From 8797fc707a4d0cda6bc77d38e4898464ae8d6a00 Mon Sep 17 00:00:00 2001 From: Travis Truman Date: Fri, 20 May 2016 09:37:30 -0400 Subject: [PATCH] Cleanup/standardize usage of tags The numerous tags within the role have been condensed to two tags: keystone-install and keystone-config These tags have been chosen as they are namespaced and cover the two major functions of the role. Documentation has been updated to inform how each tag influences the function of the role. Change-Id: Iea4bff944ce0a35a4b1bc044171472ea44eda323 --- README.rst | 10 ++++ tasks/keystone_apache.yml | 17 ------- tasks/keystone_db_setup.yml | 5 -- tasks/keystone_federation_sp_idp_setup.yml | 20 -------- tasks/keystone_federation_sp_setup.yml | 15 ------ tasks/keystone_fernet_keys_autorotate.yml | 6 --- tasks/keystone_fernet_keys_create.yml | 9 ---- tasks/keystone_fernet_keys_distribute.yml | 2 - tasks/keystone_idp_metadata.yml | 5 +- tasks/keystone_idp_self_signed_create.yml | 3 -- tasks/keystone_idp_self_signed_distribute.yml | 2 - tasks/keystone_idp_self_signed_store.yml | 2 - tasks/keystone_idp_sp_setup.yml | 2 - tasks/keystone_install.yml | 47 ------------------- tasks/keystone_install_apt.yml | 14 ------ tasks/keystone_key_distribute.yml | 3 -- tasks/keystone_key_populate.yml | 6 --- tasks/keystone_key_setup.yml | 6 --- tasks/keystone_ldap_setup.yml | 6 --- tasks/keystone_messaging_setup.yml | 6 --- tasks/keystone_post_install.yml | 10 ---- tasks/keystone_pre_install.yml | 21 --------- tasks/keystone_service_setup.yml | 31 ------------ tasks/keystone_ssl.yml | 4 -- tasks/keystone_ssl_key_create.yml | 7 --- tasks/keystone_ssl_key_distribute.yml | 6 --- tasks/keystone_ssl_key_store.yml | 6 --- tasks/keystone_ssl_user_provided.yml | 9 ---- tasks/keystone_token_cleanup.yml | 4 +- tasks/main.yml | 40 ++++++++++++++-- 30 files changed, 48 insertions(+), 276 deletions(-) diff --git a/README.rst b/README.rst index 4eaa4651..35242b20 100644 --- a/README.rst +++ b/README.rst @@ -65,3 +65,13 @@ Example Playbook keystone_rabbitmq_servers: 10.100.100.101 keystone_rabbitmq_use_ssl: true galera_client_drop_config_file: false + +Tags +==== + +This role supports two tags: ``keystone-install`` and ``keystone-config`` + +The ``keystone-install`` tag can be used to install and upgrade. + +The ``keystone-config`` tag can be used to maintain configuration of the +service. diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml index 2d75d81f..50d806b6 100644 --- a/tasks/keystone_apache.yml +++ b/tasks/keystone_apache.yml @@ -25,8 +25,6 @@ - { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" } notify: - Restart Apache - tags: - - keystone-httpd - name: Disable default apache site file: @@ -34,8 +32,6 @@ state: "absent" notify: - Restart Apache - tags: - - keystone-httpd - name: Enabled keystone vhost file: @@ -44,8 +40,6 @@ state: "link" notify: - Restart Apache - tags: - - keystone-httpd - name: Ensure Apache ServerName lineinfile: @@ -53,8 +47,6 @@ line: "ServerName {{ ansible_hostname }}" notify: - Restart Apache - tags: - - keystone-httpd - name: Ensure Apache ServerTokens lineinfile: @@ -63,8 +55,6 @@ line: "ServerTokens {{ keystone_apache_servertokens }}" notify: - Restart Apache - tags: - - keystone-httpd - name: Ensure Apache ServerSignature lineinfile: @@ -73,8 +63,6 @@ line: "ServerSignature {{ keystone_apache_serversignature }}" notify: - Restart Apache - tags: - - keystone-httpd - name: Enable/disable mod_ssl for apache2 apache2_module: @@ -82,9 +70,6 @@ state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}" notify: - Restart Apache - tags: - - keystone-httpd - - keystone-ssl - name: Enable/disable mod_shib2 for apache2 apache2_module: @@ -93,5 +78,3 @@ ignore_errors: yes notify: - Restart Apache - tags: - - keystone-httpd diff --git a/tasks/keystone_db_setup.yml b/tasks/keystone_db_setup.yml index d315b926..490280dc 100644 --- a/tasks/keystone_db_setup.yml +++ b/tasks/keystone_db_setup.yml @@ -17,8 +17,3 @@ command: "{{ keystone_bin }}/keystone-manage db_sync" become: yes become_user: "{{ keystone_system_user_name }}" - tags: - - keystone-db-setup - - keystone-db-sync - - keystone-setup - - keystone-command-bin diff --git a/tasks/keystone_federation_sp_idp_setup.yml b/tasks/keystone_federation_sp_idp_setup.yml index f0e0f888..3f725b13 100644 --- a/tasks/keystone_federation_sp_idp_setup.yml +++ b/tasks/keystone_federation_sp_idp_setup.yml @@ -21,8 +21,6 @@ - name: Set keystone_federated_identities fact keystone_sp: sp_data: "{{ keystone_sp }}" - tags: - - keystone-federation-sp - name: Ensure domain which remote IDP users are mapped onto exists keystone: @@ -35,8 +33,6 @@ insecure: "{{ keystone_service_adminuri_insecure }}" when: item.domain is defined with_items: keystone_federated_identities - tags: - - keystone-federation-sp - name: Ensure project which remote IDP users are mapped onto exists keystone: @@ -50,8 +46,6 @@ insecure: "{{ keystone_service_adminuri_insecure }}" when: item.project is defined with_items: keystone_federated_identities - tags: - - keystone-federation-sp - name: Ensure user which remote IDP users are mapped onto exists keystone: @@ -70,8 +64,6 @@ item.password is defined and item.project is defined with_items: keystone_federated_identities - tags: - - keystone-federation-sp - name: Ensure Group for external IDP users exists keystone: @@ -85,8 +77,6 @@ insecure: "{{ keystone_service_adminuri_insecure }}" when: item.group is defined with_items: keystone_federated_identities - tags: - - keystone-federation-sp - name: Ensure Role for external IDP users exists keystone: @@ -101,8 +91,6 @@ item.group is defined and item.project is defined with_items: keystone_federated_identities - tags: - - keystone-federation-sp - name: Ensure Group/Project/Role mapping exists keystone: @@ -119,8 +107,6 @@ item.group is defined and item.project is defined with_items: keystone_federated_identities - tags: - - keystone-federation-sp - name: Ensure mapping for external IDP attributes exists keystone: @@ -134,8 +120,6 @@ insecure: "{{ keystone_service_adminuri_insecure }}" when: item.protocol.mapping.name is defined with_items: keystone_federated_protocols - tags: - - keystone-federation-sp - name: Ensure external IDP keystone: @@ -150,8 +134,6 @@ insecure: "{{ keystone_service_adminuri_insecure }}" when: item.name is defined with_items: keystone_sp.trusted_idp_list - tags: - - keystone-federation-sp - name: Ensure federation protocol exists keystone: @@ -166,5 +148,3 @@ insecure: "{{ keystone_service_adminuri_insecure }}" when: item.protocol.name is defined with_items: keystone_federated_protocols - tags: - - keystone-federation-sp diff --git a/tasks/keystone_federation_sp_setup.yml b/tasks/keystone_federation_sp_setup.yml index ba21f0d6..62159266 100644 --- a/tasks/keystone_federation_sp_setup.yml +++ b/tasks/keystone_federation_sp_setup.yml @@ -25,9 +25,6 @@ - { src: "shibboleth2.xml.j2", dest: "/etc/shibboleth/shibboleth2.xml" } notify: - Restart Shibd - tags: - - keystone-config - - keystone-federation-sp - name: Generate the Shibboleth SP key-pair shell: "shib-keygen -h {{ external_lb_vip_address }} -y {{ keystone_sp.cert_duration_years }}" @@ -37,9 +34,6 @@ notify: - Restart Apache - Restart Shibd - tags: - - keystone-config - - keystone-federation-sp - name: Store Shibboleth SP key-pair memcached: @@ -56,9 +50,6 @@ retries: 5 delay: 2 when: inventory_hostname == groups['keystone_all'][0] - tags: - - keystone-config - - keystone-federation-sp - name: Distribute the Shibboleth SP key-pair memcached: @@ -80,9 +71,6 @@ notify: - Restart Apache - Restart Shibd - tags: - - keystone-config - - keystone-federation-sp - name: Set appropriate file ownership on the Shibboleth SP key-pair file: @@ -96,6 +84,3 @@ notify: - Restart Apache - Restart Shibd - tags: - - keystone-config - - keystone-federation-sp diff --git a/tasks/keystone_fernet_keys_autorotate.yml b/tasks/keystone_fernet_keys_autorotate.yml index 18a1cad7..4e9f2596 100644 --- a/tasks/keystone_fernet_keys_autorotate.yml +++ b/tasks/keystone_fernet_keys_autorotate.yml @@ -25,8 +25,6 @@ owner: "{{ keystone_system_user_name }}" group: "{{ keystone_system_group_name }}" mode: "0755" - tags: - - keystone-fernet-auto-rotate # This creates the auto rotation job on the first keystone host. - name: Create auto rotation job @@ -38,8 +36,6 @@ cron_file: keystone-fernet-rotate when: > inventory_hostname == groups['keystone_all'][0] - tags: - - keystone-fernet-auto-rotate # This makes sure that no auto rotation jobs are on any other hosts. - name: Remove extra auto rotation job @@ -49,5 +45,3 @@ state: "absent" when: > inventory_hostname != groups['keystone_all'][0] - tags: - - keystone-fernet-auto-rotate diff --git a/tasks/keystone_fernet_keys_create.yml b/tasks/keystone_fernet_keys_create.yml index c4ed0739..2d95a924 100644 --- a/tasks/keystone_fernet_keys_create.yml +++ b/tasks/keystone_fernet_keys_create.yml @@ -17,8 +17,6 @@ stat: path: "{{ keystone_fernet_tokens_key_repository }}/0" register: _fernet_keys - tags: - - keystone-fernet - name: Create fernet keys for Keystone command: > @@ -28,10 +26,6 @@ become: yes become_user: "{{ keystone_system_user_name }}" when: not _fernet_keys.stat.exists - tags: - - keystone-setup - - keystone-fernet - - keystone-command-bin - name: Rotate fernet keys for Keystone command: > @@ -41,6 +35,3 @@ become: yes become_user: "{{ keystone_system_user_name }}" when: _fernet_keys.stat.exists - tags: - - keystone-fernet - - keystone-command-bin diff --git a/tasks/keystone_fernet_keys_distribute.yml b/tasks/keystone_fernet_keys_distribute.yml index c9e2f433..87a76fd7 100644 --- a/tasks/keystone_fernet_keys_distribute.yml +++ b/tasks/keystone_fernet_keys_distribute.yml @@ -23,5 +23,3 @@ become: yes become_user: "{{ keystone_system_user_name }}" with_items: groups['keystone_all'][1:] - tags: - - keystone-fernet-distribute diff --git a/tasks/keystone_idp_metadata.yml b/tasks/keystone_idp_metadata.yml index 48eebac4..8fa0e61a 100644 --- a/tasks/keystone_idp_metadata.yml +++ b/tasks/keystone_idp_metadata.yml @@ -20,7 +20,4 @@ become_user: "{{ keystone_system_user_name }}" when: keystone_idp is defined notify: - - Restart Apache - tags: - - keystone-config - - keystone-idp + - Restart Apache \ No newline at end of file diff --git a/tasks/keystone_idp_self_signed_create.yml b/tasks/keystone_idp_self_signed_create.yml index 2ae0094c..2168b8b7 100644 --- a/tasks/keystone_idp_self_signed_create.yml +++ b/tasks/keystone_idp_self_signed_create.yml @@ -33,9 +33,6 @@ when: > inventory_hostname == groups['keystone_all'][0] notify: Restart Apache - tags: - - keystone-config - - keystone-idp - name: Set appropriate file ownership on the IdP self-signed cert file: diff --git a/tasks/keystone_idp_self_signed_distribute.yml