Stop templating secure.conf options

Simplify things by only passing the secure.conf file, not a template. If users need more dynamic options, they are free to template the file first then use us to copy the file in place. Also tests file mode for nodepool.yaml Change-Id: I4d2eba3292b2657ef9a607497056fa94cdd1bec8 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-09-05 13:24:20 -04:00 · 2016-09-05 13:24:20 -04:00 · 354161295f
parent bd36e3cb52
commit 354161295f
4 changed files with 31 additions and 15 deletions
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -30,25 +30,25 @@ nodepool_file_nodepool_yaml_mode: 0644
 nodepool_file_nodepool_yaml_owner: "{{ nodepool_user_name }}"
 nodepool_file_nodepool_yaml_src: etc/nodepool/nodepool.yaml

+nodepool_file_secure_conf_dest: /etc/nodepool/secure.conf
+nodepool_file_secure_conf_group: "{{ nodepool_user_group }}"
+nodepool_file_secure_conf_mode: 0600
+nodepool_file_secure_conf_owner: "{{ nodepool_user_name }}"
+nodepool_file_secure_conf_src: etc/nodepool/secure.conf
+
 nodepool_elements_dir: ""
 nodepool_elements_dir_dest: /etc/nodepool/elements

 nodepool_scripts_dir: ""
 nodepool_scripts_dir_dest: /etc/nodepool/scripts

-nodepool_config_database_dburi: "sqlite:///{{ nodepool_user_home }}/nodepool.db"
 nodepool_config_elements_dir: "{{ nodepool_elements_dir_dest }}"
 nodepool_config_images_dir: /opt/nodepool/images
 nodepool_config_log_config: /etc/nodepool/logging.conf
-nodepool_config_secure_config: /etc/nodepool/secure.conf
 nodepool_config_scripts_dir: "{{ nodepool_scripts_dir_dest }}"

 nodepool_file_logging_conf: etc/nodepool/logging.conf

-nodepool_template_secure_conf_contents: ""
-nodepool_template_secure_conf_dest: /etc/nodepool/secure.conf
-nodepool_template_secure_conf_src: etc/nodepool/secure.conf.j2
-
 # tasks/install.yaml
 nodepool_git_dest: /opt/ansible-role-nodepool/git/openstack-infra/nodepool
 nodepool_git_uri: https://git.openstack.org/openstack-infra/nodepool
--- a/templates/etc/nodepool/secure.conf.j2
+++ b/templates/etc/nodepool/secure.conf.j2
@ -2,6 +2,4 @@
 #  DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
 #
 [database]
-dburi = {{ nodepool_config_database_dburi }}
-
-{{ nodepool_template_secure_conf_contents }}
+dburi = sqlite:////var/lib/nodepool/nodepool.db
--- a/tasks/config.yaml
+++ b/tasks/config.yaml
@ -25,12 +25,6 @@
    - "{{ nodepool_user_home }}/.config/openstack"
    - /var/log/nodepool

- name: Template secure configuration file.
-  become: yes
-  template:
-    dest: "{{ nodepool_template_secure_conf_dest }}"
-    src: "{{ nodepool_template_secure_conf_src }}"
-
 - name: Copy nodepool configuration.
  become: yes
  copy:
@ -40,6 +34,15 @@
    owner: "{{nodepool_file_nodepool_yaml_owner }}"
    src: "{{ nodepool_file_nodepool_yaml_src }}"

+- name: Copy nodepool secure configuration.
+  become: yes
+  copy:
+    dest: "{{ nodepool_file_secure_conf_dest }}"
+    group: "{{ nodepool_file_secure_conf_group }}"
+    mode: "{{ nodepool_file_secure_conf_mode }}"
+    owner: "{{nodepool_file_secure_conf_owner }}"
+    src: "{{ nodepool_file_secure_conf_src }}"
+
 - name: Copy logging configuration file.
  become: yes
  copy:
--- a/tests/test.yaml
+++ b/tests/test.yaml
@ -57,6 +57,21 @@
          - nodepool_yaml_stat.stat.isreg
          - nodepool_yaml_stat.stat.pw_name == 'nodepool'
          - nodepool_yaml_stat.stat.gr_name == 'nodepool'
+          - nodepool_yaml_stat.stat.mode == '0644'
+
+    - name: Register /etc/nodepool/secure.conf
+      stat:
+        path: /etc/nodepool/secure.conf
+      register: secure_conf_stat
+
+    - name: Assert secure_conf_stat tests.
+      assert:
+        that:
+          - secure_conf_stat.stat.exists
+          - secure_conf_stat.stat.isreg
+          - secure_conf_stat.stat.pw_name == 'nodepool'
+          - secure_conf_stat.stat.gr_name == 'nodepool'
+          - secure_conf_stat.stat.mode == '0600'

    - name: Register nodepool_elements_dir_dest_stat.
      stat: