511ba9f6a2
When kolla_copy_ca_into_containers is set to "yes", the Certificate Authority in /etc/kolla/certificates will be copied into service containers to enable trust for that CA. This is especially useful when the CA is self signed, and would not be trusted by default. Partially-Implements: blueprint custom-cacerts Change-Id: I4368f8994147580460ebe7533850cf63a419d0b4
432 lines
14 KiB
YAML
432 lines
14 KiB
YAML
---
|
|
- name: Ensuring config directories exist
|
|
file:
|
|
path: "{{ node_config_directory }}/{{ item.key }}"
|
|
state: "directory"
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
mode: "0770"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
with_dict: "{{ monasca_services }}"
|
|
|
|
- name: Copying over extra CA certificates
|
|
become: true
|
|
copy:
|
|
src: "{{ node_config }}/certificates/ca/"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/ca-certificates"
|
|
mode: "0644"
|
|
when:
|
|
- item.value.enabled | bool
|
|
- inventory_hostname in groups[item.value.group]
|
|
- kolla_copy_ca_into_containers | bool
|
|
with_dict: "{{ monasca_services }}"
|
|
|
|
- name: Copying over config.json files for services
|
|
template:
|
|
src: "{{ item.key }}/{{ item.key }}.json.j2"
|
|
dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[item.value.group]
|
|
- item.value.enabled | bool
|
|
with_dict: "{{ monasca_services }}"
|
|
notify:
|
|
- "Restart {{ item.key }} container"
|
|
|
|
- name: Copying over monasca-agent-collector config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-agent-collector'] }}"
|
|
merge_yaml:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-agent-collector/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-agent-collector/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- agent-collector.yml
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-agent-collector container
|
|
|
|
- name: Ensuring monasca-agent collector plugin config directory exists
|
|
vars:
|
|
service: "{{ monasca_services['monasca-agent-collector'] }}"
|
|
file:
|
|
path: "{{ node_config_directory }}/monasca-agent-collector/plugins"
|
|
state: "directory"
|
|
owner: "{{ config_owner_user }}"
|
|
group: "{{ config_owner_group }}"
|
|
mode: "0770"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
|
|
- name: Find monasca-agent-collector plugin configuration files
|
|
find:
|
|
paths:
|
|
- "{{ role_path }}/templates/monasca-agent-collector/plugins/"
|
|
- "{{ node_custom_config }}/monasca/agent_plugins/"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/agent_plugins/"
|
|
patterns: '*.yaml'
|
|
delegate_to: localhost
|
|
register: agent_plugins
|
|
|
|
- name: Copying over monasca-agent-collector plugins
|
|
vars:
|
|
service: "{{ monasca_services['monasca-agent-collector'] }}"
|
|
template:
|
|
src: "{{ item.path }}"
|
|
dest: "{{ node_config_directory }}/monasca-agent-collector/plugins/{{ item.path | basename }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
"{{ agent_plugins.files }}"
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-agent-collector container
|
|
|
|
- name: Copying over monasca-agent-forwarder config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-agent-forwarder'] }}"
|
|
merge_yaml:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-agent-forwarder/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-agent-forwarder/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- agent-forwarder.yml
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-agent-forwarder container
|
|
|
|
- name: Copying over monasca-agent-statsd config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-agent-statsd'] }}"
|
|
merge_yaml:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-agent-statsd/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-agent-statsd/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- agent-statsd.yml
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-agent-statsd container
|
|
|
|
- name: Copying over monasca-api config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-api'] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-api/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-api/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- api.conf
|
|
- api-config.ini
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-api container
|
|
|
|
- name: Copying over monasca-api wsgi config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-api'] }}"
|
|
template:
|
|
src: "{{ role_path }}/templates/monasca-api/wsgi-api.conf.j2"
|
|
dest: "{{ node_config_directory }}/monasca-api/wsgi-api.conf"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-api container
|
|
|
|
- name: Copying over monasca-log-api config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-api'] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-log-api/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-log-api/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- log-api.conf
|
|
- log-api-paste.ini
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-log-api container
|
|
|
|
- name: Copying over monasca-log-api wsgi config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-api'] }}"
|
|
template:
|
|
src: "{{ role_path }}/templates/monasca-log-api/wsgi-log-api.conf.j2"
|
|
dest: "{{ node_config_directory }}/monasca-log-api/wsgi-log-api.conf"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-log-api container
|
|
|
|
- name: Copying over monasca-log-transformer config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-transformer'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-log-transformer/log-transformer.conf"
|
|
mode: "0660"
|
|
become: true
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/log-transformer.conf"
|
|
- "{{ node_custom_config }}/monasca/log-transformer.conf"
|
|
- "{{ role_path }}/templates/monasca-log-transformer/log-transformer.conf.j2"
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-log-transformer container
|
|
|
|
- name: Ensuring logstash patterns folder exists
