kolla-ansible/ansible/roles/keystone/tasks/config.yml

---
- name: Check if policies shall be overwritten
  local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
  register: keystone_policy

- name: Check if Keystone Domain specific settings enabled
  local_action: stat path="{{ node_custom_config }}/keystone/domains"
  register: keystone_domain_directory

- name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item.key }}"
    state: "directory"
    recurse: yes
  when:
    - inventory_hostname in groups[item.value.group]
    - item.value.enabled | bool
  with_dict: "{{ keystone_services }}"

- name: Copying over config.json files for services
  template:
    src: "{{ item.key }}.json.j2"
    dest: "{{ node_config_directory }}/{{ item.key }}/config.json"
  register: keystone_config_jsons
  with_dict: "{{ keystone_services }}"
  when:
    - inventory_hostname in groups[item.value.group]
    - item.value.enabled | bool
  notify:
    - Restart keystone container
    - Restart keystone-ssh container
    - Restart keystone-fernet container

- name: Copying over keystone.conf
  merge_configs:
    vars:
      service_name: "{{ item.key }}"
    sources:
      - "{{ role_path }}/templates/keystone.conf.j2"
      - "{{ node_custom_config }}/global.conf"
      - "{{ node_custom_config }}/database.conf"
      - "{{ node_custom_config }}/messaging.conf"
      - "{{ node_custom_config }}/keystone.conf"
      - "{{ node_custom_config }}/keystone/{{ item.key }}.conf"
      - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
    dest: "{{ node_config_directory }}/{{ item.key }}/keystone.conf"
  register: keystone_confs
  with_dict: "{{ keystone_services }}"
  when:
    - inventory_hostname in groups[item.value.group]
    - item.key in [ "keystone", "keystone-fernet" ]
    - item.value.enabled | bool
  notify:
    - Restart keystone container
    - Restart keystone-fernet container

- name: Creating Keystone Domain directory
  vars:
    keystone: "{{ keystone_services.keystone }}"
  file:
    dest: "{{ node_config_directory }}/keystone/domains/"
    state: "directory"
  when:
    - inventory_hostname in groups[keystone.group]
    - keystone.enabled | bool
    - keystone_domain_directory.stat.exists

- name: Get file list in custom domains folder
  local_action: find path="{{ node_custom_config }}/keystone/domains" recurse=no file_type=file
  register: keystone_domains
  when: keystone_domain_directory.stat.exists

- name: Copying Keystone Domain specific settings
  vars:
    keystone: "{{ keystone_services.keystone }}"
  copy:
    src: "{{ item.path }}"
    dest: "{{ node_config_directory }}/keystone/domains/"
  register: keystone_domains
  when:
    - inventory_hostname in groups[keystone.group]
    - keystone.enabled | bool
    - keystone_domain_directory.stat.exists
  with_items: "{{ keystone_domains.files|default([]) }}"
  notify:
    - Restart keystone container

- name: Copying over existing policy.json
  template:
    src: "{{ node_custom_config }}/keystone/policy.json"
    dest: "{{ node_config_directory }}/{{ item.key }}/policy.json"
  register: keystone_policy_jsons
  when:
    - inventory_hostname in groups[item.value.group]
    - item.key in [ "keystone", "keystone-fernet" ]
    - item.value.enabled | bool
    - keystone_policy.stat.exists
  with_dict: "{{ keystone_services }}"
  notify:
    - Restart keystone containers

- name: Copying over wsgi-keystone.conf
  vars:
    keystone: "{{ keystone_services.keystone }}"
  template:
    src: "{{ item }}"
    dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
  register: keystone_wsgi
  when:
    - inventory_hostname in groups[keystone.group]
    - keystone.enabled | bool
  with_first_found:
    - "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
    - "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
    - "wsgi-keystone.conf.j2"
  notify:
    - Restart keystone container

- name: Checking whether keystone-paste.ini file exists
  vars:
    keystone: "{{ keystone_services.keystone }}"
  stat:
    path: "{{ node_custom_config }}/keystone/keystone-paste.ini"
  register: check_keystone_paste_ini
  when:
    - inventory_hostname in groups[keystone.group]
    - keystone.enabled | bool

- name: Copying over keystone-paste.ini
  vars:
    keystone: "{{ keystone_services.keystone }}"
  template:
    src: "{{ node_custom_config }}/keystone/keystone-paste.ini"
    dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
  register: keystone_paste_ini
  when:
    - inventory_hostname in groups[keystone.group]
    - keystone.enabled | bool
    - check_keystone_paste_ini.stat.exists | bool
  notify:
    - Restart keystone container

- name: Generate the required cron jobs for the node
  local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}"
  register: cron_jobs_json
  when: keystone_token_provider == 'fernet'

- name: Save the returned from cron jobs for building the crontab
  set_fact:
    cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
  when: keystone_token_provider == 'fernet'

- name: Copying files for keystone-fernet
  vars:
    keystone_fernet: "{{ keystone_services['keystone-fernet'] }}"
  template:
    src: "{{ item.src }}"
    dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
  register: keystone_fernet_confs
  with_items:
    - { src: "crontab.j2", dest: "crontab" }
    - { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
    - { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
    - { src: "id_rsa", dest: "id_rsa" }
    - { src: "ssh_config.j2", dest: "ssh_config" }
  when:
    - inventory_hostname in groups[keystone_fernet.group]
    - keystone_fernet.enabled | bool
  notify:
    - Restart keystone-fernet container

- name: Copying files for keystone-ssh
  vars:
    keystone_ssh: "{{ keystone_services['keystone-ssh'] }}"
  template:
    src: "{{ item.src }}"
    dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
  register: keystone_ssh_confs
  with_items:
    - { src: "sshd_config.j2", dest: "sshd_config" }
    - { src: "id_rsa.pub", dest: "id_rsa.pub" }
  when:
    - inventory_hostname in groups[keystone_ssh.group]
    - keystone_ssh.enabled | bool
  notify:
    - Restart keystone-ssh container

- name: Check keystone containers
  kolla_docker:
    action: "compare_container"
    name: "{{ item.value.container_name }}"
    image: "{{ item.value.image }}"
    volumes: "{{ item.value.volumes|reject('equalto', '')|list }}"
  when:
    - action != "config"
    - inventory_hostname in groups[item.value.group]
    - item.value.enabled | bool
  register: check_keystone_containers
  with_dict: "{{ keystone_services }}"
  notify:
    - Restart keystone container
    - Restart keystone-ssh container
    - Restart keystone-fernet container