Perform an atomic policy file change

The policy.json file is currently read continually by the services and is not only read on service start. We therefore cannot template directly to the file read by the service (if the service is already running) because the new policies may not be valid until the service restarts. This is particularly important during a major upgrade. We therefore only put the policy file in place after the service restart. This patch also tidies up the handlers and some of the install tasks to simplify them and reduce the tasks/code a little. Change-Id: I98dc9b1e7d5d6ad54a19f0d5ebf0973580f58740
2017-04-28 16:13:36 +01:00 · 2017-04-28 16:13:36 +01:00 · eb76491f7e
parent 38a4453ef0
commit eb76491f7e
6 changed files with 67 additions and 55 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -12,19 +12,63 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 - name: Restart aodh services
-  systemd:
+  debug:
+    msg: "Restarting services"
+  changed_when: true
+  notify:
+    - Stop services
+    - Copy new policy file into place
+    - Start services
+
+- name: Stop services
+  service:
    name: "{{ item.value.service_name }}"
-    state: "restarted"
-    daemon_reload: yes
+    enabled: yes
+    state: "stopped"
+    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
  with_dict: "{{ aodh_services }}"
  when: inventory_hostname in groups[item.value.group]
-
- name: Restart Apache
-  service:
-    name: "{{ aodh_system_service_name }}"
-    state: "restarted"
-  register: apache_restart
-  until: apache_restart | success
+  register: _stop
+  until: _stop | success
+  retries: 5
+  delay: 2
+
+# Note (odyssey4me):
+# The policy.json file is currently read continually by the services
+# and is not only read on service start. We therefore cannot template
+# directly to the file read by the service because the new policies
+# may not be valid until the service restarts. This is particularly
+# important during a major upgrade. We therefore only put the policy
+# file in place after the service has been stopped.
+#
+- name: Copy new policy file into place
+  copy:
+    src: "/etc/aodh/policy.json-{{ aodh_venv_tag }}"
+    dest: "/etc/aodh/policy.json"
+    remote_src: yes
+
+- name: Start services
+  service:
+    name: "{{ item.value.service_name }}"
+    enabled: yes
+    state: "started"
+    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
+  with_dict: "{{ aodh_services }}"
+  when: inventory_hostname in groups[item.value.group]
+  register: _start
+  until: _start | success
+  retries: 5
+  delay: 2
+
+- name: Restart web server
+  service:
+    name: "{{ aodh_system_service_name }}"
+    enabled: yes
+    state: "restarted"
+    daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
+  register: _restart
+  until: _restart | success
  retries: 5
  delay: 2
--- a/tasks/aodh_apache.yml
+++ b/tasks/aodh_apache.yml
@ -22,7 +22,7 @@
    group: "root"
  with_items: "{{ aodh_apache_config }}"
  notify:
-    - Restart Apache
+    - Restart web server

 - name: Disable default apache site
  file:
@ -30,7 +30,7 @@
    state: "absent"
  with_items: "{{ aodh_apache_default_sites }}"
  notify:
-    - Restart Apache
+    - Restart web server

 - name: Enabled aodh vhost
  file:
@ -41,14 +41,14 @@
    - aodh_apache_site_available is defined
    - aodh_apache_site_enabled is defined
  notify:
-    - Restart Apache
+    - Restart web server

 - name: Ensure Apache ServerName
  lineinfile:
    dest: "{{ aodh_apache_conf }}"
    line: "ServerName {{ inventory_hostname }}"
  notify:
-    - Restart Apache
+    - Restart web server

 - name: Ensure Apache ServerTokens
  lineinfile:
@ -56,7 +56,7 @@
    regexp: '^ServerTokens'
    line: "ServerTokens {{ aodh_apache_servertokens }}"
  notify:
-    - Restart Apache
+    - Restart web server

 - name: Ensure Apache ServerSignature
  lineinfile:
@ -64,7 +64,7 @@
    regexp: '^ServerSignature'
    line: "ServerSignature {{ aodh_apache_serversignature }}"
  notify:
-    - Restart Apache
+    - Restart web server

 - name: remove Listen from Apache config
  lineinfile:
@ -73,11 +73,4 @@
    backrefs: yes
    line: '#\1'
  notify:
-    - Restart Apache
-
- name: Load service
-  service:
-    name: "{{ aodh_system_service_name }}"
-    enabled: "yes"
-    state: "started"
-
+    - Restart web server
--- a/tasks/aodh_init_common.yml
+++ b/tasks/aodh_init_common.yml
@ -1,27 +0,0 @@
---
-# Copyright 2016, Rackspace US, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
- include: aodh_init_systemd.yml
-  when:
-    - ansible_service_mgr == 'systemd'
-
- name: Load service
-  service:
-   name: "{{ item.value.service_name }}"
-   enabled: "yes"
-  with_dict: "{{ aodh_services }}"
-  when: inventory_hostname in groups[item.value.group]
-  notify:
-    - Restart aodh services
--- a/tasks/aodh_init_systemd.yml
+++ b/tasks/aodh_init_systemd.yml
@ -52,6 +52,8 @@
    group: "root"
  with_dict: "{{ aodh_services }}"
  when: inventory_hostname in groups[item.value.group]
+  notify:
+    - Restart aodh services

 - name: Place the systemd init script
  config_template:
--- a/tasks/aodh_post_install.yml
+++ b/tasks/aodh_post_install.yml
@ -32,12 +32,12 @@
      config_overrides: "{{ aodh_api_paste_ini_overrides }}"
      config_type: "ini"
    - src: "policy.json.j2"
-      dest: "/etc/aodh/policy.json"
+      dest: "/etc/aodh/policy.json-{{ aodh_venv_tag }}"
      config_overrides: "{{ aodh_policy_overrides }}"
      config_type: "json"
  notify:
    - Restart aodh services
-    - Restart Apache
+    - Restart web server

 - name: Drop aodh API WSGI Configs
  template:
@ -47,4 +47,4 @@
    group: "{{ aodh_system_group_name }}"
    mode: "0755"
  notify:
-    - Restart Apache
+    - Restart web server
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -44,7 +44,7 @@
  tags:
    - aodh-config

- include: aodh_init_common.yml
+- include: "aodh_init_{{ ansible_service_mgr }}.yml"
  tags:
    - aodh-config