diff --git a/ansible/roles/vitrage/handlers/main.yml b/ansible/roles/vitrage/handlers/main.yml
index 24b9c067bf..9862584d69 100644
--- a/ansible/roles/vitrage/handlers/main.yml
+++ b/ansible/roles/vitrage/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_api_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or vitrage_api_container.changed | bool
- name: Restart vitrage-collector container
@@ -28,7 +28,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_collector_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or vitrage_collector_container.changed | bool
- name: Restart vitrage-notifier container
@@ -51,7 +51,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_notifier_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -65,7 +65,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or vitrage_notifier_container.changed | bool
- name: Restart vitrage-graph container
@@ -74,7 +74,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_graph_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -88,7 +88,7 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or vitrage_graph_container.changed | bool
- name: Restart vitrage-ml container
@@ -97,7 +97,7 @@
service: "{{ vitrage_services[service_name] }}"
config_json: "{{ vitrage_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_conf: "{{ vitrage_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ vitrage_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ vitrage_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
vitrage_ml_container: "{{ check_vitrage_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -111,5 +111,5 @@
- service.enabled | bool
- config_json.changed | bool
or vitrage_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or vitrage_ml_container.changed | bool
diff --git a/ansible/roles/vitrage/tasks/config.yml b/ansible/roles/vitrage/tasks/config.yml
index 63cc3d4d9d..1038c4bfdb 100644
--- a/ansible/roles/vitrage/tasks/config.yml
+++ b/ansible/roles/vitrage/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ vitrage_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: vitrage_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/vitrage/"
+ skip: true
+
+- name: Set vitrage policy file
+ set_fact:
+ vitrage_policy_file: "{{ vitrage_policy.results.0.stat.path | basename }}"
+ vitrage_policy_file_path: "{{ vitrage_policy.results.0.stat.path }}"
+ when:
+ - vitrage_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -58,17 +75,13 @@
notify:
- Restart vitrage-api container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/vitrage/policy.json"
- register: vitrage_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/vitrage/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: vitrage_policy_jsons
+ src: "{{ vitrage_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ vitrage_policy_file }}"
+ register: vitrage_policy_overwriting
when:
- - vitrage_policy.stat.exists
+ - vitrage_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ vitrage_services }}"
diff --git a/ansible/roles/vitrage/templates/vitrage-api.json.j2 b/ansible/roles/vitrage/templates/vitrage-api.json.j2
index 7f670f5078..34f2a9223e 100644
--- a/ansible/roles/vitrage/templates/vitrage-api.json.j2
+++ b/ansible/roles/vitrage/templates/vitrage-api.json.j2
@@ -15,14 +15,13 @@
"dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
"owner": "vitrage",
"perm": "0644"
- },
+ }{% if vitrage_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/vitrage/policy.json",
+ "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
+ "dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/vitrage/templates/vitrage-collector.json.j2 b/ansible/roles/vitrage/templates/vitrage-collector.json.j2
index 1a6c262ea9..4da868bf40 100644
--- a/ansible/roles/vitrage/templates/vitrage-collector.json.j2
+++ b/ansible/roles/vitrage/templates/vitrage-collector.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
- },
+ }{% if vitrage_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/vitrage/policy.json",
+ "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
