3c9e9beaf2
With changes inside Designate merged about policy-incode, there is no longer a default policy.json file in the venv, so we need to change how we implement the file, and should only do so if there is a config override configured for it. If there is no policy override configured, but a policy.json file is present, then it's likely left over from a previous build. To ensure that we do not carry legacy configuration files which override the policy-in-code we remove the legacy file. This is done on restart to ensure that the policy still applies until the code is updated. Change-Id: Iea4d2029723529444b93d7deca58824e592d0e0f
74 lines
2.1 KiB
YAML
74 lines
2.1 KiB
YAML
---
|
|
# Copyright 2016, Tata Consultancy Services
|
|
# Copyright 2015, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Stop services
|
|
systemd:
|
|
name: "{{ item.service_name }}"
|
|
state: "stopped"
|
|
with_items: "{{ filtered_designate_services }}"
|
|
register: _stop
|
|
until: _stop is success
|
|
retries: 5
|
|
delay: 2
|
|
listen:
|
|
- "Restart designate services"
|
|
- "venv changed"
|
|
|
|
# Note (odyssey4me):
|
|
# The policy.json file is currently read continually by the services
|
|
# and is not only read on service start. We therefore cannot template
|
|
# directly to the file read by the service because the new policies
|
|
# may not be valid until the service restarts. This is particularly
|
|
# important during a major upgrade. We therefore only put the policy
|
|
# file in place after the service has been stopped.
|
|
#
|
|
- name: Copy new policy file into place
|
|
copy:
|
|
src: "/etc/designate/policy.json-{{ designate_venv_tag }}"
|
|
dest: "/etc/designate/policy.json"
|
|
owner: "root"
|
|
group: "{{ designate_system_group_name }}"
|
|
mode: "0640"
|
|
remote_src: yes
|
|
when:
|
|
- designate_policy_overrides != {}
|
|
listen:
|
|
- "Restart designate services"
|
|
- "venv changed"
|
|
|
|
- name: Remove legacy policy.json file
|
|
file:
|
|
path: "/etc/designate/policy.json"
|
|
state: absent
|
|
when:
|
|
- designate_policy_overrides == {}
|
|
listen:
|
|
- "Restart designate services"
|
|
- "venv changed"
|
|
|
|
- name: Start services
|
|
systemd:
|
|
name: "{{ item.service_name }}"
|
|
state: "started"
|
|
with_items: "{{ filtered_designate_services }}"
|
|
register: _start
|
|
until: _start is success
|
|
retries: 5
|
|
delay: 2
|
|
listen:
|
|
- "Restart designate services"
|
|
- "venv changed"
|