--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Deploy Glance configuration files openstack.config_template.config_template: src: "{{ item.src | default(omit) }}" content: "{{ item.content | default(omit) }}" dest: "{{ item.dest }}" owner: "root" group: "{{ glance_system_group_name }}" mode: "0640" config_overrides: "{{ item.config_overrides }}" config_type: "{{ item.config_type }}" when: item.condition | default(True) with_items: - src: "glance-api.conf.j2" dest: "{{ glance_etc_dir }}/glance-api.conf" config_overrides: "{{ glance_glance_api_conf_overrides }}" config_type: "ini" - src: "glance-cache.conf.j2" dest: "{{ glance_etc_dir }}/glance-cache.conf" config_overrides: "{{ glance_glance_cache_conf_overrides }}" config_type: "ini" - src: "glance-manage.conf.j2" dest: "{{ glance_etc_dir }}/glance-manage.conf" config_overrides: "{{ glance_glance_manage_conf_overrides }}" config_type: "ini" - src: "glance-scrubber.conf.j2" dest: "{{ glance_etc_dir }}/glance-scrubber.conf" config_overrides: "{{ glance_glance_scrubber_conf_overrides }}" config_type: "ini" - src: "glance-swift-store.conf.j2" dest: "{{ glance_etc_dir }}/glance-swift-store.conf" config_overrides: "{{ glance_glance_swift_store_conf_overrides }}" config_type: "ini" - src: "schema-image.json.j2" dest: "{{ glance_etc_dir }}/schema-image.json" config_overrides: "{{ glance_glance_scheme_json_overrides }}" config_type: "json" notify: - Restart glance services - Restart uwsgi services - name: Place policy.yaml file openstack.config_template.config_template: dest: "{{ glance_etc_dir }}/{{ glance_policy_file }}" config_overrides: "{{ glance_policy_overrides }}" config_type: "yaml" owner: "root" group: "{{ glance_system_group_name }}" mode: "0640" content: "{{ glance_policy_content }}" tags: - glance-policy-override - name: Implement property protection openstack.config_template.config_template: dest: "{{ glance_etc_dir }}/{{ glance_property_protection_file }}" config_type: "ini" owner: "root" group: "{{ glance_system_group_name }}" mode: "0640" config_overrides: "{{ glance_property_protection_file_overrides }}" when: glance_property_protection_file_overrides | length > 0 tags: - glance-property-protection notify: - Restart glance services - Restart uwsgi services - name: Deploy Glance image import configuration file ansible.builtin.template: src: "{{ glance_glance_image_import_conf_location }}" dest: "{{ glance_etc_dir }}/glance-image-import.conf" mode: "0640" owner: root group: "{{ glance_system_group_name }}" when: glance_glance_image_import_conf_location is defined notify: - Restart glance services - Restart uwsgi services # NOTE(cloudnull): This is using "cp" instead of copy with a remote_source # because we only want to copy the original files once. and we # don't want to need multiple tasks. - name: Preserve original configuration file(s) ansible.builtin.command: "cp {{ item.target_f }} {{ item.target_f }}.original" args: creates: "{{ item.target_f }}.original" with_items: "{{ glance_core_files }}" - name: Fetch override files ansible.builtin.fetch: src: "{{ item.target_f }}" dest: "{{ item.tmp_f }}" flat: true changed_when: false run_once: true check_mode: false with_items: "{{ glance_core_files }}" - name: Copy common config openstack.config_template.config_template: src: "{{ item.tmp_f }}" dest: "{{ item.target_f_override | default(item.target_f) }}" owner: "{{ item.owner | default('root') }}" group: "{{ item.group | default(glance_system_group_name) }}" mode: "{{ item.mode | default('0640') }}" config_overrides: "{{ item.config_overrides }}" config_type: "{{ item.config_type }}" with_items: "{{ glance_core_files }}" notify: - Restart glance services - Restart uwsgi services - name: Cleanup fetched temp files ansible.builtin.file: path: "{{ item.tmp_f }}" state: absent changed_when: false delegate_to: localhost run_once: true with_items: "{{ glance_core_files }}" # NOTE(cloudnull): This will ensure strong permissions on all rootwrap files. - name: Set rootwrap.d permissions ansible.builtin.file: path: "{{ glance_etc_dir }}/rootwrap.d" owner: "root" group: "root" mode: "u=rwX,g=rX,o=" recurse: true - name: Run the systemd mount role ansible.builtin.include_role: name: systemd_mount vars: systemd_mounts: - config_overrides: "{{ mount_var.config_overrides | default({}) }}" what: "{{ mount_var.what | default(mount_var.server | default('') ~ ':' ~ mount_var.remote_path | default('')) }}" where: "{{ mount_var.where | default(mount_var.local_path) }}" type: "{{ mount_var.type }}" options: "{{ mount_var.options }}" unit: After: - network.target rpcbind.service rpc-statd.service Conflicts: - umount.target Requires: - rpcbind.service rpc-statd.service Before: - glance-api.service state: "{{ mount_var.state | default('started') }}" enabled: "{{ mount_var.enabled | default(True) }}" with_items: "{{ glance_remote_client }}" loop_control: loop_var: mount_var tags: - glance-config - name: Create glance cache management cron jobs ansible.builtin.cron: name: "{{ item.name }}" minute: "{{ 59 | random(seed=inventory_hostname, start=1) }}" day: "*" hour: "{{ item.hour }}" month: "*" state: present job: "{{ item.name }}" user: glance with_items: - name: "{{ glance_bin }}/glance-cache-pruner" hour: "*" - name: "{{ glance_bin }}/glance-cache-cleaner" hour: "*/5" when: glance_flavor is search("cache") - name: Drop sudoers file ansible.builtin.template: src: "sudoers.j2" dest: "/etc/sudoers.d/{{ glance_system_user_name }}_sudoers" mode: "0440" owner: "root" group: "root" validate: "/usr/sbin/visudo -cf %s" tags: - sudoers - glance-sudoers