openstack
/
openstack-ansible-os_gnocchi
Code Issues Proposed changes

Perform an atomic policy file change 

The policy.json file is currently read continually by the
services and is not only read on service start. We therefore
cannot template directly to the file read by the service
(if the service is already running) because the new policies
may not be valid until the service restarts. This is
particularly important during a major upgrade. We therefore
only put the policy file in place after the service restart.

This patch also tidies up the handlers and some of the install
tasks to simplify them and reduce the tasks/code a little.

Change-Id: Ib62c9b0c8d1081409b06c35d27421a28da22c796
This commit is contained in:
Jesse Pretorius 2017-04-28 17:27:09 +01:00
parent 09b17c05d3
commit ff7854c5a5
8 changed files with 78 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
handlers/main.yml
View File

@ -13,26 +13,67 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Reload systemd daemon
command: "systemctl daemon-reload"
- name: Restart gnocchi services
debug:
msg: "Restarting services"
changed_when: true
notify:
- Restart Gnocchi services
- Stop services
- Copy new policy file into place
- Start services
- name: Restart Gnocchi services
- name: Stop services
service:
name: "{{ item.value.service_name }}"
state: "restarted"
enabled: yes
state: "stopped"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
with_dict: "{{ gnocchi_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.service_enabled | bool
- name: Restart Apache
service:
name: "{{ gnocchi_system_service_name }}"
state: "restarted"
when: gnocchi_use_mod_wsgi | bool
register: apache_restart
until: apache_restart | success
register: _stop
until: _stop | success
retries: 5
delay: 2
# Note (odyssey4me):
# The policy.json file is currently read continually by the services
# and is not only read on service start. We therefore cannot template
# directly to the file read by the service because the new policies
# may not be valid until the service restarts. This is particularly
# important during a major upgrade. We therefore only put the policy
# file in place after the service has been stopped.
#
- name: Copy new policy file into place
copy:
src: "/etc/gnocchi/policy.json-{{ gnocchi_venv_tag }}"
dest: "/etc/gnocchi/policy.json"
remote_src: yes
- name: Start services
service:
name: "{{ item.value.service_name }}"
enabled: yes
state: "started"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
with_dict: "{{ gnocchi_services }}"
when:
- inventory_hostname in groups[item.value.group]
- item.value.service_enabled | bool
register: _start
until: _start | success
retries: 5
delay: 2
- name: Restart web server
service:
name: "{{ gnocchi_system_service_name }}"
enabled: yes
state: "restarted"
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
when: gnocchi_use_mod_wsgi | bool
register: _restart
until: _restart | success
retries: 5
delay: 2

23
tasks/gnocchi_apache.yml
View File

@ -22,7 +22,7 @@
group: "root"
with_items: "{{ gnocchi_apache_config }}"
notify:
- Restart Apache
- Restart web server
- name: Disable default apache site
file:
@ -30,7 +30,7 @@
state: "absent"
with_items: "{{ gnocchi_apache_default_sites }}"
notify:
- Restart Apache
- Restart web server
- name: Enabled gnocchi vhost
file:
@ -41,14 +41,14 @@
- gnocchi_apache_site_available is defined
- gnocchi_apache_site_enabled is defined
notify:
- Restart Apache
- Restart web server
- name: Ensure Apache ServerName
lineinfile:
dest: "{{ gnocchi_apache_conf }}"
line: "ServerName {{ inventory_hostname }}"
notify:
- Restart Apache
- Restart web server
- name: Ensure Apache ServerTokens
lineinfile:
@ -56,7 +56,7 @@
regexp: '^ServerTokens'
line: "ServerTokens {{ gnocchi_apache_servertokens }}"
notify:
- Restart Apache
- Restart web server
- name: Ensure Apache ServerSignature
lineinfile:
@ -64,7 +64,7 @@
regexp: '^ServerSignature'
line: "ServerSignature {{ gnocchi_apache_serversignature }}"
notify:
- Restart Apache
- Restart web server
- name: remove Listen from Apache config
lineinfile:
@ -73,7 +73,7 @@
backrefs: yes
line: '#\1'
notify:
- Restart Apache
- Restart web server
- name: Enable/disable mod_ssl for apache2
apache2_module:
@ -82,11 +82,4 @@
when:
- ansible_pkg_mgr == 'apt'
notify:
- Restart Apache
- name: Load service
service:
name: "{{ gnocchi_system_service_name }}"
enabled: "yes"
state: "started"
- Restart web server

