Perform an atomic policy file change
The policy.json file is currently read continually by the services and is not only read on service start. We therefore cannot template directly to the file read by the service (if the service is already running) because the new policies may not be valid until the service restarts. This is particularly important during a major upgrade. We therefore only put the policy file in place after the service restart. This patch also tidies up the handlers and some of the install tasks to simplify them and reduce the tasks/code a little. Change-Id: Ib62c9b0c8d1081409b06c35d27421a28da22c796
This commit is contained in:
parent
09b17c05d3
commit
ff7854c5a5
|
@ -13,26 +13,67 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- name: Reload systemd daemon
|
||||
command: "systemctl daemon-reload"
|
||||
- name: Restart gnocchi services
|
||||
debug:
|
||||
msg: "Restarting services"
|
||||
changed_when: true
|
||||
notify:
|
||||
- Restart Gnocchi services
|
||||
- Stop services
|
||||
- Copy new policy file into place
|
||||
- Start services
|
||||
|
||||
- name: Restart Gnocchi services
|
||||
- name: Stop services
|
||||
service:
|
||||
name: "{{ item.value.service_name }}"
|
||||
state: "restarted"
|
||||
enabled: yes
|
||||
state: "stopped"
|
||||
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
||||
with_dict: "{{ gnocchi_services }}"
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.service_enabled | bool
|
||||
|
||||
- name: Restart Apache
|
||||
service:
|
||||
name: "{{ gnocchi_system_service_name }}"
|
||||
state: "restarted"
|
||||
when: gnocchi_use_mod_wsgi | bool
|
||||
register: apache_restart
|
||||
until: apache_restart | success
|
||||
register: _stop
|
||||
until: _stop | success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
# Note (odyssey4me):
|
||||
# The policy.json file is currently read continually by the services
|
||||
# and is not only read on service start. We therefore cannot template
|
||||
# directly to the file read by the service because the new policies
|
||||
# may not be valid until the service restarts. This is particularly
|
||||
# important during a major upgrade. We therefore only put the policy
|
||||
# file in place after the service has been stopped.
|
||||
#
|
||||
- name: Copy new policy file into place
|
||||
copy:
|
||||
src: "/etc/gnocchi/policy.json-{{ gnocchi_venv_tag }}"
|
||||
dest: "/etc/gnocchi/policy.json"
|
||||
remote_src: yes
|
||||
|
||||
- name: Start services
|
||||
service:
|
||||
name: "{{ item.value.service_name }}"
|
||||
enabled: yes
|
||||
state: "started"
|
||||
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
||||
with_dict: "{{ gnocchi_services }}"
|
||||
when:
|
||||
- inventory_hostname in groups[item.value.group]
|
||||
- item.value.service_enabled | bool
|
||||
register: _start
|
||||
until: _start | success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Restart web server
|
||||
service:
|
||||
name: "{{ gnocchi_system_service_name }}"
|
||||
enabled: yes
|
||||
state: "restarted"
|
||||
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
||||
when: gnocchi_use_mod_wsgi | bool
|
||||
register: _restart
|
||||
until: _restart | success
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
group: "root"
|
||||
with_items: "{{ gnocchi_apache_config }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
||||
- name: Disable default apache site
|
||||
file:
|
||||
|
@ -30,7 +30,7 @@
|
|||
state: "absent"
|
||||
with_items: "{{ gnocchi_apache_default_sites }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
||||
- name: Enabled gnocchi vhost
|
||||
file:
|
||||
|
@ -41,14 +41,14 @@
|
|||
- gnocchi_apache_site_available is defined
|
||||
- gnocchi_apache_site_enabled is defined
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
||||
- name: Ensure Apache ServerName
|
||||
lineinfile:
|
||||
dest: "{{ gnocchi_apache_conf }}"
|
||||
line: "ServerName {{ inventory_hostname }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
||||
- name: Ensure Apache ServerTokens
|
||||
lineinfile:
|
||||
|
@ -56,7 +56,7 @@
|
|||
regexp: '^ServerTokens'
|
||||
line: "ServerTokens {{ gnocchi_apache_servertokens }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
