From 203eb8772ace6855322f1f5c7b474cb91bb490be Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 5 Aug 2019 19:35:00 +0300 Subject: [PATCH] smart_sources: Use config files from repo Do not carry and maintain rootwrap and api files, since they are present inside pip packages and deployed during installation. This also adds deployment of rootwrap filters for manila-share nodes. Change-Id: I41b680f5dcb5be92e3304c591d9a4705cf138a72 --- tasks/manila_post_install.yml | 33 +++++++++----------- templates/api-paste.ini.j2 | 59 ----------------------------------- templates/rootwrap.conf.j2 | 27 ---------------- vars/main.yml | 29 +++++++++++++++++ 4 files changed, 43 insertions(+), 105 deletions(-) delete mode 100644 templates/api-paste.ini.j2 delete mode 100644 templates/rootwrap.conf.j2 diff --git a/tasks/manila_post_install.yml b/tasks/manila_post_install.yml index 9ea582d..ac0d300 100644 --- a/tasks/manila_post_install.yml +++ b/tasks/manila_post_install.yml @@ -13,32 +13,27 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Fetch rootwrap files + fetch: + src: "{{ item.source }}" + dest: "{{ item.src }}" + flat: yes + changed_when: false + with_items: "{{ manila_rootwrap_files }}" + when: item.condition | default(True) + run_once: true + - name: Copy manila configs config_template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "root" group: "{{ item.group|default(manila_system_group_name) }}" - mode: "0640" - config_overrides: "{{ item.config_overrides }}" + mode: "{{ item.mode |default('0640') }}" + config_overrides: "{{ item.config_overrides | default({}) }}" config_type: "{{ item.config_type }}" - with_items: - - src: "manila.conf.j2" - dest: "/etc/manila/manila.conf" - config_overrides: "{{ manila_manila_conf_overrides }}" - config_type: "ini" - - src: "api-paste.ini.j2" - dest: "/etc/manila/api-paste.ini" - config_overrides: "{{ manila_api_paste_ini_overrides }}" - config_type: "ini" - - src: "rootwrap.conf.j2" - dest: "/etc/manila/rootwrap.conf" - config_overrides: "{{ manila_rootwrap_conf_overrides }}" - config_type: "ini" - - src: "policy.json.j2" - dest: "/etc/manila/policy.json-{{ manila_venv_tag }}" - config_overrides: "{{ manila_policy_overrides }}" - config_type: "json" + when: item.condition | default(True) + with_items: "{{ manila_core_files + manila_rootwrap_files }}" notify: - Manage LB - Restart manila services diff --git a/templates/api-paste.ini.j2 b/templates/api-paste.ini.j2 deleted file mode 100644 index 42395c1..0000000 --- a/templates/api-paste.ini.j2 +++ /dev/null @@ -1,59 +0,0 @@ -############# -# OpenStack # -############# - -[composite:osapi_share] -use = call:manila.api:root_app_factory -/: apiversions -/v1: openstack_share_api -/v2: openstack_share_api_v2 - -[composite:openstack_share_api] -use = call:manila.api.middleware.auth:pipeline_factory -noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth api -keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api -keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api - -[composite:openstack_share_api_v2] -use = call:manila.api.middleware.auth:pipeline_factory -noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth apiv2 -keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2 -keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2 - -[filter:faultwrap] -paste.filter_factory = manila.api.middleware.fault:FaultWrapper.factory - -[filter:noauth] -paste.filter_factory = manila.api.middleware.auth:NoAuthMiddleware.factory - -[filter:sizelimit] -paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory - -[filter:http_proxy_to_wsgi] -paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory - -[app:api] -paste.app_factory = manila.api.v1.router:APIRouter.factory - -[app:apiv2] -paste.app_factory = manila.api.v2.router:APIRouter.factory - -[pipeline:apiversions] -pipeline = cors faultwrap http_proxy_to_wsgi osshareversionapp - -[app:osshareversionapp] -paste.app_factory = manila.api.versions:VersionsRouter.factory - -########## -# Shared # -########## - -[filter:keystonecontext] -paste.filter_factory = manila.api.middleware.auth:ManilaKeystoneContext.factory - -[filter:authtoken] -paste.filter_factory = keystonemiddleware.auth_token:filter_factory - -[filter:cors] -paste.filter_factory = oslo_middleware.cors:filter_factory -oslo_config_project = manila diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2 deleted file mode 100644 index fa67b19..0000000 --- a/templates/rootwrap.conf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -# Configuration for manila-rootwrap -# This file should be owned by (and only-writeable by) the root user - -[DEFAULT] -# List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! -filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap,/usr/share/manila-common/rootwrap.d - -# List of directories to search executables in, in case filters do not -# explicitly specify a full path (separated by ',') -# If not specified, defaults to system PATH environment variable. -# These directories MUST all be only writeable by root ! -exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin - -# Enable logging to syslog -# Default value is False -use_syslog=False - -# Which syslog facility to use. -# Valid values include auth, authpriv, syslog, user0, user1... -# Default value is 'syslog' -syslog_log_facility=syslog - -# Which messages to log. -# INFO means log all usage -# ERROR means only log unsuccessful attempts -syslog_log_level=ERROR diff --git a/vars/main.yml b/vars/main.yml index f283ff6..2f36e26 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -29,3 +29,32 @@ filtered_manila_services: |- {% endif %} {% endfor %} {{ services | sort(attribute='start_order') }} + +manila_core_files: + - src: "manila.conf.j2" + dest: "/etc/manila/manila.conf" + config_overrides: "{{ manila_manila_conf_overrides }}" + config_type: "ini" + - src: "policy.json.j2" + dest: "/etc/manila/policy.json-{{ manila_venv_tag }}" + config_overrides: "{{ manila_policy_overrides }}" + config_type: "json" + +manila_rootwrap_files: + - condition: "{{ manila_install_method == 'source' }}" + config_overrides: "{{ manila_rootwrap_conf_overrides }}" + config_type: ini + dest: /etc/manila/rootwrap.conf + source: "{{ manila_bin | dirname }}/etc/manila/rootwrap.conf" + src: /tmp/rootwrap.conf + - condition: "{{ manila_install_method == 'source' and 'manila_share' in group_names }}" + config_type: ini + dest: /etc/manila/rootwrap.d/share.filters + source: "{{ manila_bin | dirname }}/etc/manila/rootwrap.d/share.filters" + src: /tmp/manila-share.filters + - condition: "{{ manila_install_method == 'source' and 'manila_api' in group_names }}" + config_type: "ini" + config_overrides: "{{ manila_api_paste_ini_overrides }}" + source: "{{ manila_bin | dirname }}/etc/manila/api-paste.ini" + src: "/tmp/api-paste.ini" + dest: "/etc/manila/api-paste.ini"