smart_sources: Use config files from repo

Do not carry and maintain rootwrap and api files, since they are present
inside pip packages and deployed during installation.
This also adds deployment of rootwrap filters for manila-share nodes.

Change-Id: I41b680f5dcb5be92e3304c591d9a4705cf138a72

tasks/manila_post_install.yml

@@ -13,32 +13,27 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+- name: Fetch rootwrap files
+  fetch:
+    src: "{{ item.source }}"
+    dest: "{{ item.src }}"
+    flat: yes
+  changed_when: false
+  with_items: "{{ manila_rootwrap_files }}"
+  when: item.condition | default(True)
+  run_once: true
+
 - name: Copy manila configs
   config_template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     owner: "root"
     group: "{{ item.group|default(manila_system_group_name) }}"
-    mode: "0640"
-    config_overrides: "{{ item.config_overrides }}"
+    mode: "{{ item.mode |default('0640') }}"
+    config_overrides: "{{ item.config_overrides | default({}) }}"
     config_type: "{{ item.config_type }}"
-  with_items:
-    - src: "manila.conf.j2"
-      dest: "/etc/manila/manila.conf"
-      config_overrides: "{{ manila_manila_conf_overrides }}"
-      config_type: "ini"
-    - src: "api-paste.ini.j2"
-      dest: "/etc/manila/api-paste.ini"
-      config_overrides: "{{ manila_api_paste_ini_overrides }}"
-      config_type: "ini"
-    - src: "rootwrap.conf.j2"
-      dest: "/etc/manila/rootwrap.conf"
-      config_overrides: "{{ manila_rootwrap_conf_overrides }}"
-      config_type: "ini"
-    - src: "policy.json.j2"
-      dest: "/etc/manila/policy.json-{{ manila_venv_tag }}"
-      config_overrides: "{{ manila_policy_overrides }}"
-      config_type: "json"
+  when: item.condition | default(True)
+  with_items: "{{ manila_core_files + manila_rootwrap_files }}"
   notify:
     - Manage LB
     - Restart manila services

templates/api-paste.ini.j2

@@ -1,59 +0,0 @@
-#############
-# OpenStack #
-#############
-
-[composite:osapi_share]
-use = call:manila.api:root_app_factory
-/: apiversions
-/v1: openstack_share_api
-/v2: openstack_share_api_v2
-
-[composite:openstack_share_api]
-use = call:manila.api.middleware.auth:pipeline_factory
-noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth api
-keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api
-keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext api
-
-[composite:openstack_share_api_v2]
-use = call:manila.api.middleware.auth:pipeline_factory
-noauth = cors faultwrap http_proxy_to_wsgi sizelimit noauth apiv2
-keystone = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2
-keystone_nolimit = cors faultwrap http_proxy_to_wsgi sizelimit authtoken keystonecontext apiv2
-
-[filter:faultwrap]
-paste.filter_factory = manila.api.middleware.fault:FaultWrapper.factory
-
-[filter:noauth]
-paste.filter_factory = manila.api.middleware.auth:NoAuthMiddleware.factory
-
-[filter:sizelimit]
-paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory
-
-[filter:http_proxy_to_wsgi]
-paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
-
-[app:api]
-paste.app_factory = manila.api.v1.router:APIRouter.factory
-
-[app:apiv2]
-paste.app_factory = manila.api.v2.router:APIRouter.factory
-
-[pipeline:apiversions]
-pipeline = cors faultwrap http_proxy_to_wsgi osshareversionapp
-
-[app:osshareversionapp]
-paste.app_factory = manila.api.versions:VersionsRouter.factory
-
-##########
-# Shared #
-##########
-
-[filter:keystonecontext]
-paste.filter_factory = manila.api.middleware.auth:ManilaKeystoneContext.factory
-
-[filter:authtoken]
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-
-[filter:cors]
-paste.filter_factory = oslo_middleware.cors:filter_factory
-oslo_config_project = manila

templates/rootwrap.conf.j2

@@ -1,27 +0,0 @@
-# Configuration for manila-rootwrap
-# This file should be owned by (and only-writeable by) the root user
-
-[DEFAULT]
-# List of directories to load filter definitions from (separated by ',').
-# These directories MUST all be only writeable by root !
-filters_path=/etc/manila/rootwrap.d,/usr/share/manila/rootwrap,/usr/share/manila-common/rootwrap.d
-
-# List of directories to search executables in, in case filters do not
-# explicitly specify a full path (separated by ',')
-# If not specified, defaults to system PATH environment variable.
-# These directories MUST all be only writeable by root !
-exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/sbin,/usr/local/bin,/usr/lpp/mmfs/bin
-
-# Enable logging to syslog
-# Default value is False
-use_syslog=False
-
-# Which syslog facility to use.
-# Valid values include auth, authpriv, syslog, user0, user1...
-# Default value is 'syslog'
-syslog_log_facility=syslog
-
-# Which messages to log.
-# INFO means log all usage
-# ERROR means only log unsuccessful attempts
-syslog_log_level=ERROR

vars/main.yml

@@ -29,3 +29,32 @@ filtered_manila_services: |-
   {%   endif %}
   {% endfor %}
   {{ services | sort(attribute='start_order') }}
+
+manila_core_files:
+  - src: "manila.conf.j2"
+    dest: "/etc/manila/manila.conf"
+    config_overrides: "{{ manila_manila_conf_overrides }}"
+    config_type: "ini"
+  - src: "policy.json.j2"
+    dest: "/etc/manila/policy.json-{{ manila_venv_tag }}"
+    config_overrides: "{{ manila_policy_overrides }}"
+    config_type: "json"
+
+manila_rootwrap_files:
+  - condition: "{{ manila_install_method == 'source' }}"
+    config_overrides: "{{ manila_rootwrap_conf_overrides }}"
+    config_type: ini
+    dest: /etc/manila/rootwrap.conf
+    source: "{{ manila_bin | dirname }}/etc/manila/rootwrap.conf"
+    src: /tmp/rootwrap.conf
+  - condition: "{{ manila_install_method == 'source' and 'manila_share' in group_names }}"
+    config_type: ini
+    dest: /etc/manila/rootwrap.d/share.filters
+    source: "{{ manila_bin | dirname }}/etc/manila/rootwrap.d/share.filters"
+    src: /tmp/manila-share.filters
+  - condition: "{{ manila_install_method == 'source' and 'manila_api' in group_names }}"
+    config_type: "ini"
+    config_overrides: "{{ manila_api_paste_ini_overrides }}"
+    source: "{{ manila_bin | dirname }}/etc/manila/api-paste.ini"
+    src: "/tmp/api-paste.ini"
+    dest: "/etc/manila/api-paste.ini"