Merge "iptables-persistent pkg is needed for manager state"
diff --git a/README.rst b/README.rst
index 169e463..f04efb3 100644
--- a/README.rst
+++ b/README.rst
@@ -94,7 +94,6 @@
controller_worker:
amp_boot_network_list: '01d3edaa-422c-40b9-b265-425c981691e7'
amp_flavor_id: '967972bb-ab54-4679-9f53-bf81d5e28154'
- amp_image_owner_id: '68520e9f926441ddb37b7c744c4005b7'
amp_image_tag: amphora
amp_secgroup_list: '9fcd532e-5715-423a-8e3f-51abddbe7705'
amp_ssh_key_name: octavia_ssh_key
diff --git a/metadata/service/manager/single.yml b/metadata/service/manager/single.yml
index a010f17..845d1e0 100644
--- a/metadata/service/manager/single.yml
+++ b/metadata/service/manager/single.yml
@@ -40,7 +40,6 @@
controller_worker:
amp_boot_network_list: ${_param:amp_boot_network_list}
amp_flavor_id: ${_param:amp_flavor_id}
- amp_image_owner_id: ${_param:amp_image_owner_id}
amp_image_tag: amphora
amp_secgroup_list: ${_param:amp_secgroup_list}
amp_ssh_key_name: octavia_ssh_key
diff --git a/octavia/files/ocata/octavia_manager.conf b/octavia/files/ocata/octavia_manager.conf
index a140054..00c115b 100644
--- a/octavia/files/ocata/octavia_manager.conf
+++ b/octavia/files/ocata/octavia_manager.conf
@@ -507,7 +507,7 @@
# Restrict glance image selection to a specific owner ID. This is a
# recommended security setting. (string value)
#amp_image_owner_id =
-amp_image_owner_id = {{ manager.controller_worker.amp_image_owner_id }}
+amp_image_owner_id = {{ amp_image_owner_id }}
# SSH key name used to boot the Amphora (string value)
#amp_ssh_key_name =
diff --git a/octavia/manager.sls b/octavia/manager.sls
index 19aa9d8..77ff454 100644
--- a/octavia/manager.sls
+++ b/octavia/manager.sls
@@ -1,17 +1,22 @@
{%- from "octavia/map.jinja" import manager with context %}
{%- if manager.enabled %}
+{%- set mine_data = salt['mine.get']('glance:client', 'glanceng.get_image_owner_id', 'pillar').values() %}
octavia_manager_packages:
pkg.installed:
- names: {{ manager.pkgs }}
+{%- if mine_data %}
/etc/octavia/octavia.conf:
file.managed:
- source: salt://octavia/files/{{ manager.version }}/octavia_manager.conf
- template: jinja
- require:
- pkg: octavia_manager_packages
+ - context:
+ amp_image_owner_id: {{ mine_data|first }}
+{%- endif %}
/etc/octavia/certificates/openssl.cnf:
file.managed:
@@ -64,6 +69,7 @@
- proto: udp
- save: True
+{%- if mine_data %}
octavia_manager_services:
service.running:
- names: {{ manager.services }}
@@ -71,5 +77,6 @@
- watch:
- file: /etc/octavia/octavia.conf
{%- endif %}
+{%- endif %}
{%- endif %}
diff --git a/tests/pillar/manager_single.sls b/tests/pillar/manager_single.sls
index 2108fd9..f3eb391 100644
--- a/tests/pillar/manager_single.sls
+++ b/tests/pillar/manager_single.sls
@@ -31,7 +31,6 @@
controller_worker:
amp_boot_network_list: '01d3edaa-422c-40b9-b265-425c981691e7'
amp_flavor_id: '967972bb-ab54-4679-9f53-bf81d5e28154'
- amp_image_owner_id: '68520e9f926441ddb37b7c744c4005b7'
amp_image_tag: amphora
amp_secgroup_list: '9fcd532e-5715-423a-8e3f-51abddbe7705'
amp_ssh_key_name: octavia_ssh_key