+ "dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/vitrage/templates/vitrage-graph.json.j2 b/ansible/roles/vitrage/templates/vitrage-graph.json.j2
index ebbbb201b4..9f576f3e77 100644
--- a/ansible/roles/vitrage/templates/vitrage-graph.json.j2
+++ b/ansible/roles/vitrage/templates/vitrage-graph.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
- },
+ }{% if vitrage_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/vitrage/policy.json",
+ "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
+ "dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/vitrage/templates/vitrage-ml.json.j2 b/ansible/roles/vitrage/templates/vitrage-ml.json.j2
index dd8847af42..6c629e4008 100644
--- a/ansible/roles/vitrage/templates/vitrage-ml.json.j2
+++ b/ansible/roles/vitrage/templates/vitrage-ml.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
- },
+ }{% if vitrage_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/vitrage/policy.json",
+ "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
+ "dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/vitrage/templates/vitrage-notifier.json.j2 b/ansible/roles/vitrage/templates/vitrage-notifier.json.j2
index 4ebcbcc644..8e0047aa09 100644
--- a/ansible/roles/vitrage/templates/vitrage-notifier.json.j2
+++ b/ansible/roles/vitrage/templates/vitrage-notifier.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/vitrage/vitrage.conf",
"owner": "vitrage",
"perm": "0644"
- },
+ }{% if vitrage_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/vitrage/policy.json",
+ "source": "{{ container_config_directory }}/{{ vitrage_policy_file }}",
+ "dest": "/etc/vitrage/{{ vitrage_policy_file }}",
"owner": "vitrage",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/vitrage/templates/vitrage.conf.j2 b/ansible/roles/vitrage/templates/vitrage.conf.j2
index 52dad4eab5..dc4ef48be1 100644
--- a/ansible/roles/vitrage/templates/vitrage.conf.j2
+++ b/ansible/roles/vitrage/templates/vitrage.conf.j2
@@ -61,6 +61,11 @@ driver = messagingv2
[oslo_concurrency]
lock_path = /var/lib/vitrage/tmp
+{% if vitrage_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ vitrage_policy_file }}
+{% endif %}
+
{% if enable_osprofiler | bool %}
[profiler]
enabled = true
diff --git a/ansible/roles/watcher/handlers/main.yml b/ansible/roles/watcher/handlers/main.yml
index e31dd445b4..96898da0f7 100644
--- a/ansible/roles/watcher/handlers/main.yml
+++ b/ansible/roles/watcher/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ watcher_services[service_name] }}"
config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_applier_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -19,7 +19,7 @@
- service.enabled | bool
- config_json.changed | bool
or watcher_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or watcher_applier_container.changed | bool
- name: Restart watcher-engine container
@@ -28,7 +28,7 @@
service: "{{ watcher_services[service_name] }}"
config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_engine_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -42,7 +42,7 @@
- service.enabled | bool
- config_json.changed | bool
or watcher_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or watcher_engine_container.changed | bool
- name: Restart watcher-api container
@@ -51,7 +51,7 @@
service: "{{ watcher_services[service_name] }}"
config_json: "{{ watcher_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_conf: "{{ watcher_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ watcher_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ watcher_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
watcher_api_container: "{{ check_watcher_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -65,5 +65,5 @@
- service.enabled | bool
- config_json.changed | bool
or watcher_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or watcher_api_container.changed | bool
diff --git a/ansible/roles/watcher/tasks/config.yml b/ansible/roles/watcher/tasks/config.yml
index 5b06d602ff..0c5bace05f 100644
--- a/ansible/roles/watcher/tasks/config.yml
+++ b/ansible/roles/watcher/tasks/config.yml
@@ -9,6 +9,23 @@
- item.value.enabled | bool