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-transformer'] }}"
|
|
file:
|
|
path: "{{ node_config_directory }}/monasca-log-transformer/logstash_patterns"
|
|
state: "directory"
|
|
mode: "0770"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
|
|
- name: Find custom logstash patterns
|
|
find:
|
|
path: "{{ node_custom_config }}/monasca/logstash_patterns"
|
|
pattern: "*"
|
|
delegate_to: localhost
|
|
run_once: True
|
|
register: monasca_custom_logstash_patterns
|
|
|
|
- name: Copying over custom logstash patterns
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-transformer'] }}"
|
|
template:
|
|
src: "{{ item.path }}"
|
|
dest: "{{ node_config_directory }}/monasca-log-transformer/logstash_patterns/{{ item.path | basename }}"
|
|
mode: "0660"
|
|
with_items: "{{ monasca_custom_logstash_patterns.files }}"
|
|
become: true
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-log-transformer container
|
|
|
|
- name: Copying over monasca-log-persister config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-persister'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-log-persister/log-persister.conf"
|
|
mode: "0660"
|
|
become: true
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/log-persister.conf"
|
|
- "{{ node_custom_config }}/monasca/log-persister.conf"
|
|
- "{{ role_path }}/templates/monasca-log-persister/log-persister.conf.j2"
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-log-persister container
|
|
|
|
- name: Copying over monasca-log-persister elasticsearch template
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-persister'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-log-persister/elasticsearch-template.json"
|
|
mode: "0660"
|
|
become: true
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/elasticsearch-template.json"
|
|
- "{{ node_custom_config }}/monasca/elasticsearch-template.json"
|
|
- "{{ role_path }}/templates/monasca-log-persister/elasticsearch-template.json"
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-log-persister container
|
|
|
|
- name: Copying over monasca-log-metrics config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-log-metrics'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-log-metrics/log-metrics.conf"
|
|
mode: "0660"
|
|
become: true
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/log-metrics.conf"
|
|
- "{{ node_custom_config }}/monasca/log-metrics.conf"
|
|
- "{{ role_path }}/templates/monasca-log-metrics/log-metrics.conf.j2"
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-log-metrics container
|
|
|
|
- name: Copying over monasca-thresh config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-thresh'] }}"
|
|
# NOTE(dszumski): We can't use merge_yaml since it replaces empty values
|
|
# with `null`. This breaks the thresholder config file parsing (which should
|
|
# probably be more robust).
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-thresh/thresh-config.yml"
|
|
mode: "0660"
|
|
become: true
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/thresh-config.yml"
|
|
- "{{ node_custom_config }}/monasca/thresh-config.yml"
|
|
- "{{ role_path }}/templates/monasca-thresh/thresh-config.yml.j2"
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-thresh container
|
|
|
|
- name: Copying over monasca-thresh storm config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-thresh'] }}"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-thresh/storm.yml"
|
|
mode: "0660"
|
|
become: true
|
|
with_first_found:
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/storm.yml"
|
|
- "{{ node_custom_config }}/monasca/storm.yml"
|
|
- "{{ role_path }}/templates/monasca-thresh/storm.yml.j2"
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-thresh container
|
|
|
|
- name: Copying over monasca-notification config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-notification'] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-notification/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-notification/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- notification.conf
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-notification container
|
|
|
|
- name: Check for monasca-notification templates
|
|
stat:
|
|
path: "{{ node_custom_config }}/monasca/notification_templates"
|
|
delegate_to: localhost
|
|
run_once: True
|
|
register: notification_templates
|
|
|
|
- name: Copying over monasca-notification templates
|
|
vars:
|
|
service: "{{ monasca_services['monasca-notification'] }}"
|
|
copy:
|
|
src: "{{ node_custom_config }}/monasca/notification_templates"
|
|
dest: "{{ node_config_directory }}/monasca-notification/"
|
|
mode: "0660"
|
|
become: true
|
|
when:
|
|
- notification_templates.stat.exists and notification_templates.stat.isdir
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-notification container
|
|
|
|
- name: Copying over monasca-persister config
|
|
vars:
|
|
service: "{{ monasca_services['monasca-persister'] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-persister/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-persister/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- persister.conf
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-persister container
|
|
|
|
- name: Copying over monasca-grafana config file
|
|
vars:
|
|
service: "{{ monasca_services['monasca-grafana'] }}"
|
|
merge_configs:
|
|
sources:
|
|
- "{{ role_path }}/templates/monasca-grafana/{{ item }}.j2"
|
|
- "{{ node_custom_config }}/monasca/{{ item }}"
|
|
- "{{ node_custom_config }}/monasca/{{ inventory_hostname }}/{{ item }}"
|
|
dest: "{{ node_config_directory }}/monasca-grafana/{{ item }}"
|
|
mode: "0660"
|
|
become: true
|
|
with_items:
|
|
- grafana.ini
|
|
when:
|
|
- inventory_hostname in groups[service['group']]
|
|
- service.enabled | bool
|
|
notify:
|
|
- Restart monasca-grafana container
|
|
|
|
- include_tasks: check-containers.yml
|
|
when: kolla_action != "config"
|