Merge "Refactor map file to import role data only"
diff --git a/cinder/controller.sls b/cinder/controller.sls
index 79678de..34ff377 100644
--- a/cinder/controller.sls
+++ b/cinder/controller.sls
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
{%- if controller.get('enabled', False) %}
{%- set user = controller %}
@@ -222,7 +222,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ controller.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
{%- endif %}
@@ -237,7 +237,7 @@
{%- else %}
file.exists:
- - name: {{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
{%- endif %}
diff --git a/cinder/files/mitaka/cinder.conf.controller.Debian b/cinder/files/mitaka/cinder.conf.controller.Debian
index 4176181..852e974 100644
--- a/cinder/files/mitaka/cinder.conf.controller.Debian
+++ b/cinder/files/mitaka/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -146,11 +146,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if controller.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
rabbit_userid = {{ controller.message_queue.user }}
@@ -178,7 +174,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
{%- if controller.backend is defined %}
diff --git a/cinder/files/mitaka/cinder.conf.volume.Debian b/cinder/files/mitaka/cinder.conf.volume.Debian
index 52f46d7..b52aded 100644
--- a/cinder/files/mitaka/cinder.conf.volume.Debian
+++ b/cinder/files/mitaka/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -131,11 +131,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if volume.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
rabbit_userid = {{ volume.message_queue.user }}
@@ -163,7 +159,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}{% endif %}
{%- if volume.backend is defined %}
diff --git a/cinder/files/newton/cinder.conf.controller.Debian b/cinder/files/newton/cinder.conf.controller.Debian
index 3e16fcd..701f78f 100644
--- a/cinder/files/newton/cinder.conf.controller.Debian
+++ b/cinder/files/newton/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -155,11 +155,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if controller.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
@@ -191,7 +187,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
{%- if controller.backend is defined %}
diff --git a/cinder/files/newton/cinder.conf.volume.Debian b/cinder/files/newton/cinder.conf.volume.Debian
index e81b7c2..88a2944 100644
--- a/cinder/files/newton/cinder.conf.volume.Debian
+++ b/cinder/files/newton/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -144,11 +144,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if volume.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
[keystone_authtoken]
@@ -179,7 +175,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}{% endif %}
{%- if volume.backend is defined %}
diff --git a/cinder/files/ocata/cinder.conf.controller.Debian b/cinder/files/ocata/cinder.conf.controller.Debian
index 434f87d..9f39498 100644
--- a/cinder/files/ocata/cinder.conf.controller.Debian
+++ b/cinder/files/ocata/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -155,11 +155,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if controller.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
@@ -195,7 +191,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
{%- if controller.backend is defined %}
diff --git a/cinder/files/ocata/cinder.conf.volume.Debian b/cinder/files/ocata/cinder.conf.volume.Debian
index 90eef4f..197309b 100644
--- a/cinder/files/ocata/cinder.conf.volume.Debian
+++ b/cinder/files/ocata/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -144,11 +144,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if volume.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
[keystone_authtoken]
@@ -183,7 +179,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}{% endif %}
{%- if volume.backend is defined %}
diff --git a/cinder/map.jinja b/cinder/map.jinja
index b8806e6..3922417 100644
--- a/cinder/map.jinja
+++ b/cinder/map.jinja
@@ -1,9 +1,12 @@
-{%- set system_cacerts_file = salt['grains.filter_by']({
- 'Debian': '/etc/ssl/certs/ca-certificates.crt',
- 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
-})%}
+{%- set default_params = {
+ 'cacert_file': salt['grains.filter_by']({
+ 'Debian': '/etc/ssl/certs/ca-certificates.crt',
+ 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+ })}
+%}
{% set controller = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['cinder-api', 'cinder-scheduler', 'lvm2', 'python-cinder', 'gettext-base', 'python-memcache', 'python-pycadf'],
'services': ['cinder-scheduler'],
@@ -13,8 +16,8 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
@@ -30,8 +33,8 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
@@ -39,9 +42,10 @@
}
},
-}, merge=pillar.cinder.get('controller', {})) %}
+}, merge=pillar.cinder.get('controller', {}), base='BaseDefaults') %}
{% set volume = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['cinder-volume', 'lvm2', 'sysfsutils', 'sg3-utils', 'python-cinder','python-mysqldb','p7zip', 'gettext-base', 'python-memcache', 'python-pycadf'],
'services': ['cinder-volume'],
@@ -50,8 +54,8 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
@@ -67,15 +71,15 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
'engine': None
}
},
-}, merge=pillar.cinder.get('volume', {})) %}
+}, merge=pillar.cinder.get('volume', {}), base='BaseDefaults') %}
{% set client = salt['grains.filter_by']({
'Debian': {
diff --git a/cinder/volume.sls b/cinder/volume.sls
index 383f0ba..4df74c7 100644
--- a/cinder/volume.sls
+++ b/cinder/volume.sls
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
{%- if volume.enabled %}
{%- if not pillar.cinder.get('controller', {}).get('enabled', False) %}
@@ -32,7 +32,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ volume.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
{%- endif %}
@@ -46,7 +46,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
{%- endif %}