with_dict: "{{ watcher_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: watcher_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/watcher/"
+ skip: true
+
+- name: Set watcher policy file
+ set_fact:
+ watcher_policy_file: "{{ watcher_policy.results.0.stat.path | basename }}"
+ watcher_policy_file_path: "{{ watcher_policy.results.0.stat.path }}"
+ when:
+ - watcher_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -44,18 +61,13 @@
- Restart watcher-engine container
- Restart watcher-applier container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/watcher/policy.json"
- run_once: True
- register: watcher_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/watcher/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: watcher_policy_jsons
+ src: "{{ watcher_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ watcher_policy_file }}"
+ register: watcher_policy_overwriting
when:
- - watcher_policy.stat.exists
+ - watcher_policy_file is defined
- inventory_hostname in groups[item.value.group]
- item.value.enabled | bool
with_dict: "{{ watcher_services }}"
diff --git a/ansible/roles/watcher/templates/watcher-api.json.j2 b/ansible/roles/watcher/templates/watcher-api.json.j2
index 2d8233b21c..2ff6ac1427 100644
--- a/ansible/roles/watcher/templates/watcher-api.json.j2
+++ b/ansible/roles/watcher/templates/watcher-api.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0600"
- },
+ }{% if watcher_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/watcher/policy.json",
+ "source": "{{ container_config_directory }}/{{ watcher_policy_file }}",
+ "dest": "/etc/watcher/{{ watcher_policy_file }}",
"owner": "watcher",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/watcher/templates/watcher-applier.json.j2 b/ansible/roles/watcher/templates/watcher-applier.json.j2
index 7124824c3a..e8d6ac38a0 100644
--- a/ansible/roles/watcher/templates/watcher-applier.json.j2
+++ b/ansible/roles/watcher/templates/watcher-applier.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0600"
- },
+ }{% if watcher_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/watcher/policy.json",
+ "source": "{{ container_config_directory }}/{{ watcher_policy_file }}",
+ "dest": "/etc/watcher/{{ watcher_policy_file }}",
"owner": "watcher",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/watcher/templates/watcher-engine.json.j2 b/ansible/roles/watcher/templates/watcher-engine.json.j2
index f1d4d65f9d..080e88f08a 100644
--- a/ansible/roles/watcher/templates/watcher-engine.json.j2
+++ b/ansible/roles/watcher/templates/watcher-engine.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
"perm": "0600"
- },
+ }{% if watcher_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/watcher/policy.json",
+ "source": "{{ container_config_directory }}/{{ watcher_policy_file }}",
+ "dest": "/etc/watcher/{{ watcher_policy_file }}",
"owner": "watcher",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/watcher/templates/watcher.conf.j2 b/ansible/roles/watcher/templates/watcher.conf.j2
index 377225432c..78ac3d607b 100644
--- a/ansible/roles/watcher/templates/watcher.conf.j2
+++ b/ansible/roles/watcher/templates/watcher.conf.j2
@@ -46,3 +46,8 @@ lock_path = /var/lib/watcher/tmp
[oslo_messaging_notifications]
transport_url = {{ notify_transport_url }}
+
+{% if watcher_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ watcher_policy_file }}
+{% endif %}
diff --git a/ansible/roles/zun/handlers/main.yml b/ansible/roles/zun/handlers/main.yml
index beab820d5e..739ce01822 100644
--- a/ansible/roles/zun/handlers/main.yml
+++ b/ansible/roles/zun/handlers/main.yml
@@ -5,7 +5,7 @@
service: "{{ zun_services[service_name] }}"
config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ zun_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_api_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -21,7 +21,7 @@
- config_json.changed | bool
or zun_conf.changed | bool
or zun_conf_wsgi.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or zun_api_container.changed | bool
- name: Restart zun-compute container
@@ -30,7 +30,7 @@
service: "{{ zun_services[service_name] }}"
