/home/zuul/src/opendev.org/openstack/openstack-ansible-os_glance/tasks/glance_post_install.yml
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE(CeeMac): This task is required to copy rootwrap filters that we need
# and glance does not provide by default.
- name: Create aux glance dir
  file:
    path: "{{ item.path | default(omit) }}"
    state: "directory"
    owner: "{{ item.owner|default(glance_system_user_name) }}"
    group: "{{ item.group|default(glance_system_group_name) }}"
    mode: "{{ item.mode | default(omit) }}"
  loop:
    - path: "/etc/glance/rootwrap.d"
      owner: "root"
      group: "root"

- name: Copy glance rootwrap filter config
  copy:
    src: "{{ item }}"
    dest: "/etc/glance/rootwrap.d/"
    owner: "root"
    group: "root"
  with_fileglob:
    - rootwrap.d/*
  tags:
    - glance-config
    - glance-post-install

- name: Deploy Glance configuration files
  config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "root"
    group: "{{ glance_system_group_name }}"
    mode: "0640"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  when: item.condition | default(True)
  with_items:
    - src: "glance-api.conf.j2"
      dest: "{{ glance_etc_dir }}/glance-api.conf"
      config_overrides: "{{ glance_glance_api_conf_overrides }}"
      config_type: "ini"
    - src: "glance-cache.conf.j2"
      dest: "{{ glance_etc_dir }}/glance-cache.conf"
      config_overrides: "{{ glance_glance_cache_conf_overrides }}"
      config_type: "ini"
    - src: "glance-manage.conf.j2"
      dest: "{{ glance_etc_dir }}/glance-manage.conf"
      config_overrides: "{{ glance_glance_manage_conf_overrides }}"
      config_type: "ini"
    - src: "glance-registry.conf.j2"
      dest: "{{ glance_etc_dir }}/glance-registry.conf"
      config_overrides: "{{ glance_glance_registry_conf_overrides }}"
      config_type: "ini"
      condition: "{{ glance_services['glance-registry']['condition'] | bool }}"
    - src: "glance-scrubber.conf.j2"
      dest: "{{ glance_etc_dir }}/glance-scrubber.conf"
      config_overrides: "{{ glance_glance_scrubber_conf_overrides }}"
      config_type: "ini"
    - src: "glance-swift-store.conf.j2"
      dest: "{{ glance_etc_dir }}/glance-swift-store.conf"
      config_overrides: "{{ glance_glance_swift_store_conf_overrides }}"
      config_type: "ini"
    - src: "schema-image.json.j2"
      dest: "{{ glance_etc_dir }}/schema-image.json"
      config_overrides: "{{ glance_glance_scheme_json_overrides }}"
      config_type: "json"
  notify:
    - Manage LB
    - Restart glance services

- name: Deploy Glance image import configuration file
  template:
    src: "{{ glance_glance_image_import_conf_location }}"
    dest: "{{ glance_etc_dir }}/glance-image-import.conf"
  when: glance_glance_image_import_conf_location is defined
  notify:
    - Manage LB
    - Restart glance services

# NOTE(cloudnull): This is using "cp" instead of copy with a remote_source
#                  because we only want to copy the original files once. and we
#                  don't want to need multiple tasks.
- name: Preserve original configuration file(s)
  command: "cp {{ item.target_f }} {{ item.target_f }}.original"
  args:
    creates: "{{ item.target_f }}.original"
  with_items: "{{ glance_core_files }}"

- name: Fetch override files
  fetch:
    src: "{{ item.target_f }}"
    dest: "{{ item.tmp_f }}"
    flat: yes
  changed_when: false
  run_once: true
  with_items: "{{ glance_core_files }}"

- name: Copy common config
  config_template:
    src: "{{ item.tmp_f }}"
    dest: "{{ item.target_f_override | default(item.target_f) }}"
    owner: "{{ item.owner | default('root') }}"
    group: "{{ item.group | default(glance_system_group_name) }}"
    mode: "{{ item.mode | default('0640') }}"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  with_items: "{{ glance_core_files }}"
  notify:
    - Restart glance services

- name: Cleanup fetched temp files
  file:
    path: "{{ item.tmp_f }}"
    state: absent
  changed_when: false
  delegate_to: localhost
  run_once: true
  with_items: "{{ glance_core_files }}"

# NOTE(cloudnull): This will ensure strong permissions on all rootwrap files.
- name: Set rootwrap.d permissions
  file:
    path: "{{ glance_etc_dir }}/rootwrap.d"
    owner: "root"
    group: "root"
    mode: "0640"
    recurse: true

- name: Run the systemd mount role
  include_role:
    name: systemd_mount
  vars:
    systemd_mounts:
      - config_overrides: "{{ mount_var.config_overrides | default({}) }}"
        what: "{{ mount_var.server }}:{{ mount_var.remote_path }}"
        where: "{{ mount_var.local_path }}"
        type: "{{ mount_var.type }}"
        options: "{{ mount_var.options }}"
        unit:
          After:
            - network.target rpcbind.service rpc-statd.service
          Conflicts:
            - umount.target
          Requires:
            - rpcbind.service rpc-statd.service
          Before:
            - glance-api.service
        state: 'started'
        enabled: true
  with_items: "{{ glance_nfs_client }}"
  loop_control:
    loop_var: mount_var
  tags:
    - glance-config

- name: Create glance cache management cron jobs
  cron:
    name: "{{ item.name }}"
    minute: "{{ 59 | random(seed=inventory_hostname, start=1) }}"
    day: "*"
    hour: "{{ item.hour }}"
    month: "*"
    state: present
    job: "{{ item.name }}"
    user: glance
  with_items:
    - name: "{{ glance_bin }}/glance-cache-pruner"
      hour: "*"
    - name: "{{ glance_bin }}/glance-cache-cleaner"
      hour: "*/5"
  when: glance_flavor is search("cache")

- name: Drop sudoers file
  template:
    src: "sudoers.j2"
    dest: "/etc/sudoers.d/{{ glance_system_user_name }}_sudoers"
    mode: "0440"
    owner: "root"
    group: "root"
    validate: '/usr/sbin/visudo -cf %s'
  tags:
    - sudoers
    - glance-sudoers