Include extra conf file updates when updating SHA's

This patch updates the sources-branch-updater convenience script to
make it also check for additional updates relating to policy.json,
paste.ini, rootwrap.conf, rootwrap filters, etc.

This ensures that the SHA updates are more complete and the updates
require less effort to do.

In addition to the script update there are some changes to other
file names and locations in order to facilitate the file's ability
to do everything correctly. The changes enforce a specific convention
for the names and locations of files it manages.

Change-Id: I99899e61e0527639abc8b3bae0296a891607a31d

playbooks/roles/os_aodh/tasks/aodh_post_install.yml

@@ -47,7 +47,7 @@
       dest: "/etc/aodh/api_paste.ini"
       config_overrides: "{{ aodh_api_paste_ini_overrides }}"
       config_type: "ini"
-    - src: "policy.json"
+    - src: "policy.json.j2"
       dest: "/etc/aodh/policy.json"
       config_overrides: "{{ aodh_policy_overrides }}"
       config_type: "json"

playbooks/roles/os_ceilometer/tasks/ceilometer_post_install.yml

@@ -43,7 +43,7 @@
       dest: "/etc/ceilometer/pipeline.yaml"
       config_overrides: "{{ ceilometer_pipeline_yaml_overrides }}"
       config_type: "yaml"
-    - src: "policy.json"
+    - src: "policy.json.j2"
       dest: "/etc/ceilometer/policy.json"
       config_overrides: "{{ ceilometer_policy_overrides }}"
       config_type: "json"

playbooks/roles/os_cinder/tasks/cinder_post_install.yml

@@ -51,7 +51,7 @@
     owner: "{{ cinder_system_user_name }}"
     group: "{{ cinder_system_group_name }}"
   with_items:
-    - { src: "volume.filters", dest: "/etc/cinder/rootwrap.d/volume.filters" }
+    - { src: "rootwrap.d/volume.filters", dest: "/etc/cinder/rootwrap.d/volume.filters" }
   notify:
     - Restart cinder services
   tags:

scripts/sources-branch-updater.sh

@@ -20,6 +20,7 @@
 
 ONLINE_BRANCH=${ONLINE_BRANCH:-"master"}
 SERVICE_FILE=${SERVICE_FILE:-"playbooks/defaults/repo_packages/openstack_services.yml"}
+OPENSTACK_SERVICE_LIST=${OPENSTACK_SERVICE_LIST:-"aodh ceilometer cinder glance heat keystone neutron nova"}
 
 IFS=$'\n'
 
@@ -51,20 +52,82 @@ shift
 done
 
 # Iterate through the service file
-for repo in $(grep 'git_repo\:' ${SERVICE_FILE});do
+for repo in $(grep 'git_repo\:' ${SERVICE_FILE}); do
+
+  echo -e "\nInspecting ${repo}..."
+
   # Set the repo name
   repo_name=$(echo "${repo}" | sed 's/_git_repo\:.*//g')
+
+  # Set the repo address
+  repo_address=$(echo ${repo} | awk '{print $2}')
+
   # Get the branch data
-  branch_data=$(git ls-remote "$(echo ${repo} | awk '{print $2}')" | grep "${ONLINE_BRANCH}$")
+  branch_data=$(git ls-remote ${repo_address} | grep "${ONLINE_BRANCH}$")
 
   # If there is branch data continue
   if [ ! -z "${branch_data}" ];then
+
     # Set the branch sha for the head of the branch
     branch_sha=$(echo "${branch_data}" | awk '{print $1}')
+
     # Set the branch entry
     branch_entry="${branch_sha} # HEAD of \"$ONLINE_BRANCH\" as of $(date +%d.%m.%Y)"
-    # Write the branch entry
+
+    # Write the branch entry into the repo_packages file
     sed -i.bak "s|${repo_name}_git_install_branch:.*|${repo_name}_git_install_branch: $branch_entry|" ${SERVICE_FILE}
-    echo "processed $repo_name @ $branch_entry"
+
+    # If the repo is in the specified list, then action the additional updates
+    if [[ "${OPENSTACK_SERVICE_LIST}" =~ "${repo_name}" ]]; then
+      repo_tmp_path="/tmp/${repo_name}"
+
+      # Ensure that the temp path doesn't exist
+      rm -rf ${repo_tmp_path}
+
+      # Do a shallow clone of the repo to work with
+      git clone --quiet --depth=1 --origin ${branch_sha} ${repo_address} ${repo_tmp_path}
+
+      # Update the policy files
+      find ${repo_tmp_path}/etc -name "policy.json" -exec \
+        cp {} "playbooks/roles/os_${repo_name}/templates/policy.json.j2" \;
+
+      # Tweak the paste files
+      find ${repo_tmp_path}/etc -name "*-paste.ini" -exec \
+        sed -i.bak "s|hmac_keys = SECRET_KEY|hmac_keys = {{ ${repo_name}_profiler_hmac_key }}|" {} \;
+
+      # Update the paste files
+      find ${repo_tmp_path}/etc -name "*-paste.ini" -exec \
+        bash -c "name=\"{}\"; cp \${name} \"playbooks/roles/os_${repo_name}/templates/\$(basename \${name}).j2\"" \;
+
+      # Tweak the rootwrap conf files
+      find ${repo_tmp_path}/etc -name "rootwrap.conf" -exec \
+        sed -i.bak "s|exec_dirs=|exec_dirs={{ ${repo_name}_bin }},|" {} \;
+
+      # Update the rootwrap conf files
+      find ${repo_tmp_path}/etc -name "rootwrap.conf" -exec \
+        cp {} "playbooks/roles/os_${repo_name}/templates/rootwrap.conf.j2" \;
+
+      # Update the rootwrap filters
+      find ${repo_tmp_path}/etc -name "*.filters" -exec \
+        bash -c "name=\"{}\"; cp \${name} \"playbooks/roles/os_${repo_name}/files/rootwrap.d/\$(basename \${name})\"" \;
+
+      # Update the yaml files for Ceilometer
+      if [ "${repo_name}" = "ceilometer" ]; then
+        find ${repo_tmp_path}/etc -name "*.yaml" -exec \
+          bash -c "name=\"{}\"; cp \${name} \"playbooks/roles/os_${repo_name}/templates/\$(basename \${name}).j2\"" \;
+      fi
+
+      # Update the yaml files for Heat
+      if [ "${repo_name}" = "heat" ]; then
+        find ${repo_tmp_path}/etc -name "*.yaml" -exec \
+          bash -c "name=\"{}\"; cp \${name} \"playbooks/roles/os_${repo_name}/templates/\$(echo \${name} | rev | cut -sd / -f -2 | rev).j2\"" \;
+      fi
+
+      # Clean up the temporary files
+      rm -rf ${repo_tmp_path}
+    fi
   fi
+
+  echo -e "Processed $repo_name @ $branch_entry\n"
+
 done