config_json: "{{ zun_config_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_conf: "{{ zun_confs.results|selectattr('item.key', 'equalto', service_name)|first }}"
- policy_json: "{{ zun_policy_jsons.results|selectattr('item.key', 'equalto', service_name)|first }}"
+ policy_overwriting: "{{ zun_policy_overwriting.results|selectattr('item.key', 'equalto', service_name)|first }}"
zun_compute_container: "{{ check_zun_containers.results|selectattr('item.key', 'equalto', service_name)|first }}"
kolla_docker:
action: "recreate_or_restart_container"
@@ -45,5 +45,5 @@
- service.enabled | bool
- config_json.changed | bool
or zun_conf.changed | bool
- or policy_json.changed | bool
+ or policy_overwriting.changed | bool
or zun_compute_container.changed | bool
diff --git a/ansible/roles/zun/tasks/config.yml b/ansible/roles/zun/tasks/config.yml
index 5787f3e395..5d58cc5a04 100644
--- a/ansible/roles/zun/tasks/config.yml
+++ b/ansible/roles/zun/tasks/config.yml
@@ -7,6 +7,23 @@
when: inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
+- name: Check if policies shall be overwritten
+ local_action: stat path="{{ item }}"
+ run_once: True
+ register: zun_policy
+ with_first_found:
+ - files: "{{ supported_policy_format_list }}"
+ paths:
+ - "{{ node_custom_config }}/zun/"
+ skip: true
+
+- name: Set zun policy file
+ set_fact:
+ zun_policy_file: "{{ zun_policy.results.0.stat.path | basename }}"
+ zun_policy_file_path: "{{ zun_policy.results.0.stat.path }}"
+ when:
+ - zun_policy.results
+
- name: Copying over config.json files for services
template:
src: "{{ item.key }}.json.j2"
@@ -53,18 +70,13 @@
notify:
- Restart zun-api container
-- name: Check if policies shall be overwritten
- local_action: stat path="{{ node_custom_config }}/zun/policy.json"
- run_once: True
- register: zun_policy
-
-- name: Copying over existing policy.json
+- name: Copying over existing policy file
template:
- src: "{{ node_custom_config }}/zun/policy.json"
- dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
- register: zun_policy_jsons
+ src: "{{ zun_policy_file_path }}"
+ dest: "{{ node_config_directory }}/{{ item.key }}/{{ zun_policy_file }}"
+ register: zun_policy_overwriting
when:
- - zun_policy.stat.exists
+ - zun_policy_file is defined
- inventory_hostname in groups[item.value.group]
with_dict: "{{ zun_services }}"
notify:
diff --git a/ansible/roles/zun/templates/zun-api.json.j2 b/ansible/roles/zun/templates/zun-api.json.j2
index db42aa81ba..99322c93f0 100644
--- a/ansible/roles/zun/templates/zun-api.json.j2
+++ b/ansible/roles/zun/templates/zun-api.json.j2
@@ -14,14 +14,13 @@
"dest": "/etc/{{ zun_dir }}/wsgi-zun.conf",
"owner": "root",
"perm": "0600"
- },
+ }{% if zun_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/zun/policy.json",
+ "source": "{{ container_config_directory }}/{{ zun_policy_file }}",
+ "dest": "/etc/zun/{{ zun_policy_file }}",
"owner": "zun",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/zun/templates/zun-compute.json.j2 b/ansible/roles/zun/templates/zun-compute.json.j2
index 21b04d7900..1e4e09fc85 100644
--- a/ansible/roles/zun/templates/zun-compute.json.j2
+++ b/ansible/roles/zun/templates/zun-compute.json.j2
@@ -6,14 +6,13 @@
"dest": "/etc/zun/zun.conf",
"owner": "zun",
"perm": "0600"
- },
+ }{% if zun_policy_file is defined %},
{
- "source": "{{ container_config_directory }}/policy.json",
- "dest": "/etc/zun/policy.json",
+ "source": "{{ container_config_directory }}/{{ zun_policy_file }}",
+ "dest": "/etc/zun/{{ zun_policy_file }}",
"owner": "zun",
- "perm": "0600",
- "optional": true
- }
+ "perm": "0600"
+ }{% endif %}
],
"permissions": [
{
diff --git a/ansible/roles/zun/templates/zun.conf.j2 b/ansible/roles/zun/templates/zun.conf.j2
index a2508770b3..627b0e7e23 100644
--- a/ansible/roles/zun/templates/zun.conf.j2
+++ b/ansible/roles/zun/templates/zun.conf.j2
@@ -101,3 +101,8 @@ connection_string = elasticsearch://{{ elasticsearch_address }}:{{ elasticsearch
[oslo_concurrency]
lock_path = /var/lib/zun/tmp
+
+{% if zun_policy_file is defined %}
+[oslo_policy]
+policy_file = {{ zun_policy_file }}
+{% endif %}