openstack
/
tripleo-common
Code Issues Proposed changes

Merge "Octavia: set selinux contexts on ansible generated configuration"

This commit is contained in:
Zuul 2019-03-27 19:16:51 +00:00 committed by Gerrit Code Review
parent 85b79c2d14 67a55866b2
commit 969626310a
4 changed files with 39 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
playbooks/roles/octavia-controller-config/tasks/certificate.yml
View File

@ -1,15 +1,22 @@
---
- name: making sure octavia worker configuration directory exists
file: path="{{ octavia_confd_prefix }}{{ ca_private_key_path | dirname }}" state=directory
file:
path: "{{ octavia_confd_prefix }}{{ ca_private_key_path | dirname }}"
state: directory
selevel: s0
setype: svirt_sandbox_file_t
become: true
- name: Copying ca private key to octavia
- name: Copying key info to octavia
become: true
copy: content="{{ private_key_content }}" dest="{{ octavia_confd_prefix }}{{ ca_private_key_path }}"
- name: copying ca certificate to octavia
become: true
copy: content="{{ ca_cert_content }}" dest="{{ octavia_confd_prefix }}{{ ca_cert_path }}"
- name: Create pem file with service private key & public certificate
become: true
copy: content="{{ service_pem_content }}" dest="{{ octavia_confd_prefix }}{{ client_cert_path }}"
copy:
content: "{{ item.content }}"
dest: "{{ octavia_confd_prefix }}{{ item.path }}"
selevel: s0
setype: svirt_sandbox_file_t
no_log: true
loop:
- { content: private_key_content, path: ca_private_key_path }
- { content: ca_cert_content, path: ca_cert_path }
- { content: service_pem_content, path: client_cert_path }
notify:
- octavia config updated

6
playbooks/roles/octavia-controller-config/tasks/main.yml
View File

@ -10,6 +10,10 @@
- include_tasks: netport.yml
- include_tasks: netinterface.yml
- name: making sure octavia common configuration directory exists
file: path="{{ octavia_confd_prefix }}/etc/octavia/conf.d/common" state=directory
file:
path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/common"
state: directory
selevel: s0
setype: svirt_sandbox_file_t
become: true
- include_tasks: octavia.yml

18
playbooks/roles/octavia-controller-config/tasks/octavia.yml
View File

@ -1,6 +1,10 @@
---
- name: making sure octavia worker configuration directory exists
file: path="{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-worker" state=directory
file:
path: "{{ octavia_confd_prefix }}/etc/octavia/conf.d/octavia-worker"
state: directory
selevel: s0
setype: svirt_sandbox_file_t
become: true
- name: setting [controller_worker]/amp_boot_network_list
become: true
@ -10,6 +14,8 @@
section: controller_worker
option: amp_boot_network_list
value: "{{ lb_mgmt_net_id }}"
selevel: s0
setype: svirt_sandbox_file_t
- name: setting [controller_worker]/amp_secgroup_list
become: true
become_user: root
@ -18,8 +24,14 @@
section: controller_worker
option: amp_secgroup_list
value: "{{ lb_mgmt_secgroup_id }}"
selevel: s0
setype: svirt_sandbox_file_t
- name: making sure octavia health manager configuration directory exists
file: path="{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager" state=directory
file:
path: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager"
state: directory
selevel: s0
setype: svirt_sandbox_file_t
become: true
- name: create octavia health manager configuration file
become: true
@ -27,3 +39,5 @@
template:
dest: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-health-manager/manager-post-deploy.conf"
src: "manager-post-deploy.conf.j2"
selevel: s0
setype: svirt_sandbox_file_t

2
playbooks/roles/octavia-controller-post-config/tasks/main.yml
View File

@ -35,6 +35,8 @@
option: "controller_ip_port_list"
value: "{{ o_hm_ip_list }}"
path: "{{octavia_confd_prefix}}/etc/octavia/conf.d/octavia-worker/worker-post-deploy.conf"
selevel: s0
setype: svirt_sandbox_file_t
when: octavia_config_updated
- name: restart octavia containers