b/tasks/keystone_idp_self_signed_distribute.yml index 089a26bd..77215407 100644 --- a/tasks/keystone_idp_self_signed_distribute.yml +++ b/tasks/keystone_idp_self_signed_distribute.yml @@ -30,8 +30,6 @@ retries: 5 delay: 2 notify: Restart Apache - tags: - - keystone-idp - name: Set appropriate file ownership on the IdP self-signed cert file: diff --git a/tasks/keystone_idp_self_signed_store.yml b/tasks/keystone_idp_self_signed_store.yml index 2d39af0c..b9af1d67 100644 --- a/tasks/keystone_idp_self_signed_store.yml +++ b/tasks/keystone_idp_self_signed_store.yml @@ -27,5 +27,3 @@ until: memcache_keys|success retries: 5 delay: 2 - tags: - - keystone-idp diff --git a/tasks/keystone_idp_sp_setup.yml b/tasks/keystone_idp_sp_setup.yml index 3263b32b..12aac80f 100644 --- a/tasks/keystone_idp_sp_setup.yml +++ b/tasks/keystone_idp_sp_setup.yml @@ -28,5 +28,3 @@ until: add_service_providers|success retries: 5 delay: 10 - tags: - - keystone-idp diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml index d71b261d..a0617566 100644 --- a/tasks/keystone_install.yml +++ b/tasks/keystone_install.yml @@ -16,8 +16,6 @@ - include: keystone_install_apt.yml when: - ansible_pkg_mgr == 'apt' - tags: - - install-apt - name: Create developer mode constraint file copy: @@ -28,9 +26,6 @@ {% endfor %} when: - keystone_developer_mode | bool - tags: - - keystone-install - - keystone-pip-packages - name: Clone requirements git repository git: @@ -41,27 +36,18 @@ version: "{{ keystone_requirements_git_install_branch }}" when: - keystone_developer_mode | bool - tags: - - keystone-install - - keystone-pip-packages - name: Add constraints to pip_install_options fact for developer mode set_fact: pip_install_options_fact: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt --constraint /opt/requirements/upper-constraints.txt" when: - keystone_developer_mode | bool - tags: - - keystone-install - - keystone-pip-packages - name: Set pip_install_options_fact when not in developer mode set_fact: pip_install_options_fact: "{{ pip_install_options|default('') }}" when: - not keystone_developer_mode | bool - tags: - - keystone-install - - keystone-pip-packages - name: Install requires pip packages pip: @@ -73,9 +59,6 @@ retries: 5 delay: 2 with_items: keystone_requires_pip_packages - tags: - - keystone-install - - keystone-pip-packages - name: Get local venv checksum stat: @@ -85,9 +68,6 @@ - not keystone_developer_mode | bool - keystone_venv_enabled | bool register: local_venv_stat - tags: - - keystone-install - - keystone-pip-packages - name: Get remote venv checksum uri: @@ -97,9 +77,6 @@ - not keystone_developer_mode | bool - keystone_venv_enabled | bool register: remote_venv_checksum - tags: - - keystone-install - - keystone-pip-packages # TODO: When project moves to ansible 2 we can pass this a sha256sum which will: # a) allow us to remove force: yes @@ -118,17 +95,11 @@ - keystone_venv_enabled | bool - (local_venv_stat.stat.exists == False or {{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }}) - tags: - - keystone-install - - keystone-pip-packages - name: Set keystone get_venv fact set_fact: keystone_get_venv: "{{ get_venv }}" when: keystone_venv_enabled | bool - tags: - - keystone-install - - keystone-pip-packages - name: Remove existing venv file: @@ -137,9 +108,6 @@ when: - keystone_venv_enabled | bool - keystone_get_venv | changed - tags: - - keystone-install - - keystone-pip-packages - name: Create keystone venv dir file: @@ -149,9 +117,6 @@ - not keystone_developer_mode | bool - keystone_venv_enabled | bool - keystone_get_venv | changed - tags: - - keystone-install - - keystone-pip-packages - name: Unarchive pre-built venv unarchive: @@ -164,9 +129,6 @@ - keystone_get_venv | changed notify: - Restart Apache - tags: - - keystone-install - - keystone-pip-packages - name: Update virtualenv path command: > @@ -175,9 +137,6 @@ - not keystone_developer_mode | bool - keystone_venv_enabled | bool - keystone_get_venv | success - tags: - - keystone-install - - keystone-pip-packages - name: Install pip packages (venv) pip: @@ -196,9 +155,6 @@ - keystone_get_venv | failed or keystone_developer_mode | bool notify: - Restart Apache - tags: - - keystone-install - - keystone-pip-packages - name: Install pip packages (no venv) pip: @@ -215,6 +171,3 @@ - not keystone_venv_enabled | bool notify: - Restart Apache - tags: - - keystone-install - - keystone-pip-packages diff --git a/tasks/keystone_install_apt.yml b/tasks/keystone_install_apt.yml index 7eea5b4b..78317729 100644 --- a/tasks/keystone_install_apt.yml +++ b/tasks/keystone_install_apt.yml @@ -21,8 +21,6 @@ until: apt_update|success retries: 5 delay: 2 - tags: - - keystone-apt-packages - name: Install apt packages apt: @@ -33,9 +31,6 @@ retries: 5 delay: 2 with_items: keystone_apt_packages - tags: - - keystone-install - - keystone-apt-packages - name: Install IdP apt packages apt: @@ -47,9 +42,6 @@ delay: 2 with_items: keystone_idp_apt_packages when: keystone_idp is defined - tags: - - keystone-install - - keystone-apt-packages - name: Install SP apt packages apt: @@ -61,9 +53,6 @@ delay: 2 with_items: keystone_sp_apt_packages when: keystone_sp is defined - tags: - - keystone-install - - keystone-apt-packages - name: Install developer mode apt packages apt: @@ -76,6 +65,3 @@ with_items: keystone_developer_apt_packages when: - keystone_developer_mode | bool - tags: - - keystone-install - - keystone-apt-packages diff --git a/tasks/keystone_key_distribute.yml b/tasks/keystone_key_distribute.yml index 760e6287..d421bdb0 100644 --- a/tasks/keystone_key_distribute.yml +++ b/tasks/keystone_key_distribute.yml @@ -18,6 +18,3 @@ user: "{{ keystone_system_user_name }}" key: "{{ hostvars[item]['keystone_pubkey'] | b64decode }}" with_items: groups['keystone_all'] - tags: - - keystone-key - - keystone-key-distribute diff --git a/tasks/keystone_key_populate.yml b/tasks/keystone_key_populate.yml index b61ad53f..7332c220 100644 --- a/tasks/keystone_key_populate.yml +++ b/tasks/keystone_key_populate.yml @@ -18,13 +18,7 @@ src: "{{ keystone_system_user_home }}/.ssh/id_rsa.pub" register: keystone_pub changed_when: false - tags: - - keystone-key - - keystone-key-create - name: Register a fact for the keystone pub key set_fact: keystone_pubkey: "{{ keystone_pub.content }}" - tags: - - keystone-key - - keystone-key-create diff --git a/tasks/keystone_key_setup.yml b/tasks/keystone_key_setup.yml index 6a208914..eeb0bd5f 100644 --- a/tasks/keystone_key_setup.yml +++ b/tasks/keystone_key_setup.yml @@ -14,11 +14,5 @@ # limitations under the License. - include: keystone_key_populate.yml - tags: - - keystone-key - - keystone-key-create - include: keystone_key_distribute.yml - tags: - - keystone-key - - keystone-key-distribute diff --git a/tasks/keystone_ldap_setup.yml b/tasks/keystone_ldap_setup.yml index cd7c9b29..f6f19754 100644 --- a/tasks/keystone_ldap_setup.yml +++ b/tasks/keystone_ldap_setup.yml @@ -25,8 +25,6 @@ insecure: "{{ keystone_service_adminuri_insecure }}" with_dict: keystone_ldap run_once: true - tags: - - keystone-ldap-domain-create - name: Create Keystone LDAP domain configs template: @@ -38,8 +36,6 @@ with_dict: keystone_ldap notify: - Restart Apache - tags: - - keystone-ldap-domain-config # Bug 1547542 - Older versions of the keystone role would deploy a blank # keystone.Default.conf and this will cause errors when adding LDAP-backed @@ -51,5 +47,3 @@ when: keystone_ldap.Default is not defined notify: - Restart Apache - tags: - - keystone-ldap-domain-config diff --git a/tasks/keystone_messaging_setup.yml b/tasks/keystone_messaging_setup.yml index ddd11c23..92a54e75 100644 --- a/tasks/keystone_messaging_setup.yml +++ b/tasks/keystone_messaging_setup.yml @@ -18,9 +18,6 @@ name: "{{ keystone_rabbitmq_vhost }}" state: "present" delegate_to: "{{ groups['rabbitmq_all'][0] }}" - tags: - - keystone-rabbitmq - - keystone-rabbitmq-vhost - name: Ensure rabbitmq user rabbitmq_user: @@ -32,6 +29,3 @@ write_priv: ".*" state: "present" delegate_to: "{{ groups['rabbitmq_all'][0] }}" - tags: - - keystone-rabbitmq - - keystone-rabbitmq-user diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml index 8bfecf2b..5414a336 100644 --- a/tasks/keystone_post_install.yml +++ b/tasks/keystone_post_install.yml @@ -37,8 +37,6 @@ config_type: "json" notify: - Restart Apache - tags: - - keystone-config - name: Drop Keystone Configs copy: @@ -49,8 +47,6 @@ mode: "0644" notify: - Restart Apache - tags: - - keystone-config - name: Drop Keystone WSGI Configs template: @@ -64,21 +60,15 @@ - { src: "keystone-wsgi.py.j2", dest: "/var/www/cgi-bin/keystone/main", mode: "0755" } notify: - Restart Apache - tags: - - keystone-config - name: Get keystone command path command: which keystone register: keystone_command_path when: - not keystone_venv_enabled | bool - tags: - - keystone-command-bin - name: Set keystone command path set_fact: keystone_bin: "{{ keystone_command_path.stdout | dirname }}" when: - not keystone_venv_enabled | bool - tags: - - keystone-command-bin diff --git a/tasks/keystone_pre_install.yml b/tasks/keystone_pre_install.yml index e5f7fc69..defd96de 100644 --- a/tasks/keystone_pre_install.yml +++ b/tasks/keystone_pre_install.yml @@ -18,8 +18,6 @@ name: "{{ keystone_system_group_name }}" state: "present" system: "yes" - tags: - - keystone-group - name: create additional groups group: @@ -27,8 +25,6 @@ state: "present" system: "yes" with_items: keystone_system_additional_groups - tags: - - keystone-group - name: Remove old key file(s) if found file: @@ -39,9 +35,6 @@ - "{{ keystone_system_user_home }}/.ssh/id_rsa" - "{{ keystone_system_user_home }}/.ssh/id_rsa.pub" when: keystone_recreate_keys | bool - tags: - - keystone-key - - keystone-key-create - name: Create the keystone system user user: @@ -54,10 +47,6 @@ createhome: "yes" home: "{{ keystone_system_user_home }}" generate_ssh_key: "yes" - tags: - - keystone-user - - keystone-key - - keystone-key-create - name: Create keystone dir file: @@ -75,8 +64,6 @@ - { path: "{{ keystone_system_user_home }}" } - { path: "/var/www/cgi-bin", owner: root, group: root } - { path: "/var/www/cgi-bin/keystone" } - tags: - - keystone-dirs - name: Create keystone venv dir file: @@ -86,8 +73,6 @@ - { path: "/openstack/venvs" } - { path: "{{ keystone_venv_bin }}" } when: keystone_venv_enabled | bool - tags: - - keystone-dirs - name: Test for log directory or link shell: | @@ -100,9 +85,6 @@ register: log_dir failed_when: false changed_when: log_dir.rc != 0 - tags: - - keystone-dirs - - keystone-logs - name: Create keystone log dir file: @@ -112,6 +94,3 @@ group: "{{ keystone_system_group_name }}" mode: "0755" when: log_dir.rc != 0 - tags: - - keystone-dirs - - keystone-logs diff --git a/tasks/keystone_service_setup.yml b/tasks/keystone_service_setup.yml index 