openstack/kolla-ansible
Code Issues Proposed changes
2b7bde0a7b
kolla-ansible/ansible/roles/keystone/tasks/config.yml
Paul Bourke 3f035e11b2 Add missing per service Keystone config augments 
The task for keystone is missing a 'per service' entry for it's config
augments. This means for example that users could not add:

/etc/kolla/config/keystone/keystone-fernet.conf

or

/etc/kolla/config/keystone/keystone.conf

and have keystone.conf augmented for those services only.

Change-Id: I8d2570b4a52dc6c3552397b0a6fa7866133dc2f1
Closes-Bug: #1646898
2016-12-02 16:49:50 +00:00

120 lines
4.0 KiB
YAML
Raw Blame History

---
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
register: keystone_policy
- name: Check if Keystone Domain specific settings enabled
local_action: stat path="{{ node_custom_config }}/keystone/domains"
register: keystone_domain_cfg
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
recurse: yes
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
- name: Creating Keystone Domain directory
file:
dest: "{{ node_config_directory }}/{{ item }}/domains/"
state: "directory"
when:
keystone_domain_cfg.stat.exists
with_items:
- "keystone"
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
- name: Copying over keystone.conf
merge_configs:
vars:
service_name: "{{ item }}"
sources:
- "{{ role_path }}/templates/keystone.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/database.conf"
- "{{ node_custom_config }}/messaging.conf"
- "{{ node_custom_config }}/keystone.conf"
- "{{ node_custom_config }}/keystone/{{ item }}.conf"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
dest: "{{ node_config_directory }}/{{ item }}/keystone.conf"
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
- name: Copying Keystone Domain specific settings
copy:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/domains/"
with_fileglob:
- "{{ node_custom_config }}/keystone/domains/*"
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/keystone/policy.json"
dest: "{{ node_config_directory }}/{{ item }}/policy.json"
with_items:
- "keystone"
- "keystone-fernet"
when:
keystone_policy.stat.exists
- name: Copying over wsgi-keystone.conf
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
with_first_found:
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
- "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
- "wsgi-keystone.conf.j2"
- name: Copying over keystone-paste.ini
merge_configs:
sources:
- "{{ role_path }}/templates/keystone-paste.ini.j2"
- "{{ node_custom_config }}/keystone/keystone-paste.ini"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone-paste.ini"
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
- name: Generate the required cron jobs for the node
local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}"
register: cron_jobs_json
when: keystone_token_provider == 'fernet'
- name: Save the returned from cron jobs for building the crontab
set_fact:
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-fernet
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
with_items:
- { src: "crontab.j2", dest: "crontab" }
- { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
- { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
- { src: "id_rsa", dest: "id_rsa" }
- { src: "ssh_config.j2", dest: "ssh_config" }
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-ssh
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
with_items:
- { src: "sshd_config.j2", dest: "sshd_config" }
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
when: keystone_token_provider == 'fernet'
View Git Blame Copy Permalink