openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/swift/tasks/config.yml
Mark Goddard a4bb8567da Fix up config file permissions on the host 
Several config file permissions are incorrect on the host. In general,
files should be 0660, and directories and executables 0770.

Change-Id: Id276ac1864f280554e98b937f2845bb424d521de
Closes-Bug: #1821579
2019-04-02 17:23:31 +01:00

217 lines
6.4 KiB
YAML
Raw Blame History

---
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
owner: "{{ config_owner_user }}"
group: "{{ config_owner_group }}"
mode: "0770"
become: true
with_items:
- "swift"
- "swift-account-auditor"
- "swift-account-reaper"
- "swift-account-replication-server"
- "swift-account-replicator"
- "swift-account-server"
- "swift-container-auditor"
- "swift-container-replication-server"
- "swift-container-replicator"
- "swift-container-server"
- "swift-container-updater"
- "swift-object-auditor"
- "swift-object-expirer"
- "swift-object-replication-server"
- "swift-object-replicator"
- "swift-object-server"
- "swift-object-updater"
- "swift-proxy-server"
- "swift-rsyncd"
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
mode: "0660"
become: true
with_items:
- "swift-account-auditor"
- "swift-account-reaper"
- "swift-account-replication-server"
- "swift-account-replicator"
- "swift-account-server"
- "swift-container-auditor"
- "swift-container-replication-server"
- "swift-container-replicator"
- "swift-container-server"
- "swift-container-updater"
- "swift-object-auditor"
- "swift-object-expirer"
- "swift-object-replication-server"
- "swift-object-replicator"
- "swift-object-server"
- "swift-object-updater"
- "swift-proxy-server"
- "swift-rsyncd"
- name: Copying over swift.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/swift.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/swift.conf"
mode: "0660"
become: true
with_items:
- "account-auditor"
- "account-reaper"
- "account-replication-server"
- "account-replicator"
- "account-server"
- "container-auditor"
- "container-replication-server"
- "container-replicator"
- "container-server"
- "container-updater"
- "object-auditor"
- "object-expirer"
- "object-replication-server"
- "object-replicator"
- "object-server"
- "object-updater"
- "proxy-server"
- name: Copying over account-*.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/account.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/account.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
with_items:
- "account-auditor"
- "account-reaper"
- "account-replication-server"
- "account-replicator"
- "account-server"
- name: Copying over container-*.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/container.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/container.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
with_items:
- "container-auditor"
- "container-replication-server"
- "container-replicator"
- "container-server"
- "container-updater"
- name: Copying over object-*.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/object.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/object.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
with_items:
- "object-auditor"
- "object-expirer"
- "object-replication-server"
- "object-replicator"
- "object-server"
- "object-updater"
- name: Copying over proxy-server.conf
vars:
service_name: "swift-{{ item }}"
merge_configs:
sources:
- "{{ role_path }}/templates/proxy-server.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/swift/{{ item }}.conf"
- "{{ node_custom_config }}/swift/{{ inventory_hostname }}/{{ item }}.conf"
dest: "{{ node_config_directory }}/swift-{{ item }}/{{ item }}.conf"
mode: "0660"
become: true
with_items:
- "proxy-server"
- name: Copying over rsyncd.conf
template:
src: "rsyncd.conf.j2"
dest: "{{ node_config_directory }}/swift-rsyncd/rsyncd.conf"
mode: "0660"
become: true
- name: Copying over Swift ring files
copy:
src: "{{ node_custom_config }}/swift/{{ item }}"
dest: "{{ node_config_directory }}/swift/{{ item }}"
backup: yes
mode: "0660"
become: true
with_items:
- "account.builder"
- "account.ring.gz"
- "container.builder"
- "container.ring.gz"
- "object.builder"
- "object.ring.gz"
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/swift/policy.json"
run_once: True
register: swift_policy
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/swift/policy.json"
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
mode: "0660"
with_items:
- "swift-account-auditor"
- "swift-account-reaper"
- "swift-account-replication-server"
- "swift-account-replicator"
- "swift-account-server"
- "swift-container-auditor"
- "swift-container-replication-server"
- "swift-container-replicator"
- "swift-container-server"
- "swift-container-updater"
- "swift-object-auditor"
- "swift-object-expirer"
- "swift-object-replication-server"
- "swift-object-replicator"
- "swift-object-server"
- "swift-object-updater"
- "swift-proxy-server"
when:
swift_policy.stat.exists
View Git Blame Copy Permalink