--- - name: Check if policies shall be overwritten local_action: stat path="{{ node_custom_config }}/keystone/policy.json" run_once: True register: keystone_policy - name: Check if Keystone Domain specific settings enabled local_action: stat path="{{ node_custom_config }}/keystone/domains" run_once: True register: keystone_domain_directory - name: Ensuring config directories exist file: path: "{{ node_config_directory }}/{{ item.key }}" state: "directory" recurse: yes when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool with_dict: "{{ keystone_services }}" - name: Copying over config.json files for services template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" register: keystone_config_jsons with_dict: "{{ keystone_services }}" when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool notify: - Restart keystone container - Restart keystone-ssh container - Restart keystone-fernet container - name: Copying over keystone.conf vars: service_name: "{{ item.key }}" merge_configs: sources: - "{{ role_path }}/templates/keystone.conf.j2" - "{{ node_custom_config }}/global.conf" - "{{ node_custom_config }}/database.conf" - "{{ node_custom_config }}/messaging.conf" - "{{ node_custom_config }}/keystone.conf" - "{{ node_custom_config }}/keystone/{{ item.key }}.conf" - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf" dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf" register: keystone_confs with_dict: "{{ keystone_services }}" when: - inventory_hostname in groups[item.value.group] - item.key in [ "keystone", "keystone-fernet" ] - item.value.enabled | bool notify: - Restart keystone container - Restart keystone-fernet container - name: Creating Keystone Domain directory vars: keystone: "{{ keystone_services.keystone }}" file: dest: "{{ node_config_directory }}/keystone/domains/" state: "directory" when: - inventory_hostname in groups[keystone.group] - keystone.enabled | bool - keystone_domain_directory.stat.exists - name: Get file list in custom domains folder local_action: find path="{{ node_custom_config }}/keystone/domains" recurse=no file_type=file register: keystone_domains when: keystone_domain_directory.stat.exists - name: Copying Keystone Domain specific settings vars: keystone: "{{ keystone_services.keystone }}" template: src: "{{ item.path }}" dest: "{{ node_config_directory }}/keystone/domains/" register: keystone_domains when: - inventory_hostname in groups[keystone.group] - keystone.enabled | bool - keystone_domain_directory.stat.exists with_items: "{{ keystone_domains.files|default([]) }}" notify: - Restart keystone container - name: Copying over existing policy.json template: src: "{{ node_custom_config }}/keystone/policy.json" dest: "{{ node_config_directory }}/{{ item.key }}/policy.json" register: keystone_policy_jsons when: - inventory_hostname in groups[item.value.group] - item.key in [ "keystone", "keystone-fernet" ] - item.value.enabled | bool - keystone_policy.stat.exists with_dict: "{{ keystone_services }}" notify: - Restart keystone container - Restart keystone-fernet container - name: Copying over wsgi-keystone.conf vars: keystone: "{{ keystone_services.keystone }}" template: src: "{{ item }}" dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf" register: keystone_wsgi when: - inventory_hostname in groups[keystone.group] - keystone.enabled | bool with_first_found: - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf" - "{{ node_custom_config }}/keystone/wsgi-keystone.conf" - "wsgi-keystone.conf.j2" notify: - Restart keystone container - name: Checking whether keystone-paste.ini file exists vars: keystone: "{{ keystone_services.keystone }}" local_action: stat path="{{ node_custom_config }}/keystone/keystone-paste.ini" run_once: True register: check_keystone_paste_ini when: - keystone.enabled | bool - name: Copying over keystone-paste.ini vars: keystone: "{{ keystone_services.keystone }}" template: src: "{{ node_custom_config }}/keystone/keystone-paste.ini" dest: "{{ node_config_directory }}/keystone/keystone-paste.ini" register: keystone_paste_ini when: - inventory_hostname in groups[keystone.group] - keystone.enabled | bool - check_keystone_paste_ini.stat.exists notify: - Restart keystone container - name: Generate the required cron jobs for the node local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}" register: cron_jobs_json when: keystone_token_provider == 'fernet' - name: Save the returned from cron jobs for building the crontab set_fact: cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}" when: keystone_token_provider == 'fernet' - name: Copying files for keystone-fernet vars: keystone_fernet: "{{ keystone_services['keystone-fernet'] }}" template: src: "{{ item.src }}" dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}" register: keystone_fernet_confs with_items: - { src: "crontab.j2", dest: "crontab" } - { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" } - { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" } - { src: "id_rsa", dest: "id_rsa" } - { src: "ssh_config.j2", dest: "ssh_config" } when: - inventory_hostname in groups[keystone_fernet.group] - keystone_fernet.enabled | bool notify: - Restart keystone-fernet container - name: Copying files for keystone-ssh vars: keystone_ssh: "{{ keystone_services['keystone-ssh'] }}" template: src: "{{ item.src }}" dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}" register: keystone_ssh_confs with_items: - { src: "sshd_config.j2", dest: "sshd_config" } - { src: "id_rsa.pub", dest: "id_rsa.pub" } when: - inventory_hostname in groups[keystone_ssh.group] - keystone_ssh.enabled | bool notify: - Restart keystone-ssh container - name: Check keystone containers kolla_docker: action: "compare_container" name: "{{ item.value.container_name }}" image: "{{ item.value.image }}" volumes: "{{ item.value.volumes|reject('equalto', '')|list }}" when: - action != "config" - inventory_hostname in groups[item.value.group] - item.value.enabled | bool register: check_keystone_containers with_dict: "{{ keystone_services }}" notify: - Restart keystone container - Restart keystone-ssh container - Restart keystone-fernet container