From ff7854c5a52b096c2590e57aa420e8a846131de7 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Fri, 28 Apr 2017 17:27:09 +0100 Subject: [PATCH] Perform an atomic policy file change The policy.json file is currently read continually by the services and is not only read on service start. We therefore cannot template directly to the file read by the service (if the service is already running) because the new policies may not be valid until the service restarts. This is particularly important during a major upgrade. We therefore only put the policy file in place after the service restart. This patch also tidies up the handlers and some of the install tasks to simplify them and reduce the tasks/code a little. Change-Id: Ib62c9b0c8d1081409b06c35d27421a28da22c796 --- handlers/main.yml | 67 ++++++++++++++++++++++++------ tasks/gnocchi_apache.yml | 23 ++++------ tasks/gnocchi_ceph_python_libs.yml | 4 +- tasks/gnocchi_init_common.yml | 27 ------------ tasks/gnocchi_init_systemd.yml | 4 +- tasks/gnocchi_install.yml | 8 ++-- tasks/gnocchi_post_install.yml | 12 +++--- tasks/main.yml | 3 +- 8 files changed, 78 insertions(+), 70 deletions(-) delete mode 100644 tasks/gnocchi_init_common.yml diff --git a/handlers/main.yml b/handlers/main.yml index 7c4f0c7..cee6f6d 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,26 +13,67 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Reload systemd daemon - command: "systemctl daemon-reload" +- name: Restart gnocchi services + debug: + msg: "Restarting services" + changed_when: true notify: - - Restart Gnocchi services + - Stop services + - Copy new policy file into place + - Start services -- name: Restart Gnocchi services +- name: Stop services service: name: "{{ item.value.service_name }}" - state: "restarted" + enabled: yes + state: "stopped" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" with_dict: "{{ gnocchi_services }}" when: - inventory_hostname in groups[item.value.group] - item.value.service_enabled | bool - -- name: Restart Apache - service: - name: "{{ gnocchi_system_service_name }}" - state: "restarted" - when: gnocchi_use_mod_wsgi | bool - register: apache_restart - until: apache_restart | success + register: _stop + until: _stop | success + retries: 5 + delay: 2 + +# Note (odyssey4me): +# The policy.json file is currently read continually by the services +# and is not only read on service start. We therefore cannot template +# directly to the file read by the service because the new policies +# may not be valid until the service restarts. This is particularly +# important during a major upgrade. We therefore only put the policy +# file in place after the service has been stopped. +# +- name: Copy new policy file into place + copy: + src: "/etc/gnocchi/policy.json-{{ gnocchi_venv_tag }}" + dest: "/etc/gnocchi/policy.json" + remote_src: yes + +- name: Start services + service: + name: "{{ item.value.service_name }}" + enabled: yes + state: "started" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + with_dict: "{{ gnocchi_services }}" + when: + - inventory_hostname in groups[item.value.group] + - item.value.service_enabled | bool + register: _start + until: _start | success + retries: 5 + delay: 2 + +- name: Restart web server + service: + name: "{{ gnocchi_system_service_name }}" + enabled: yes + state: "restarted" + daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" + when: gnocchi_use_mod_wsgi | bool + register: _restart + until: _restart | success retries: 5 delay: 2 diff --git a/tasks/gnocchi_apache.yml b/tasks/gnocchi_apache.yml index 7eb7365..24e5079 100644 --- a/tasks/gnocchi_apache.yml +++ b/tasks/gnocchi_apache.yml @@ -22,7 +22,7 @@ group: "root" with_items: "{{ gnocchi_apache_config }}" notify: - - Restart Apache + - Restart web server - name: Disable default apache site file: @@ -30,7 +30,7 @@ state: "absent" with_items: "{{ gnocchi_apache_default_sites }}" notify: - - Restart Apache + - Restart web server - name: Enabled gnocchi vhost file: @@ -41,14 +41,14 @@ - gnocchi_apache_site_available is defined - gnocchi_apache_site_enabled is defined notify: - - Restart Apache + - Restart web server - name: Ensure Apache ServerName lineinfile: dest: "{{ gnocchi_apache_conf }}" line: "ServerName {{ inventory_hostname }}" notify: - - Restart Apache + - Restart web server - name: Ensure Apache ServerTokens lineinfile: @@ -56,7 +56,7 @@ regexp: '^ServerTokens' line: "ServerTokens {{ gnocchi_apache_servertokens }}" notify: - - Restart Apache + - Restart web server - name: Ensure Apache ServerSignature lineinfile: @@ -64,7 +64,7 @@ regexp: '^ServerSignature' line: "ServerSignature {{ gnocchi_apache_serversignature }}" notify: - - Restart Apache + - Restart web server - name: remove Listen from Apache config lineinfile: @@ -73,7 +73,7 @@ backrefs: yes line: '#\1' notify: - - Restart Apache + - Restart web server - name: Enable/disable mod_ssl for apache2 apache2_module: @@ -82,11 +82,4 @@ when: - ansible_pkg_mgr == 'apt' notify: - - Restart Apache - -- name: Load service - service: - name: "{{ gnocchi_system_service_name }}" - enabled: "yes" - state: "started" - + - Restart web server diff --git a/tasks/gnocchi_ceph_python_libs.yml b/tasks/gnocchi_ceph_python_libs.yml index f5258e2..d4600ce 100644 --- a/tasks/gnocchi_ceph_python_libs.yml +++ b/tasks/gnocchi_ceph_python_libs.yml @@ -25,5 +25,5 @@ state: link force: "yes" notify: - - Restart Apache - - Restart Gnocchi services + - Restart gnocchi services + - Restart web server diff --git a/tasks/gnocchi_init_common.yml b/tasks/gnocchi_init_common.yml deleted file mode 100644 index 5a385d7..0000000 --- a/tasks/gnocchi_init_common.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# Copyright 2016, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -- include: gnocchi_init_systemd.yml - static: no - when: ansible_service_mgr == "systemd" - -- name: Load service - service: - name: "{{ item.value.service_name }}" - enabled: "{{ item.value.service_enabled | bool }}" - with_dict: "{{ gnocchi_services }}" - when: inventory_hostname in groups[item.value.group] - notify: - - Restart Gnocchi services diff --git a/tasks/gnocchi_init_systemd.yml b/tasks/gnocchi_init_systemd.yml index 09554a6..09813ce 100644 --- a/tasks/gnocchi_init_systemd.yml +++ b/tasks/gnocchi_init_systemd.yml @@ -42,6 +42,8 @@ group: "root" with_dict: "{{ gnocchi_services }}" when: inventory_hostname in groups[item.value.group] + notify: + - Restart gnocchi services - name: Place the systemd init script config_template: @@ -55,4 +57,4 @@ with_dict: "{{ gnocchi_services }}" when: inventory_hostname in groups[item.value.group] notify: - - Reload systemd daemon + - Restart gnocchi services diff --git a/tasks/gnocchi_install.yml b/tasks/gnocchi_install.yml index 0aaacd3..82ba6d6 100644 --- a/tasks/gnocchi_install.yml +++ b/tasks/gnocchi_install.yml @@ -73,8 +73,8 @@ copy: "no" when: gnocchi_get_venv | changed notify: - - Restart Gnocchi services - - Restart Apache + - Restart gnocchi services + - Restart web server - name: Install pip packages pip: @@ -92,8 +92,8 @@ delay: 2 when: gnocchi_get_venv | failed or gnocchi_get_venv | skipped notify: - - Restart Gnocchi services - - Restart Apache + - Restart gnocchi services + - Restart web server - name: CentOS remove python from path first file: diff --git a/tasks/gnocchi_post_install.yml b/tasks/gnocchi_post_install.yml index a5ba3e9..78b42a1 100644 --- a/tasks/gnocchi_post_install.yml +++ b/tasks/gnocchi_post_install.yml @@ -23,8 +23,8 @@ config_overrides: "{{ gnocchi_conf_overrides }}" config_type: "ini" notify: - - Restart Apache - - Restart Gnocchi services + - Restart gnocchi services + - Restart web server - name: Retrieve and config_template upstream files config_template: @@ -41,15 +41,15 @@ cat {{ gnocchi_api_paste_default_file_path }} 2>/dev/null || \ curl -s {{ gnocchi_git_config_lookup_location }}gnocchi/rest/api-paste.ini?h={{ gnocchi_git_install_branch }} - name: "policy.json" - dest: "/etc/gnocchi/policy.json" + dest: "/etc/gnocchi/policy.json-{{ gnocchi_venv_tag }}" config_overrides: "{{ gnocchi_policy_overrides }}" config_type: "json" content: | cat {{ gnocchi_policy_default_file_path }} 2>/dev/null || \ curl -s {{ gnocchi_git_config_lookup_location }}gnocchi/rest/policy.json?h={{ gnocchi_git_install_branch }} notify: - - Restart Apache - - Restart Gnocchi services + - Restart gnocchi services + - Restart web server - name: Drop Gnocchi WSGI Configs template: @@ -60,4 +60,4 @@ mode: "0755" when: gnocchi_use_mod_wsgi | bool notify: - - Restart Apache + - Restart web server diff --git a/tasks/main.yml b/tasks/main.yml index 9ccb065..c0494f7 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -38,8 +38,7 @@ tags: - gnocchi-config -- include: gnocchi_init_common.yml - static: no +- include: "gnocchi_init_{{ ansible_service_mgr }}.yml" when: not gnocchi_identity_only | bool tags: - gnocchi-config