||||
- name: Ensure Apache ServerSignature
|
||||
lineinfile:
|
||||
|
@ -64,7 +64,7 @@
|
|||
regexp: '^ServerSignature'
|
||||
line: "ServerSignature {{ gnocchi_apache_serversignature }}"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
||||
- name: remove Listen from Apache config
|
||||
lineinfile:
|
||||
|
@ -73,7 +73,7 @@
|
|||
backrefs: yes
|
||||
line: '#\1'
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
||||
- name: Enable/disable mod_ssl for apache2
|
||||
apache2_module:
|
||||
|
@ -82,11 +82,4 @@
|
|||
when:
|
||||
- ansible_pkg_mgr == 'apt'
|
||||
notify:
|
||||
- Restart Apache
|
||||
|
||||
- name: Load service
|
||||
service:
|
||||
name: "{{ gnocchi_system_service_name }}"
|
||||
enabled: "yes"
|
||||
state: "started"
|
||||
|
||||
- Restart web server
|
||||
|
|
|
@ -25,5 +25,5 @@
|
|||
state: link
|
||||
force: "yes"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart Gnocchi services
|
||||
- Restart gnocchi services
|
||||
- Restart web server
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
- include: gnocchi_init_systemd.yml
|
||||
static: no
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: Load service
|
||||
service:
|
||||
name: "{{ item.value.service_name }}"
|
||||
enabled: "{{ item.value.service_enabled | bool }}"
|
||||
with_dict: "{{ gnocchi_services }}"
|
||||
when: inventory_hostname in groups[item.value.group]
|
||||
notify:
|
||||
- Restart Gnocchi services
|
|
@ -42,6 +42,8 @@
|
|||
group: "root"
|
||||
with_dict: "{{ gnocchi_services }}"
|
||||
when: inventory_hostname in groups[item.value.group]
|
||||
notify:
|
||||
- Restart gnocchi services
|
||||
|
||||
- name: Place the systemd init script
|
||||
config_template:
|
||||
|
@ -55,4 +57,4 @@
|
|||
with_dict: "{{ gnocchi_services }}"
|
||||
when: inventory_hostname in groups[item.value.group]
|
||||
notify:
|
||||
- Reload systemd daemon
|
||||
- Restart gnocchi services
|
||||
|
|
|
@ -73,8 +73,8 @@
|
|||
copy: "no"
|
||||
when: gnocchi_get_venv | changed
|
||||
notify:
|
||||
- Restart Gnocchi services
|
||||
- Restart Apache
|
||||
- Restart gnocchi services
|
||||
- Restart web server
|
||||
|
||||
- name: Install pip packages
|
||||
pip:
|
||||
|
@ -92,8 +92,8 @@
|
|||
delay: 2
|
||||
when: gnocchi_get_venv | failed or gnocchi_get_venv | skipped
|
||||
notify:
|
||||
- Restart Gnocchi services
|
||||
- Restart Apache
|
||||
- Restart gnocchi services
|
||||
- Restart web server
|
||||
|
||||
- name: CentOS remove python from path first
|
||||
file:
|
||||
|
|
|
@ -23,8 +23,8 @@
|
|||
config_overrides: "{{ gnocchi_conf_overrides }}"
|
||||
config_type: "ini"
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart Gnocchi services
|
||||
- Restart gnocchi services
|
||||
- Restart web server
|
||||
|
||||
- name: Retrieve and config_template upstream files
|
||||
config_template:
|
||||
|
@ -41,15 +41,15 @@
|
|||
cat {{ gnocchi_api_paste_default_file_path }} 2>/dev/null || \
|
||||
curl -s {{ gnocchi_git_config_lookup_location }}gnocchi/rest/api-paste.ini?h={{ gnocchi_git_install_branch }}
|
||||
- name: "policy.json"
|
||||
dest: "/etc/gnocchi/policy.json"
|
||||
dest: "/etc/gnocchi/policy.json-{{ gnocchi_venv_tag }}"
|
||||
config_overrides: "{{ gnocchi_policy_overrides }}"
|
||||
config_type: "json"
|
||||
content: |
|
||||
cat {{ gnocchi_policy_default_file_path }} 2>/dev/null || \
|
||||
curl -s {{ gnocchi_git_config_lookup_location }}gnocchi/rest/policy.json?h={{ gnocchi_git_install_branch }}
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart Gnocchi services
|
||||
- Restart gnocchi services
|
||||
- Restart web server
|
||||
|
||||
- name: Drop Gnocchi WSGI Configs
|
||||
template:
|
||||
|
@ -60,4 +60,4 @@
|
|||
mode: "0755"
|
||||
when: gnocchi_use_mod_wsgi | bool
|
||||
notify:
|
||||
- Restart Apache
|
||||
- Restart web server
|
||||
|
|
|
@ -38,8 +38,7 @@
|
|||
tags:
|
||||
- gnocchi-config
|
||||
|
||||
- include: gnocchi_init_common.yml
|
||||
static: no
|
||||
- include: "gnocchi_init_{{ ansible_service_mgr }}.yml"
|
||||
when: not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-config
|
||||
|
|
Loading…
Reference in New Issue