From 29e09d6a5edb5a43900263132142c8728bb4f640 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Mon, 24 Apr 2017 12:24:07 +0100 Subject: [PATCH] Perform an atomic policy file change The policy.json file is currently read continually by the services and is not only read on service start. We therefore cannot template directly to the file read by the service (if the service is already running) because the new policies may not be valid until the service restarts. This is particularly important during a major upgrade. We therefore only put the policy file in place after the service restart. This patch also tidies up the handlers and some of the install tasks to simplify them and reduce the tasks/code a little. Change-Id: Ib213d7272c3d7c692dabedd95ff8ab1cc2088c87 --- handlers/main.yml | 52 ++++++++++++++++++++++++++++------ tasks/main.yml | 3 +- tasks/neutron_init_common.yml | 27 ------------------ tasks/neutron_init_systemd.yml | 4 ++- tasks/neutron_post_install.yml | 2 +- 5 files changed, 49 insertions(+), 39 deletions(-) delete mode 100644 tasks/neutron_init_common.yml diff --git a/handlers/main.yml b/handlers/main.yml index 3bc736b9..5dc0f918 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,20 +13,29 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Reload systemd daemon - command: "systemctl daemon-reload" - notify: - - Restart neutron services - - name: Restart neutron services + debug: + msg: "Restarting services" + changed_when: true + notify: + - Stop services + - Copy new policy file into place + - Start services + +- name: Stop services service: name: "{{ item.value.service_name }}" - state: restarted + enabled: yes + state: "stopped" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" with_dict: "{{ neutron_services }}" - failed_when: false + when: item.value.service_en | bool + register: _stop + until: _stop | success + retries: 5 + delay: 2 notify: - Run ns-metadata-proxy process cleanup - when: item.value.service_en | bool # NOTE(cloudnull): # When installing or upgrading it is possible that an old metadata proxy process will not @@ -45,3 +54,30 @@ fi done when: neutron_services['neutron-metadata-agent'].service_en | bool + +# Note (odyssey4me): +# The policy.json file is currently read continually by the services +# and is not only read on service start. We therefore cannot template +# directly to the file read by the service because the new policies +# may not be valid until the service restarts. This is particularly +# important during a major upgrade. We therefore only put the policy +# file in place after the service has been stopped. +# +- name: Copy new policy file into place + copy: + src: "{{ neutron_conf_dir }}/policy.json-{{ neutron_venv_tag }}" + dest: "{{ neutron_conf_dir }}/policy.json" + remote_src: yes + +- name: Start services + service: + name: "{{ item.value.service_name }}" + enabled: yes + state: "started" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_dict: "{{ neutron_services }}" + when: item.value.service_en | bool + register: _start + until: _start | success + retries: 5 + delay: 2 diff --git a/tasks/main.yml b/tasks/main.yml index ed586ff8..a780eaeb 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -68,8 +68,7 @@ tags: - neutron-install -# neutron system services -- include: neutron_init_common.yml +- include: "neutron_init_{{ ansible_service_mgr }}.yml" tags: - neutron-config diff --git a/tasks/neutron_init_common.yml b/tasks/neutron_init_common.yml deleted file mode 100644 index 0b29df03..00000000 --- a/tasks/neutron_init_common.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: neutron_init_systemd.yml - static: no - when: - - ansible_service_mgr == 'systemd' - -- name: Load service - service: - name: "{{ item.value.service_name }}" - enabled: "yes" - with_dict: "{{ filtered_neutron_services }}" - notify: - - Restart neutron services diff --git a/tasks/neutron_init_systemd.yml b/tasks/neutron_init_systemd.yml index bde2f098..ab9537b0 100644 --- a/tasks/neutron_init_systemd.yml +++ b/tasks/neutron_init_systemd.yml @@ -48,6 +48,8 @@ owner: "root" group: "root" with_dict: "{{ filtered_neutron_services }}" + notify: + - Restart neutron services - name: Place the systemd init script config_template: @@ -60,4 +62,4 @@ config_type: "ini" with_dict: "{{ filtered_neutron_services }}" notify: - - Reload systemd daemon + - Restart neutron services diff --git a/tasks/neutron_post_install.yml b/tasks/neutron_post_install.yml index bd9240c7..55f49082 100644 --- a/tasks/neutron_post_install.yml +++ b/tasks/neutron_post_install.yml @@ -40,7 +40,7 @@ config_overrides: "{{ neutron_rootwrap_conf_overrides }}" config_type: "ini" - src: "policy.json.j2" - dest: "{{ neutron_conf_dir }}/policy.json" + dest: "{{ neutron_conf_dir }}/policy.json-{{ neutron_venv_tag }}" config_overrides: "{{ neutron_policy_overrides }}" config_type: "json" notify: