openstack/openstack-ansible-os_ceilometer
Code Issues Proposed changes
780d8d477c
openstack-ansible-os_ceilom.../templates/rootwrap.conf.j2
Jesse Pretorius 9e96b65126 Source template files from git or deploy host 
Instead of sourcing the paste/policy files from the role,
the deploy host will first be checked, then the git source.

The current mechanism uses a lookup, causing the fetch of
the default templates to happen via curl from the deployment
node. This causes problems if the deployment node does not
have access to the repo server web service, which may be the
case in high security environments.

This patch changes the mechanism to only use the lookup
module for the file content that is on the deployment node,
then falls back to using the uri module to fetch the default
content. This ensures that the deployment node does not have
to reach into the environment for the content.

Additionally, the following variables and related tasks are
removed as the files they applied to no longer exist in the
source git repository:
- ceilometer_event_definitions_yaml_overrides
- ceilometer_event_pipeline_yaml_overrides

The pattern applied is the same as that used in the
combination of the following two reference patches:
- https://review.openstack.org/446235
- https://review.openstack.org/463390

The rootwrap.conf template is re-added because it cannot be
used verbatim from the upstream repository. It requires the
addition of the service venv bin in the exec_dirs. A mechanism
to implement this dynamically will be figured out in a later
review along with an implementation which will fetch the
rootwrap files directly from the git source too.

Change-Id: I248910a544f611b590bc93449aea98434802cae3
2017-05-19 16:12:28 +00:00

28 lines
1004 B
Django/Jinja
Raw Blame History

# Configuration for ceilometer-rootwrap
# This file should be owned by (and only-writeable by) the root user
[DEFAULT]
# List of directories to load filter definitions from (separated by ',').
# These directories MUST all be only writeable by root !
filters_path=/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap
# List of directories to search executables in, in case filters do not
# explicitely specify a full path (separated by ',')
# If not specified, defaults to system PATH environment variable.
# These directories MUST all be only writeable by root !
exec_dirs={{ ceilometer_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin
# Enable logging to syslog
# Default value is False
use_syslog=False
# Which syslog facility to use.
# Valid values include auth, authpriv, syslog, user0, user1...
# Default value is 'syslog'
syslog_log_facility=syslog
# Which messages to log.
# INFO means log all usage
# ERROR means only log unsuccessful attempts
syslog_log_level=ERROR
View Git Blame Copy Permalink