4
tasks/gnocchi_ceph_python_libs.yml
View File

@ -25,5 +25,5 @@
state: link
force: "yes"
notify:
- Restart Apache
- Restart Gnocchi services
- Restart gnocchi services
- Restart web server

27
tasks/gnocchi_init_common.yml
View File

@ -1,27 +0,0 @@
---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- include: gnocchi_init_systemd.yml
static: no
when: ansible_service_mgr == "systemd"
- name: Load service
service:
name: "{{ item.value.service_name }}"
enabled: "{{ item.value.service_enabled | bool }}"
with_dict: "{{ gnocchi_services }}"
when: inventory_hostname in groups[item.value.group]
notify:
- Restart Gnocchi services

4
tasks/gnocchi_init_systemd.yml
View File

@ -42,6 +42,8 @@
group: "root"
with_dict: "{{ gnocchi_services }}"
when: inventory_hostname in groups[item.value.group]
notify:
- Restart gnocchi services
- name: Place the systemd init script
config_template:
@ -55,4 +57,4 @@
with_dict: "{{ gnocchi_services }}"
when: inventory_hostname in groups[item.value.group]
notify:
- Reload systemd daemon
- Restart gnocchi services

8
tasks/gnocchi_install.yml
View File

@ -73,8 +73,8 @@
copy: "no"
when: gnocchi_get_venv | changed
notify:
- Restart Gnocchi services
- Restart Apache
- Restart gnocchi services
- Restart web server
- name: Install pip packages
pip:
@ -92,8 +92,8 @@
delay: 2
when: gnocchi_get_venv | failed or gnocchi_get_venv | skipped
notify:
- Restart Gnocchi services
- Restart Apache
- Restart gnocchi services
- Restart web server
- name: CentOS remove python from path first
file:

12
tasks/gnocchi_post_install.yml
View File

@ -23,8 +23,8 @@
config_overrides: "{{ gnocchi_conf_overrides }}"
config_type: "ini"
notify:
- Restart Apache
- Restart Gnocchi services
- Restart gnocchi services
- Restart web server
- name: Retrieve and config_template upstream files
config_template:
@ -41,15 +41,15 @@
cat {{ gnocchi_api_paste_default_file_path }} 2>/dev/null || \
curl -s {{ gnocchi_git_config_lookup_location }}gnocchi/rest/api-paste.ini?h={{ gnocchi_git_install_branch }}
- name: "policy.json"
dest: "/etc/gnocchi/policy.json"
dest: "/etc/gnocchi/policy.json-{{ gnocchi_venv_tag }}"
config_overrides: "{{ gnocchi_policy_overrides }}"
config_type: "json"
content: |
cat {{ gnocchi_policy_default_file_path }} 2>/dev/null || \
curl -s {{ gnocchi_git_config_lookup_location }}gnocchi/rest/policy.json?h={{ gnocchi_git_install_branch }}
notify:
- Restart Apache
- Restart Gnocchi services
- Restart gnocchi services
- Restart web server
- name: Drop Gnocchi WSGI Configs
template:
@ -60,4 +60,4 @@
mode: "0755"
when: gnocchi_use_mod_wsgi | bool
notify:
- Restart Apache
- Restart web server

3
tasks/main.yml
View File

@ -38,8 +38,7 @@
tags:
- gnocchi-config
- include: gnocchi_init_common.yml
static: no
- include: "gnocchi_init_{{ ansible_service_mgr }}.yml"
when: not gnocchi_identity_only | bool
tags:
- gnocchi-config