From ed4d7ed536227f2cd77171ab3252c6292ee8a4b7 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotjagov Date: Fri, 1 Feb 2019 17:17:28 +0200 Subject: [PATCH] Cleanup files and templates using smart sources The files and templates we carry are almost always in a state of maintenance. The upstream services are maintaining these files and there's really no reason we need to carry duplicate copies of them. This change removes all of the files we expect to get from the upstream service. while the focus of this change is to remove configuration file maintenance burdens it also allows the role to execute faster. * Source installs have the configuration files within the venv at "<>/etc/<>". The role will now link the default configuration path to this directory. When the service is upgraded the link will move to the new venv path. * Distro installs package all of the required configuration files. To maintain our current capabilities to override configuration the role will fetch files from the disk whenever an override is provided and then push the fetched file back to the target using `config_template`. Change-Id: Ia467e20c32732152a03579216a0ced0dbb4038c4 --- defaults/main.yml | 11 -- files/rootwrap.d/ipmi.filters | 7 -- .../notes/smart-sources-59cd0811dcf1ae49.yaml | 16 +++ tasks/ceilometer_post_install.yml | 108 ++++++++---------- tasks/ceilometer_pre_install.yml | 58 ++++++++-- templates/rootwrap.conf.j2 | 27 ----- vars/main.yml | 66 ++++++++--- 7 files changed, 168 insertions(+), 125 deletions(-) delete mode 100644 files/rootwrap.d/ipmi.filters create mode 100644 releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml delete mode 100644 templates/rootwrap.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 9f523d69..b2ea4023 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -295,17 +295,6 @@ ceilometer_loadbalancer_v2_meter_definitions_default_file_path: "/etc/openstack_ ceilometer_osprofiler_event_definitions_default_file_path: "/etc/openstack_deploy/ceilometer/osprofiler_event_definitions.yaml" ceilometer_polling_default_file_path: "/etc/openstack_deploy/ceilometer/polling.yaml" -# If the above-mentioned files do not exist, then these -# paths will be used to find the files from the git config -# lookup location. -ceilometer_git_config_lookup_location: https://git.openstack.org/cgit/openstack/ceilometer/plain -ceilometer_data_meters_git_file_path: "ceilometer/data/meters.d/meters.yaml?h={{ ceilometer_git_install_branch }}" -ceilometer_event_definitions_git_file_path: "ceilometer/pipeline/data/event_definitions.yaml?h={{ ceilometer_git_install_branch }}" -ceilometer_gnocchi_resources_git_file_path: "ceilometer/publisher/data/gnocchi_resources.yaml?h={{ ceilometer_git_install_branch }}" -ceilometer_loadbalancer_v2_meter_definitions_git_file_path: "etc/ceilometer/examples/loadbalancer_v2_meter_definitions.yaml?h={{ ceilometer_git_install_branch }}" -ceilometer_osprofiler_event_definitions_git_file_path: "etc/ceilometer/examples/osprofiler_event_definitions.yaml?h={{ ceilometer_git_install_branch }}" -ceilometer_polling_git_file_path: "etc/ceilometer/polling.yaml?h={{ ceilometer_git_install_branch }}" - ## Tunable var-based overrides # The contents of these are templated over the default files. ceilometer_ceilometer_conf_overrides: {} diff --git a/files/rootwrap.d/ipmi.filters b/files/rootwrap.d/ipmi.filters deleted file mode 100644 index 2ef74b04..00000000 --- a/files/rootwrap.d/ipmi.filters +++ /dev/null @@ -1,7 +0,0 @@ -# ceilometer-rootwrap command filters for IPMI capable nodes -# This file should be owned by (and only-writeable by) the root user - -[Filters] -# ceilometer/ipmi/nodemanager/node_manager.py: 'ipmitool' -ipmitool: CommandFilter, ipmitool, root - diff --git a/releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml b/releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml new file mode 100644 index 00000000..67c6d59c --- /dev/null +++ b/releasenotes/notes/smart-sources-59cd0811dcf1ae49.yaml @@ -0,0 +1,16 @@ +--- +upgrade: + - | + Due to the smart-reources implementation, variables, related to custom git path + of exact config files were removed. Now all config files are taken from + upstream git repo, but overrides and client configs are still supported. + The following variables are not supported now: + * ceilometer_git_config_lookup_location + * ceilometer_data_meters_git_file_path + * ceilometer_event_definitions_git_file_path + * ceilometer_gnocchi_resources_git_file_path + * ceilometer_loadbalancer_v2_meter_definitions_git_file_path + * ceilometer_osprofiler_event_definitions_git_file_path + * ceilometer_polling_git_file_path + If you are maintaining custom ceilometer git repository, you still may use + ``ceilometer_git_repo`` variable, to provide url to your git repository. diff --git a/tasks/ceilometer_post_install.yml b/tasks/ceilometer_post_install.yml index ae8a38d6..a8ac6a65 100644 --- a/tasks/ceilometer_post_install.yml +++ b/tasks/ceilometer_post_install.yml @@ -13,19 +13,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Retrieve default configuration files - uri: - url: "{{ item }}" - return_content: yes - with_items: - - "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_data_meters_git_file_path }}" - - "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_event_definitions_git_file_path }}" - - "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_gnocchi_resources_git_file_path }}" - - "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_loadbalancer_v2_meter_definitions_git_file_path }}" - - "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_osprofiler_event_definitions_git_file_path }}" - - "{{ ceilometer_git_config_lookup_location }}/{{ ceilometer_polling_git_file_path }}" - register: _git_file_fetch - - name: Copy ceilometer configuration files config_template: content: "{{ item.content | default(omit) }}" @@ -47,53 +34,58 @@ config_overrides: "{{ ceilometer_pipeline_yaml_overrides }}" config_type: "yaml" list_extend: false - - src: "rootwrap.conf.j2" - dest: "/etc/ceilometer/rootwrap.conf" - owner: "root" - group: "root" - config_overrides: "{{ ceilometer_rootwrap_conf_overrides }}" - config_type: "ini" - - dest: "/etc/ceilometer/loadbalancer_v2_meter_definitions.yaml" - config_overrides: "{{ ceilometer_loadbalancer_v2_meter_definitions_yaml_overrides }}" - config_type: "yaml" - list_extend: false - content: "{{ ceilometer_loadbalancer_v2_meter_definitions_user_content | default(ceilometer_loadbalancer_v2_meter_definitions_default_content, true) }}" - - dest: "/etc/ceilometer/osprofiler_event_definitions.yaml" - config_overrides: "{{ ceilometer_osprofiler_event_definitions_yaml_overrides }}" - config_type: "yaml" - list_extend: false - content: "{{ ceilometer_osprofiler_event_definitions_user_content | default(ceilometer_osprofiler_event_definitions_default_content, true) }}" - - dest: "/etc/ceilometer/polling.yaml" - config_overrides: "{{ ceilometer_polling_yaml_overrides }}" - config_type: "yaml" - list_extend: false - content: "{{ ceilometer_polling_user_content | default(ceilometer_polling_default_content, true) }}" - - dest: "{{ ceilometer_lib_dir }}/ceilometer/data/meters.d/meters.yaml" - config_overrides: "{{ ceilometer_data_meters_yaml_overrides }}" - config_type: "yaml" - list_extend: false - content: "{{ ceilometer_data_meters_user_content | default(ceilometer_data_meters_default_content, true) }}" - - dest: "{{ ceilometer_lib_dir }}/ceilometer/pipeline/data/event_definitions.yaml" - config_overrides: "{{ ceilometer_event_definitions_yaml_overrides }}" - config_type: "yaml" - list_extend: false - content: "{{ ceilometer_event_definitions_user_content | default(ceilometer_event_definitions_default_content, true) }}" - - dest: "{{ ceilometer_lib_dir }}/ceilometer/publisher/data/gnocchi_resources.yaml" - config_overrides: "{{ ceilometer_gnocchi_resources_yaml_overrides }}" - config_type: "yaml" - list_extend: false - content: "{{ ceilometer_gnocchi_resources_user_content | default(ceilometer_gnocchi_resources_default_content, true) }}" notify: - Restart ceilometer services -- name: Copy rootwrap filters - copy: - src: "{{ item }}" - dest: "/etc/ceilometer/rootwrap.d/" +# NOTE(cloudnull): This is using "cp" instead of copy with a remote_source +# because we only want to copy the original files once. and we +# don't want to need multiple tasks. +- name: Preserve original configuration file(s) + command: "cp {{ item.source_f }} {{ item.source_f }}.original" + args: + creates: "{{ item.source_f }}.original" + with_items: "{{ ceilometer_core_files }}" + when: "{{ item.condition | default(True) }}" + +- name: Fetch override files + fetch: + src: "{{ item.source_f }}.original" + dest: "{{ item.tmp_f }}" + flat: yes + changed_when: false + with_items: "{{ ceilometer_core_files }}" + when: "{{ item.condition | default(True) }}" + run_once: true + +- name: Copy common config + config_template: + src: "{{ item.tmp_f }}" + dest: "{{ item.target_f | default(item.source_f) }}" + owner: "{{ item.owner | default(ceilometer_system_user_name) }}" + group: "{{ item.group | default(ceilometer_system_group_name) }}" + mode: "{{ item.mode | default('0640') }}" + config_overrides: "{{ item.config_overrides }}" + config_type: "{{ item.config_type }}" + content: "{{ item.content | default(omit) }}" + with_items: "{{ ceilometer_core_files }}" + when: "{{ item.condition | default(True) }}" + notify: + - Restart ceilometer services + +- name: Cleanup fetched temp files + file: + path: "{{ item.tmp_f }}" + state: absent + changed_when: false + delegate_to: localhost + with_items: "{{ ceilometer_core_files }}" + when: "{{ item.condition | default(True) }}" + +# NOTE(cloudnull): This will ensure strong permissions on all rootwrap files. +- name: Set rootwrap.d permissions + file: + path: "/etc/ceilometer/rootwrap.d" owner: "root" group: "root" - with_fileglob: - - rootwrap.d/* - notify: - - Restart ceilometer services - + mode: "0640" + recurse: true diff --git a/tasks/ceilometer_pre_install.yml b/tasks/ceilometer_pre_install.yml index d3569dda..a967dec7 100644 --- a/tasks/ceilometer_pre_install.yml +++ b/tasks/ceilometer_pre_install.yml @@ -40,17 +40,57 @@ home: "{{ swift_system_home_folder }}" when: swift_ceilometer_enabled | bool + +# NOTE(cloudnull): During an upgrade the local directory may exist on a source +# install. If the directory does exist it will need to be +# removed. This is required on source installs because the +# config directory is a link. +- name: Source config block + block: + - name: Stat config directory + stat: + path: "/etc/ceilometer" + register: ceilometer_conf_dir_stat + + - name: Remove the config directory + file: + path: "/etc/cinder" + state: absent + when: + - ceilometer_conf_dir_stat.stat.isdir is defined and + ceilometer_conf_dir_stat.stat.isdir + when: + - ceilometer_install_method == 'source' + - name: Create ceilometer dir file: - path: "{{ item.path }}" - state: directory + path: "{{ item.path | default(omit) }}" + src: "{{ item.src | default(omit) }}" + dest: "{{ item.dest | default(omit) }}" + state: "{{ item.state | default('directory') }}" owner: "{{ item.owner|default(ceilometer_system_user_name) }}" group: "{{ item.group|default(ceilometer_system_group_name) }}" - mode: "{{ item.mode|default('0755') }}" + mode: "{{ item.mode | default(omit) }}" + force: "{{ item.force | default(omit) }}" + when: + - (item.condition | default(true)) | bool with_items: - - { path: "/openstack", owner: "root", group: "root" } - - { path: "/etc/ceilometer" } - - { path: "/etc/ceilometer/rootwrap.d", owner: "root", group: "root" } - - { path: "{{ ceilometer_system_user_home }}" } - - { path: "{{ ceilometer_system_user_home }}/.ssh", mode: "0700" } - - { path: "/var/cache/ceilometer", mode: "0700" } + - path: "/openstack" + owner: "root" + group: "root" + mode: "0755" + - path: "/var/cache/ceilometer" + mode: "0700" + - path: "{{ (ceilometer_install_method == 'distro') | ternary('/etc/ceilometer', (ceilometer_bin | dirname) + '/etc/ceilometer') }}" + mode: "0755" + - path: "/etc/ceilometer" + src: "{{ ceilometer_bin | dirname | regex_replace('^/', '../') }}/etc/ceilometer" + state: link + force: true + condition: "{{ ceilometer_install_method == 'source' }}" + - path: "/etc/ceilometer/rootwrap.d" + owner: "root" + group: "root" + - path: "{{ ceilometer_system_user_home }}" + - path: "{{ ceilometer_system_user_home }}/.ssh" + mode: "0700" diff --git a/templates/rootwrap.conf.j2 b/templates/rootwrap.conf.j2 deleted file mode 100644 index 3724f388..00000000 --- a/templates/rootwrap.conf.j2 +++ /dev/null @@ -1,27 +0,0 @@ -# Configuration for ceilometer-rootwrap -# This file should be owned by (and only-writeable by) the root user - -[DEFAULT] -# List of directories to load filter definitions from (separated by ','). -# These directories MUST all be only writeable by root ! -filters_path=/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap - -# List of directories to search executables in, in case filters do not -# explicitely specify a full path (separated by ',') -# If not specified, defaults to system PATH environment variable. -# These directories MUST all be only writeable by root ! -exec_dirs={{ ceilometer_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin - -# Enable logging to syslog -# Default value is False -use_syslog=False - -# Which syslog facility to use. -# Valid values include auth, authpriv, syslog, user0, user1... -# Default