openstack/openstack-ansible-os_neutron
Code Issues Proposed changes

Perform an atomic policy file change

Browse Source 
The policy.json file is currently read continually by the
services and is not only read on service start. We therefore
cannot template directly to the file read by the service
(if the service is already running) because the new policies
may not be valid until the service restarts. This is
particularly important during a major upgrade. We therefore
only put the policy file in place after the service restart.

This patch also tidies up the handlers and some of the install
tasks to simplify them and reduce the tasks/code a little.

Change-Id: Ib213d7272c3d7c692dabedd95ff8ab1cc2088c87
This commit is contained in:
Jesse Pretorius 2017-04-24 12:24:07 +01:00 committed by Jesse Pretorius (odyssey4me)
parent 9aa37610f9
commit 29e09d6a5e
5 changed files with 49 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
handlers/main.yml
View File

@ -13,20 +13,29 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Reload systemd daemon
command: "systemctl daemon-reload"
notify:
- Restart neutron services
- name: Restart neutron services - name: Restart neutron services
debug:
msg: "Restarting services"
changed_when: true
notify:
- Stop services
- Copy new policy file into place
- Start services
- name: Stop services
service: service:
name: "{{ item.value.service_name }}" name: "{{ item.value.service_name }}"
state: restarted enabled: yes
state: "stopped"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
with_dict: "{{ neutron_services }}" with_dict: "{{ neutron_services }}"
failed_when: false when: item.value.service_en | bool
register: _stop
until: _stop | success
retries: 5
delay: 2
notify: notify:
- Run ns-metadata-proxy process cleanup - Run ns-metadata-proxy process cleanup
when: item.value.service_en | bool
# NOTE(cloudnull): # NOTE(cloudnull):
# When installing or upgrading it is possible that an old metadata proxy process will not # When installing or upgrading it is possible that an old metadata proxy process will not
@ -45,3 +54,30 @@
fi fi
done done
when: neutron_services['neutron-metadata-agent'].service_en | bool when: neutron_services['neutron-metadata-agent'].service_en | bool
# Note (odyssey4me):
# The policy.json file is currently read continually by the services
# and is not only read on service start. We therefore cannot template
# directly to the file read by the service because the new policies
# may not be valid until the service restarts. This is particularly
# important during a major upgrade. We therefore only put the policy
# file in place after the service has been stopped.
#
- name: Copy new policy file into place
copy:
src: "{{ neutron_conf_dir }}/policy.json-{{ neutron_venv_tag }}"
dest: "{{ neutron_conf_dir }}/policy.json"
remote_src: yes
- name: Start services
service:
name: "{{ item.value.service_name }}"
enabled: yes
state: "started"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
with_dict: "{{ neutron_services }}"
when: item.value.service_en | bool
register: _start
until: _start | success
retries: 5
delay: 2

3
tasks/main.yml
View File

@ -68,8 +68,7 @@
tags: tags:
- neutron-install - neutron-install
# neutron system services - include: "neutron_init_{{ ansible_service_mgr }}.yml"
- include: neutron_init_common.yml
tags: tags:
- neutron-config - neutron-config

27
tasks/neutron_init_common.yml
View File

@ -1,27 +0,0 @@
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: neutron_init_systemd.yml
static: no
when:
- ansible_service_mgr == 'systemd'
- name: Load service
service:
name: "{{ item.value.service_name }}"
enabled: "yes"
with_dict: "{{ filtered_neutron_services }}"
notify:
- Restart neutron services

4
tasks/neutron_init_systemd.yml
View File

@ -48,6 +48,8 @@
owner: "root" owner: "root"
group: "root" group: "root"
with_dict: "{{ filtered_neutron_services }}" with_dict: "{{ filtered_neutron_services }}"
notify:
- Restart neutron services
- name: Place the systemd init script - name: Place the systemd init script
config_template: config_template:
@ -60,4 +62,4 @@
config_type: "ini" config_type: "ini"
with_dict: "{{ filtered_neutron_services }}" with_dict: "{{ filtered_neutron_services }}"
notify: notify:
- Reload systemd daemon - Restart neutron services

2
tasks/neutron_post_install.yml
View File

@ -40,7 +40,7 @@
config_overrides: "{{ neutron_rootwrap_conf_overrides }}" config_overrides: "{{ neutron_rootwrap_conf_overrides }}"
config_type: "ini" config_type: "ini"
- src: "policy.json.j2" - src: "policy.json.j2"
dest: "{{ neutron_conf_dir }}/policy.json" dest: "{{ neutron_conf_dir }}/policy.json-{{ neutron_venv_tag }}"
config_overrides: "{{ neutron_policy_overrides }}" config_overrides: "{{ neutron_policy_overrides }}"
config_type: "json" config_type: "json"
notify: notify: