diff --git a/handlers/main.yml b/handlers/main.yml index 23d0e4c6..dee33c89 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -70,6 +70,30 @@ - "Restart neutron services" - "venv changed" +- name: Symlink neutron config directory + file: + # NOTE(cloudnull): The "src" path is relative. This ensures all files remain + # within the host/container confines when connecting to + # them using the connection plugin or the root filesystem. + src: "{{ neutron_conf_version_dir | regex_replace('^/', '../') }}" + dest: "{{ neutron_conf_dir }}" + state: link + force: true + when: neutron_install_method == 'source' + listen: + - "venv changed" + +- name: Drop sudoers file + template: + src: "sudoers.j2" + dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers" + mode: "0440" + owner: "root" + group: "root" + listen: + - "Restart neutron services" + - "venv changed" + - name: Perform a DB contract command: "{{ neutron_bin }}/neutron-db-manage upgrade --contract" become: yes diff --git a/tasks/neutron_db_setup.yml b/tasks/neutron_db_setup.yml index 2ca65cc4..a36937e2 100644 --- a/tasks/neutron_db_setup.yml +++ b/tasks/neutron_db_setup.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Perform a DB expand - command: "{{ neutron_bin }}/neutron-db-manage upgrade --expand" + command: "{{ neutron_bin }}/neutron-db-manage --config-file {{ neutron_conf_version_dir }}/neutron.conf upgrade --expand" become: yes become_user: "{{ neutron_system_user_name }}" when: @@ -29,7 +29,7 @@ value: "False" - name: Check for available offline migrations - command: "{{ neutron_bin }}/neutron-db-manage has_offline_migrations" + command: "{{ neutron_bin }}/neutron-db-manage --config-file {{ neutron_conf_version_dir }}/neutron.conf has_offline_migrations" environment: LANGUAGE: en_US.UTF-8 become: yes diff --git a/tasks/neutron_post_install.yml b/tasks/neutron_post_install.yml index da9ac681..1b0cab20 100644 --- a/tasks/neutron_post_install.yml +++ b/tasks/neutron_post_install.yml @@ -21,11 +21,11 @@ group: "{{ item.group|default(neutron_system_group_name) }}" mode: "{{ item.mode | default(omit) }}" with_items: - - path: "{{ neutron_conf_dir }}/plugins" + - path: "{{ neutron_conf_version_dir }}/plugins" mode: "0750" - - path: "{{ neutron_conf_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}" + - path: "{{ neutron_conf_version_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}" mode: "0750" - - path: "{{ neutron_conf_dir }}/rootwrap.d" + - path: "{{ neutron_conf_version_dir }}/rootwrap.d" owner: "root" group: "root" @@ -34,7 +34,7 @@ - name: Copy extra neutron rootwrap filters copy: src: "{{ item }}" - dest: "{{ neutron_conf_dir }}/rootwrap.d/" + dest: "{{ neutron_conf_version_dir }}/rootwrap.d/" owner: "root" group: "root" with_fileglob: @@ -53,11 +53,11 @@ config_type: "{{ item.config_type }}" with_items: - src: "neutron.conf.j2" - dest: "{{ neutron_conf_dir }}/neutron.conf" + dest: "{{ neutron_conf_version_dir }}/neutron.conf" config_overrides: "{{ neutron_neutron_conf_overrides }}" config_type: "ini" - src: "{{ neutron_plugins[neutron_plugin_type].plugin_ini }}.j2" - dest: "{{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" + dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}" config_overrides: "{{ neutron_plugins[neutron_plugin_type].plugin_conf_ini_overrides }}" config_type: "ini" notify: @@ -66,7 +66,7 @@ - name: Implement policy.yaml if there are overrides configured config_template: content: "{{ neutron_policy_overrides }}" - dest: "{{ neutron_conf_dir }}/policy.yaml" + dest: "{{ neutron_conf_version_dir }}/policy.yaml" owner: "root" group: "{{ neutron_system_group_name }}" mode: "0640" @@ -88,7 +88,7 @@ - name: Place api-paste.ini to the correct path in RedHat file: src: "/usr/share/neutron/api-paste.ini" - dest: "{{ neutron_conf_dir }}/api-paste.ini" + dest: "{{ neutron_conf_version_dir }}/api-paste.ini" owner: "root" group: "{{ neutron_system_group_name }}" mode: "0640" @@ -141,7 +141,7 @@ # NOTE(cloudnull): This will ensure strong permissions on all rootwrap files. - name: Set rootwrap.d permissions file: - path: "{{ neutron_conf_dir }}/rootwrap.d" + path: "{{ neutron_conf_version_dir }}/rootwrap.d" owner: "root" group: "root" mode: "0640" @@ -150,7 +150,7 @@ - name: Copy neutron ml2 plugin config config_template: src: "{{ ('plugin_conf_bare' not in neutron_plugins[item]) | ternary(neutron_plugins[item].plugin_ini ~ '.j2', omit) }}" - dest: "{{ neutron_conf_dir }}/{{ neutron_plugins[item].plugin_ini }}" + dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[item].plugin_ini }}" owner: "root" group: "{{ neutron_system_group_name }}" mode: "0640" @@ -161,7 +161,7 @@ - name: Generate neutron dnsmasq Config template: src: "dnsmasq-neutron.conf.j2" - dest: "{{ neutron_conf_dir }}/dnsmasq-neutron.conf" + dest: "{{ neutron_conf_version_dir }}/dnsmasq-neutron.conf" owner: "root" group: "{{ neutron_system_group_name }}" mode: "0640" @@ -189,7 +189,7 @@ - name: Generate neutron bgpvpn networking configuration template: src: "networking_bgpvpn.conf.j2" - dest: "{{ neutron_conf_dir }}/networking_bgpvpn.conf" + dest: "{{ neutron_conf_version_dir }}/networking_bgpvpn.conf" owner: "root" group: "{{ neutron_system_group_name }}" mode: "0640" diff --git a/tasks/neutron_pre_install.yml b/tasks/neutron_pre_install.yml index 39e0f98b..ff10c2e0 100644 --- a/tasks/neutron_pre_install.yml +++ b/tasks/neutron_pre_install.yml @@ -53,29 +53,18 @@ - name: Create neutron dir file: path: "{{ item.path | default(omit) }}" - src: "{{ item.src | default(omit) }}" - dest: "{{ item.dest | default(omit) }}" state: "{{ item.state | default('directory') }}" owner: "{{ item.owner | default(neutron_system_user_name) }}" group: "{{ item.group | default(neutron_system_group_name) }}" mode: "{{ item.mode | default(omit) }}" - force: "{{ item.force | default(omit) }}" when: - (item.condition | default(true)) | bool with_items: - path: "/openstack" owner: "root" group: "root" - - path: "{{ (neutron_install_method == 'distro') | ternary(neutron_conf_dir, (neutron_bin | dirname) + '/etc/neutron') }}" + - path: "{{ neutron_conf_version_dir }}" mode: "0755" - # NOTE(cloudnull): The "src" path is relative. This ensures all files remain - # within the host/container confines when connecting to - # them using the connection plugin or the root filesystem. - - dest: "{{ neutron_conf_dir }}" - src: "{{ neutron_bin | dirname | regex_replace('^/', '../') }}/etc/neutron" - state: link - force: true - condition: "{{ neutron_install_method == 'source' }}" - path: "/etc/sudoers.d" mode: "0750" owner: "root" @@ -87,14 +76,6 @@ mode: "0755" - path: "{{ neutron_system_home_folder }}/ha_confs" -- name: Drop sudoers file - template: - src: "sudoers.j2" - dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers" - mode: "0440" - owner: "root" - group: "root" - - name: Add dependency repos for Neutron package: name: "{{ neutron_repos }}" diff --git a/vars/main.yml b/vars/main.yml index 8c2c50df..7df09076 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -122,6 +122,7 @@ neutron_venv_packages: >- ### neutron_conf_dir: /etc/neutron +neutron_conf_version_dir: "{{ (neutron_install_method == 'distro') | ternary(neutron_conf_dir, (neutron_bin | dirname) + '/etc/neutron') }}" neutron_lock_path: "/var/lock/neutron" neutron_system_user_name: neutron neutron_system_group_name: neutron @@ -348,7 +349,7 @@ neutron_services: group: neutron_dhcp_agent service_name: neutron-dhcp-agent service_en: "{{ neutron_dhcp | bool }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: dhcp_agent.ini service_rootwrap: rootwrap.d/dhcp.filters execstarts: "{{ neutron_bin }}/neutron-dhcp-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dhcp_agent.ini" @@ -360,7 +361,7 @@ neutron_services: group: neutron_openvswitch_agent service_name: neutron-openvswitch-agent service_en: "{{ neutron_plugin_type in ['ml2.ovs', 'ml2.ovs.dvr'] }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: plugins/ml2/openvswitch_agent.ini service_rootwrap: rootwrap.d/openvswitch-plugin.filters execstarts: "{{ neutron_bin }}/neutron-openvswitch-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/openvswitch_agent.ini" @@ -372,7 +373,7 @@ neutron_services: group: neutron_linuxbridge_agent service_name: neutron-linuxbridge-agent service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: plugins/ml2/linuxbridge_agent.ini service_rootwrap: rootwrap.d/linuxbridge-plugin.filters execstarts: "{{ neutron_bin }}/neutron-linuxbridge-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/linuxbridge_agent.ini" @@ -384,7 +385,7 @@ neutron_services: group: neutron_metadata_agent service_name: neutron-metadata-agent service_en: "{{ neutron_metadata | bool }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: metadata_agent.ini execstarts: "{{ neutron_bin }}/neutron-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metadata_agent.ini" config_overrides: "{{ neutron_metadata_agent_ini_overrides }}" @@ -395,7 +396,7 @@ neutron_services: group: neutron_metering_agent service_name: neutron-metering-agent service_en: "{{ neutron_metering | bool }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: metering_agent.ini execstarts: "{{ neutron_bin }}/neutron-metering-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metering_agent.ini" config_overrides: "{{ neutron_metering_agent_ini_overrides }}" @@ -407,7 +408,7 @@ neutron_services: group: neutron_l3_agent service_name: neutron-l3-agent service_en: "{{ neutron_l3 | bool }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: l3_agent.ini service_rootwrap: rootwrap.d/l3.filters environment: @@ -421,7 +422,7 @@ neutron_services: group: neutron_bgp_dragent service_name: neutron-bgp-dragent service_en: "{{ neutron_bgp | bool }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: bgp_dragent.ini execstarts: "{{ neutron_bin }}/neutron-bgp-dragent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/bgp_dragent.ini" config_overrides: "{{ neutron_bgp_dragent_ini_overrides }}" @@ -436,7 +437,7 @@ neutron_services: group: neutron_l3_agent service_name: neutron-vpn-agent service_en: false - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: vpnaas_agent.ini service_rootwrap: rootwrap.d/vpnaas.filters execstarts: "{{ neutron_bin }}/neutron-vpn-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/vpnaas_agent.ini" @@ -480,7 +481,7 @@ neutron_services: group: neutron_sriov_nic_agent service_name: neutron-sriov-nic-agent service_en: "{{ 'ml2.sriov' in neutron_plugin_types }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: plugins/ml2/sriov_nic_agent.ini execstarts: "{{ neutron_bin }}/neutron-sriov-nic-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/sriov_nic_agent.ini" config_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}" @@ -499,7 +500,7 @@ neutron_services: systemd_group_name: root service_name: neutron-ovn-metadata-agent service_en: "{{ neutron_plugin_type == 'ml2.ovn' }}" - service_conf_path: "{{ neutron_conf_dir }}" + service_conf_path: "{{ neutron_conf_version_dir }}" service_conf: neutron_ovn_metadata_agent.ini service_rootwrap: rootwrap.d/ovn-plugin.filters execstarts: "{{ neutron_bin }}/neutron-ovn-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/neutron_ovn_metadata_agent.ini" @@ -543,11 +544,11 @@ neutron_role_project_group: neutron_all neutron_core_files: - tmp_f: "/tmp/api-paste.ini.original" - target_f: "{{ neutron_conf_dir }}/api-paste.ini" + target_f: "{{ neutron_conf_version_dir }}/api-paste.ini" config_overrides: "{{ _neutron_api_paste_ini_overrides | combine(neutron_api_paste_ini_overrides, recursive=True) }}" config_type: "ini" - tmp_f: "/tmp/rootwrap.conf.original" - target_f: "{{ neutron_conf_dir }}/rootwrap.conf" + target_f: "{{ neutron_conf_version_dir }}/rootwrap.conf" config_overrides: "{{ _neutron_rootwrap_conf_overrides | combine(neutron_rootwrap_conf_overrides, recursive=True) }}" config_type: "ini" owner: "root"