diff --git a/tasks/neutron_post_install.yml b/tasks/neutron_post_install.yml index a993509b..d318c74c 100644 --- a/tasks/neutron_post_install.yml +++ b/tasks/neutron_post_install.yml @@ -13,146 +13,149 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Create plugins neutron dir - file: - path: "{{ item.path | default(omit) }}" - state: "directory" - owner: "{{ item.owner|default(neutron_system_user_name) }}" - group: "{{ item.group|default(neutron_system_group_name) }}" - mode: "{{ item.mode | default(omit) }}" - with_items: - - path: "{{ neutron_conf_version_dir }}/plugins" - mode: "0750" - - path: "{{ neutron_conf_version_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}" - mode: "0750" - - path: "{{ neutron_conf_version_dir }}/rootwrap.d" - owner: "root" - group: "root" - -# NOTE(cloudnull): This task is required to copy rootwrap filters that we need -# and neutron does not provide by default. -- name: Copy extra neutron rootwrap filters - copy: - src: "{{ item }}" - dest: "{{ neutron_conf_version_dir }}/rootwrap.d/" - owner: "root" - group: "root" - with_fileglob: - - rootwrap.d/* - notify: - - Restart neutron services - - Restart uwsgi services - -- name: Copy common neutron config - openstack.config_template.config_template: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - owner: "root" - group: "{{ item.group|default(neutron_system_group_name) }}" - mode: "0640" - config_overrides: "{{ item.config_overrides }}" - config_type: "{{ item.config_type }}" - with_items: - - src: "neutron.conf.j2" - dest: "{{ neutron_conf_version_dir }}/neutron.conf" - config_overrides: "{{ neutron_neutron_conf_overrides }}" - config_type: "ini" - - src: "{{ neutron_plugins[neutron_plugin_type].plugin_ini }}.j2" - dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" - config_overrides: "{{ neutron_plugins[neutron_plugin_type].plugin_conf_ini_overrides }}" - config_type: "ini" - notify: - - Restart neutron services - - Restart uwsgi services - -- name: Implement policy.yaml if there are overrides configured - openstack.config_template.config_template: - content: "{{ neutron_policy_overrides }}" - dest: "{{ neutron_conf_version_dir }}/policy.yaml" - owner: "root" - group: "{{ neutron_system_group_name }}" - mode: "0640" - config_type: yaml +- name: Preparing neutron config when: - - neutron_policy_overrides | length > 0 - tags: - - neutron-policy-overrides - -- name: Remove legacy policy.yaml file - file: - path: "{{ neutron_conf_dir }}/policy.yaml" - state: absent - when: - - neutron_policy_overrides | length == 0 - tags: - - neutron-policy-override - -- name: Create symlink to neutron-keepalived-state-change - file: - src: "{{ neutron_bin }}/neutron-keepalived-state-change" - dest: "/usr/local/bin/neutron-keepalived-state-change" - state: link - when: - - neutron_install_method == 'source' - ((filtered_neutron_services|length) + (uwsgi_neutron_services|length)) > 0 + block: + - name: Create plugins neutron dir + file: + path: "{{ item.path | default(omit) }}" + state: "directory" + owner: "{{ item.owner|default(neutron_system_user_name) }}" + group: "{{ item.group|default(neutron_system_group_name) }}" + mode: "{{ item.mode | default(omit) }}" + with_items: + - path: "{{ neutron_conf_version_dir }}/plugins" + mode: "0750" + - path: "{{ neutron_conf_version_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}" + mode: "0750" + - path: "{{ neutron_conf_version_dir }}/rootwrap.d" + owner: "root" + group: "root" -- name: Preserve original configuration file(s) - command: "cp {{ item.target_f }} {{ item.target_f }}.original" - args: - creates: "{{ item.target_f }}.original" - with_items: "{{ neutron_core_files }}" + # NOTE(cloudnull): This task is required to copy rootwrap filters that we need + # and neutron does not provide by default. + - name: Copy extra neutron rootwrap filters + copy: + src: "{{ item }}" + dest: "{{ neutron_conf_version_dir }}/rootwrap.d/" + owner: "root" + group: "root" + with_fileglob: + - rootwrap.d/* + notify: + - Restart neutron services + - Restart uwsgi services -- name: Fetch override files - fetch: - src: "{{ item.target_f }}.original" - dest: "{{ item.tmp_f }}" - flat: yes - changed_when: false - with_items: "{{ neutron_core_files }}" - run_once: true + - name: Copy common neutron config + openstack.config_template.config_template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "root" + group: "{{ item.group|default(neutron_system_group_name) }}" + mode: "0640" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: + - src: "neutron.conf.j2" + dest: "{{ neutron_conf_version_dir }}/neutron.conf" + config_overrides: "{{ neutron_neutron_conf_overrides }}" + config_type: "ini" + - src: "{{ neutron_plugins[neutron_plugin_type].plugin_ini }}.j2" + dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" + config_overrides: "{{ neutron_plugins[neutron_plugin_type].plugin_conf_ini_overrides }}" + config_type: "ini" + notify: + - Restart neutron services + - Restart uwsgi services -- name: Copy common neutron config - openstack.config_template.config_template: - src: "{{ item.tmp_f }}" - dest: "{{ item.target_f }}" - owner: "{{ item.owner | default('root') }}" - group: "{{ item.group | default(neutron_system_group_name) }}" - mode: "{{ item.mode | default('0640') }}" - config_overrides: "{{ item.config_overrides }}" - config_type: "{{ item.config_type }}" - with_items: "{{ neutron_core_files }}" - notify: - - Restart neutron services - - Restart uwsgi services + - name: Implement policy.yaml if there are overrides configured + openstack.config_template.config_template: + content: "{{ neutron_policy_overrides }}" + dest: "{{ neutron_conf_version_dir }}/policy.yaml" + owner: "root" + group: "{{ neutron_system_group_name }}" + mode: "0640" + config_type: yaml + when: + - neutron_policy_overrides | length > 0 + tags: + - neutron-policy-overrides -- name: Cleanup fetched temp files - file: - path: "{{ item.tmp_f }}" - state: absent - changed_when: false - delegate_to: localhost - check_mode: false - with_items: "{{ neutron_core_files }}" + - name: Remove legacy policy.yaml file + file: + path: "{{ neutron_conf_dir }}/policy.yaml" + state: absent + when: + - neutron_policy_overrides | length == 0 + tags: + - neutron-policy-override -# NOTE(cloudnull): This will ensure strong permissions on all rootwrap files. -- name: Set rootwrap.d permissions - file: - path: "{{ neutron_conf_version_dir }}/rootwrap.d" - owner: "root" - group: "root" - mode: "0640" - recurse: true + - name: Create symlink to neutron-keepalived-state-change + file: + src: "{{ neutron_bin }}/neutron-keepalived-state-change" + dest: "/usr/local/bin/neutron-keepalived-state-change" + state: link + when: + - neutron_install_method == 'source' -- name: Copy neutron ml2 plugin config - openstack.config_template.config_template: - src: "{{ ('plugin_conf_bare' not in neutron_plugins[item]) | ternary(neutron_plugins[item].plugin_ini ~ '.j2', omit) }}" - dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[item].plugin_ini }}" - owner: "root" - group: "{{ neutron_system_group_name }}" - mode: "0640" - config_overrides: "{{ neutron_plugins[item].plugin_conf_ini_overrides }}" - config_type: "ini" - with_items: "{{ neutron_plugin_types }}" + - name: Preserve original configuration file(s) + command: "cp {{ item.target_f }} {{ item.target_f }}.original" + args: + creates: "{{ item.target_f }}.original" + with_items: "{{ neutron_core_files }}" + + - name: Fetch override files + fetch: + src: "{{ item.target_f }}.original" + dest: "{{ item.tmp_f }}" + flat: yes + changed_when: false + with_items: "{{ neutron_core_files }}" + run_once: true + + - name: Copy common neutron config + openstack.config_template.config_template: + src: "{{ item.tmp_f }}" + dest: "{{ item.target_f }}" + owner: "{{ item.owner | default('root') }}" + group: "{{ item.group | default(neutron_system_group_name) }}" + mode: "{{ item.mode | default('0640') }}" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + with_items: "{{ neutron_core_files }}" + notify: + - Restart neutron services + - Restart uwsgi services + + - name: Cleanup fetched temp files + file: + path: "{{ item.tmp_f }}" + state: absent + changed_when: false + delegate_to: localhost + check_mode: false + with_items: "{{ neutron_core_files }}" + + # NOTE(cloudnull): This will ensure strong permissions on all rootwrap files. + - name: Set rootwrap.d permissions + file: + path: "{{ neutron_conf_version_dir }}/rootwrap.d" + owner: "root" + group: "root" + mode: "0640" + recurse: true + + - name: Copy neutron ml2 plugin config + openstack.config_template.config_template: + src: "{{ ('plugin_conf_bare' not in neutron_plugins[item]) | ternary(neutron_plugins[item].plugin_ini ~ '.j2', omit) }}" + dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[item].plugin_ini }}" + owner: "root" + group: "{{ neutron_system_group_name }}" + mode: "0640" + config_overrides: "{{ neutron_plugins[item].plugin_conf_ini_overrides }}" + config_type: "ini" + with_items: "{{ neutron_plugin_types }}" - name: Generate neutron dnsmasq Config template: