definitions.yaml"
|
||||
config_overrides: "{{ ceilometer_event_definitions_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
- name: "osprofiler_event_definitions.yaml"
|
||||
dest: "/etc/ceilometer/osprofiler_event_definitions.yaml"
|
||||
config_overrides: "{{ ceilometer_osprofiler_event_definitions_yaml_overrides }}"
|
||||
content: "{{ ceilometer_event_definitions_user_content | default(ceilometer_event_definitions_default_content, true) }}"
|
||||
- dest: "/etc/ceilometer/event_pipeline.yaml"
|
||||
config_overrides: "{{ ceilometer_event_pipeline_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
content: "{{ ceilometer_event_pipeline_user_content | default(ceilometer_event_pipeline_default_content, true) }}"
|
||||
- dest: "/etc/ceilometer/gnocchi_resources.yaml"
|
||||
config_overrides: "{{ ceilometer_gnocchi_resources_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
path: "etc/ceilometer/examples/"
|
||||
- name: "loadbalancer_v2_meter_definitions.yaml"
|
||||
dest: "/etc/ceilometer/loadbalancer_v2_meter_definitions.yaml"
|
||||
content: "{{ ceilometer_gnocchi_resources_user_content | default(ceilometer_gnocchi_resources_default_content, true) }}"
|
||||
- dest: "/etc/ceilometer/loadbalancer_v2_meter_definitions.yaml"
|
||||
config_overrides: "{{ ceilometer_loadbalancer_v2_meter_definitions_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
path: "etc/ceilometer/examples/"
|
||||
- name: "policy.json"
|
||||
dest: "/etc/ceilometer/policy.json-{{ ceilometer_venv_tag }}"
|
||||
content: "{{ ceilometer_loadbalancer_v2_meter_definitions_user_content | default(ceilometer_loadbalancer_v2_meter_definitions_default_content, true) }}"
|
||||
- dest: "/etc/ceilometer/osprofiler_event_definitions.yaml"
|
||||
config_overrides: "{{ ceilometer_osprofiler_event_definitions_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
content: "{{ ceilometer_osprofiler_event_definitions_user_content | default(ceilometer_osprofiler_event_definitions_default_content, true) }}"
|
||||
- dest: "/etc/ceilometer/policy.json-{{ ceilometer_venv_tag }}"
|
||||
config_overrides: "{{ ceilometer_policy_overrides }}"
|
||||
config_type: "json"
|
||||
- name: "polling.yaml"
|
||||
dest: "/etc/ceilometer/polling.yaml"
|
||||
content: "{{ ceilometer_policy_user_content | default(ceilometer_policy_default_content, true) }}"
|
||||
- dest: "/etc/ceilometer/polling.yaml"
|
||||
config_overrides: "{{ ceilometer_polling_yaml_overrides }}"
|
||||
config_type: "yaml"
|
||||
list_extend: false
|
||||
content: "{{ ceilometer_polling_user_content | default(ceilometer_polling_default_content, true) }}"
|
||||
notify:
|
||||
- Restart ceilometer services
|
||||
- Restart web server
|
||||
|
27
templates/rootwrap.conf.j2
Normal file
27
templates/rootwrap.conf.j2
Normal file
@ -0,0 +1,27 @@
|
||||
# Configuration for ceilometer-rootwrap
|
||||
# This file should be owned by (and only-writeable by) the root user
|
||||
|
||||
[DEFAULT]
|
||||
# List of directories to load filter definitions from (separated by ',').
|
||||
# These directories MUST all be only writeable by root !
|
||||
filters_path=/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap
|
||||
|
||||
# List of directories to search executables in, in case filters do not
|
||||
# explicitely specify a full path (separated by ',')
|
||||
# If not specified, defaults to system PATH environment variable.
|
||||
# These directories MUST all be only writeable by root !
|
||||
exec_dirs={{ ceilometer_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin
|
||||
|
||||
# Enable logging to syslog
|
||||
# Default value is False
|
||||
use_syslog=False
|
||||
|
||||
# Which syslog facility to use.
|
||||
# Valid values include auth, authpriv, syslog, user0, user1...
|
||||
# Default value is 'syslog'
|
||||
syslog_log_facility=syslog
|
||||
|
||||
# Which messages to log.
|
||||
# INFO means log all usage
|
||||
# ERROR means only log unsuccessful attempts
|
||||
syslog_log_level=ERROR
|
42
vars/main.yml
Normal file
42
vars/main.yml
Normal file
@ -0,0 +1,42 @@
|
||||
---
|
||||
# Copyright 2017, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# These vars find a file on the deployment node, if it exists - otherwise the result is empty.
|
||||
ceilometer_api_paste_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_api_paste_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
ceilometer_event_definitions_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_event_definitions_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
ceilometer_event_pipeline_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_event_pipeline_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
ceilometer_gnocchi_resources_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_gnocchi_resources_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
ceilometer_loadbalancer_v2_meter_definitions_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_loadbalancer_v2_meter_definitions_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
ceilometer_osprofiler_event_definitions_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_osprofiler_event_definitions_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
ceilometer_policy_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_policy_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
ceilometer_polling_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_polling_default_file_path ~ ' 2>/dev/null || true') }}"
|
||||
|
||||
# These vars find the appropriate result content from the with_items loop
|
||||
ceilometer_api_paste_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_api_paste_git_file_path) | map(attribute='content') | first }}
|
||||
ceilometer_event_definitions_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_event_definitions_git_file_path) | map(attribute='content') | first }}
|
||||
ceilometer_event_pipeline_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_event_pipeline_git_file_path) | map(attribute='content') | first }}
|
||||
ceilometer_gnocchi_resources_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_gnocchi_resources_git_file_path) | map(attribute='content') | first }}
|
||||
ceilometer_loadbalancer_v2_meter_definitions_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_loadbalancer_v2_meter_definitions_git_file_path) | map(attribute='content') | first }}
|
||||
ceilometer_osprofiler_event_definitions_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_osprofiler_event_definitions_git_file_path) | map(attribute='content') | first }}
|
||||
ceilometer_policy_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_policy_git_file_path) | map(attribute='content') | first }}
|
||||
ceilometer_polling_default_content: |
|
||||
{{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_polling_git_file_path) | map(attribute='content') | first }}
|
Loading…
Reference in New Issue
Block a user