value is 'syslog' -syslog_log_facility=syslog - -# Which messages to log. -# INFO means log all usage -# ERROR means only log unsuccessful attempts -syslog_log_level=ERROR diff --git a/vars/main.yml b/vars/main.yml index 8c879278..f9248cac 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -21,16 +21,56 @@ ceilometer_loadbalancer_v2_meter_definitions_user_content: "{{ lookup('pipe', 'c ceilometer_osprofiler_event_definitions_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_osprofiler_event_definitions_default_file_path ~ ' 2>/dev/null || true') }}" ceilometer_polling_user_content: "{{ lookup('pipe', 'cat ' ~ ceilometer_polling_default_file_path ~ ' 2>/dev/null || true') }}" -# These vars find the appropriate result content from the with_items loop -ceilometer_data_meters_default_content: | - {{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_data_meters_git_file_path) | map(attribute='content') | first }} -ceilometer_event_definitions_default_content: | - {{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_event_definitions_git_file_path) | map(attribute='content') | first }} -ceilometer_gnocchi_resources_default_content: | - {{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_gnocchi_resources_git_file_path) | map(attribute='content') | first }} -ceilometer_loadbalancer_v2_meter_definitions_default_content: | - {{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_loadbalancer_v2_meter_definitions_git_file_path) | map(attribute='content') | first }} -ceilometer_osprofiler_event_definitions_default_content: | - {{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_osprofiler_event_definitions_git_file_path) | map(attribute='content') | first }} -ceilometer_polling_default_content: | - {{ _git_file_fetch.results | selectattr('item', 'equalto', ceilometer_git_config_lookup_location ~ '/' ~ ceilometer_polling_git_file_path) | map(attribute='content') | first }} +_ceilometer_rootwrap_conf_overrides: + DEFAULT: + filters_path: "/etc/ceilometer/rootwrap.d,/usr/share/ceilometer/rootwrap" + exec_dirs: "{{ ceilometer_bin }},/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin" + +ceilometer_core_files: + - tmp_f: "/tmp/rootwrap.conf" + source_f: "/etc/ceilometer/rootwrap.conf" + config_overrides: "{{ _ceilometer_rootwrap_conf_overrides | combine(ceilometer_rootwrap_conf_overrides, recursive=True) }}" + config_type: "ini" + owner: "root" + group: "{{ ceilometer_system_group_name }}" + mode: "0640" + - tmp_f: "/tmp/polling.yaml" + source_f: "/etc/ceilometer/polling.yaml" + config_overrides: "{{ ceilometer_polling_yaml_overrides }}" + config_type: "yaml" + list_extend: false + content: "{{ ceilometer_polling_user_content }}" + - tmp_f: "/tmp/loadbalancer_v2_meter_definitions.yaml" + source_f: "/etc/ceilometer/examples/loadbalancer_v2_meter_definitions.yaml" + target_f: "/etc/ceilometer/loadbalancer_v2_meter_definitions.yaml" + config_overrides: "{{ ceilometer_loadbalancer_v2_meter_definitions_yaml_overrides }}" + config_type: "yaml" + list_extend: false + content: "{{ ceilometer_loadbalancer_v2_meter_definitions_user_content }}" + condition: "{{ ceilometer_install_method == 'source' }}" + - tmp_f: "/tmp/osprofiler_event_definitions.yaml" + source_f: "/etc/ceilometer/examples/osprofiler_event_definitions.yaml" + target_f: "/etc/ceilometer/osprofiler_event_definitions.yaml" + config_overrides: "{{ ceilometer_osprofiler_event_definitions_yaml_overrides }}" + config_type: "yaml" + list_extend: false + content: "{{ ceilometer_osprofiler_event_definitions_user_content }}" + condition: "{{ ceilometer_install_method == 'source' }}" + - tmp_f: "/tmp/meters.yaml" + source_f: "{{ ceilometer_lib_dir }}/ceilometer/data/meters.d/meters.yaml" + config_overrides: "{{ ceilometer_data_meters_yaml_overrides }}" + config_type: "yaml" + list_extend: false + content: "{{ ceilometer_data_meters_user_content }}" + - tmp_f: "/tmp/event_definitions.yaml" + source_f: "{{ ceilometer_lib_dir }}/ceilometer/pipeline/data/event_definitions.yaml" + config_overrides: "{{ ceilometer_event_definitions_yaml_overrides }}" + config_type: "yaml" + list_extend: false + content: "{{ ceilometer_event_definitions_user_content }}" + - tmp_f: "/tmp/gnocchi_resources.yaml" + source_f: "{{ ceilometer_lib_dir }}/ceilometer/publisher/data/gnocchi_resources.yaml" + config_overrides: "{{ ceilometer_gnocchi_resources_yaml_overrides }}" + config_type: "yaml" + list_extend: false + content: "{{ ceilometer_gnocchi_resources_user_content }}"