57ef307e..47c81e0b 100644 --- a/tasks/keystone_service_setup.yml +++ b/tasks/keystone_service_setup.yml @@ -18,9 +18,6 @@ name: "{{ keystone_system_service_name }}" state: restarted pattern: "{{ keystone_system_service_name }}" - tags: - - keystone-db-sync - - keystone-setup - name: Wait for keystone admin to come up wait_for: @@ -28,9 +25,6 @@ port: "{{ keystone_admin_port }}" timeout: 25 delay: 10 - tags: - - keystone-db-sync - - keystone-setup - name: Wait for keystone service to come up wait_for: @@ -38,9 +32,6 @@ port: "{{ keystone_service_port }}" timeout: 25 delay: 10 - tags: - - keystone-db-sync - - keystone-setup - name: Bootstrap keystone admin and endpoint command: | @@ -60,10 +51,6 @@ until: add_service|success retries: 5 delay: 10 - tags: - - keystone-api-setup - - keystone-service-add - - keystone-setup # Create a service tenant - name: Ensure service tenant @@ -80,9 +67,6 @@ until: add_service|success retries: 5 delay: 10 - tags: - - keystone-api-setup - - keystone-setup # Add the default user role - name: Ensure default keystone user role @@ -99,9 +83,6 @@ until: add_member_role|success retries: 5 delay: 10 - tags: - - keystone-api-setup - - keystone-setup # Create a service - name: Ensure Keystone Service @@ -119,10 +100,6 @@ until: add_service|success retries: 5 delay: 10 - tags: - - keystone-api-setup - - keystone-service-add - - keystone-setup # Create a service user - name: Ensure Keystone user @@ -140,10 +117,6 @@ until: add_service|success retries: 5 delay: 10 - tags: - - keystone-api-setup - - keystone-service-add - - keystone-setup # Add a role to the user - name: Ensure Keystone user to Admin role @@ -161,7 +134,3 @@ until: add_service|success retries: 5 delay: 10 - tags: - - keystone-api-setup - - keystone-service-add - - keystone-setup diff --git a/tasks/keystone_ssl.yml b/tasks/keystone_ssl.yml index 8c794133..d89dd082 100644 --- a/tasks/keystone_ssl.yml +++ b/tasks/keystone_ssl.yml @@ -17,9 +17,5 @@ when: > keystone_ssl | bool and (keystone_user_ssl_cert is not defined or keystone_user_ssl_key is not defined) - tags: - - keystone-ssl - include: keystone_ssl_user_provided.yml - tags: - - keystone-ssl diff --git a/tasks/keystone_ssl_key_create.yml b/tasks/keystone_ssl_key_create.yml index dab2010a..eaa8d2ad 100644 --- a/tasks/keystone_ssl_key_create.yml +++ b/tasks/keystone_ssl_key_create.yml @@ -18,8 +18,6 @@ dest: "{{ keystone_ssl_cert }}" state: "absent" when: keystone_ssl_self_signed_regen | bool - tags: - - keystone-ssl - name: Create self-signed Apache ssl cert command: > @@ -31,9 +29,6 @@ -extensions v3_ca creates={{ keystone_ssl_cert }} notify: Restart Apache - tags: - - keystone-configs - - keystone-ssl - name: Ensure keystone user owns the self-signed key and certificate file: @@ -45,5 +40,3 @@ - "{{ keystone_ssl_key }}" - "{{ keystone_ssl_cert }}" notify: Restart Apache - tags: - - keystone-ssl diff --git a/tasks/keystone_ssl_key_distribute.yml b/tasks/keystone_ssl_key_distribute.yml index b73a2dcf..a14c5586 100644 --- a/tasks/keystone_ssl_key_distribute.yml +++ b/tasks/keystone_ssl_key_distribute.yml @@ -20,8 +20,6 @@ owner: "{{ keystone_system_user_name }}" group: "{{ keystone_system_group_name }}" mode: "0640" - tags: - - keystone-ssl - name: Distribute self signed ssl cert copy: @@ -30,8 +28,6 @@ owner: "{{ keystone_system_user_name }}" group: "{{ keystone_system_group_name }}" mode: "0640" - tags: - - keystone-ssl - name: Ensure keystone user owns the self-signed key and certificate file: @@ -41,5 +37,3 @@ with_items: - "{{ keystone_ssl_key }}" - "{{ keystone_ssl_cert }}" - tags: - - keystone-ssl diff --git a/tasks/keystone_ssl_key_store.yml b/tasks/keystone_ssl_key_store.yml index b4a4df13..ee7f2c8c 100644 --- a/tasks/keystone_ssl_key_store.yml +++ b/tasks/keystone_ssl_key_store.yml @@ -18,20 +18,14 @@ src: "{{ keystone_ssl_cert }}" register: _keystone_ssl_cert changed_when: false - tags: - - keystone-ssl - name: Store ssl key slurp: src: "{{ keystone_ssl_key }}" register: _keystone_ssl_key changed_when: false - tags: - - keystone-ssl - name: Register a fact for the cert and key set_fact: keystone_ssl_cert_fact: "{{ _keystone_ssl_cert.content }}" keystone_ssl_key_fact: "{{ _keystone_ssl_key.content }}" - tags: - - keystone-ssl diff --git a/tasks/keystone_ssl_user_provided.yml b/tasks/keystone_ssl_user_provided.yml index e0f7a6fb..ccb569e4 100644 --- a/tasks/keystone_ssl_user_provided.yml +++ b/tasks/keystone_ssl_user_provided.yml @@ -22,9 +22,6 @@ mode: "0644" when: keystone_user_ssl_cert is defined notify: Restart Apache - tags: - - keystone-configs - - keystone-ssl - name: Drop user provided ssl key copy: @@ -35,9 +32,6 @@ mode: "0640" when: keystone_user_ssl_key is defined notify: Restart Apache - tags: - - keystone-configs - - keystone-ssl - name: Drop user provided ssl CA cert copy: @@ -48,6 +42,3 @@ mode: "0644" when: keystone_user_ssl_ca_cert is defined notify: Restart Apache - tags: - - keystone-configs - - keystone-ssl diff --git a/tasks/keystone_token_cleanup.yml b/tasks/keystone_token_cleanup.yml index 0a785c68..5032d909 100644 --- a/tasks/keystone_token_cleanup.yml +++ b/tasks/keystone_token_cleanup.yml @@ -18,6 +18,4 @@ name: "Clear out stale keystone tokens" minute: 0 job: "{{ keystone_bin }}/keystone-manage token_flush" - user: "{{ keystone_system_user_name }}" - tags: - - keystone-config + user: "{{ keystone_system_user_name }}" \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 64eb1411..4040c17f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -31,38 +31,64 @@ - always - include: keystone_pre_install.yml + tags: + - keystone-install + - include: keystone_install.yml + tags: + - keystone-install + - include: keystone_post_install.yml + tags: + - keystone-install + - keystone-config - include: keystone_key_setup.yml tags: - - keystone-key - - keystone-key-distribute + - keystone-install - include: keystone_fernet.yml tags: - - keystone-fernet + - keystone-install + - keystone-config when: - "'fernet' in keystone_token_provider" - keystone_service_setup | bool - include: keystone_federation_sp_setup.yml + tags: + - keystone-install + - keystone-config when: - keystone_sp is defined - include: keystone_db_setup.yml + tags: + - keystone-install when: - keystone_database_enabled | bool - inventory_hostname == groups['keystone_all'][0] - include: keystone_token_cleanup.yml + tags: + - keystone-install when: - "'sql' in keystone_token_driver" - include: keystone_ssl.yml + tags: + - keystone-install + - keystone-config + - include: keystone_apache.yml + tags: + - keystone-install + - keystone-config - include: keystone_service_setup.yml + tags: + - keystone-install + - keystone-config when: - keystone_service_setup | bool - inventory_hostname == groups['keystone_all'][0] @@ -71,10 +97,13 @@ when: - keystone_service_setup | bool tags: + - keystone-install - keystone-config - - keystone-ldap - include: keystone_federation_sp_idp_setup.yml + tags: + - keystone-install + - keystone-config when: - keystone_service_setup | bool - keystone_sp is defined @@ -84,5 +113,8 @@ meta: flush_handlers - include: keystone_idp_setup.yml + tags: + - keystone-install + - keystone-config when: - keystone_idp is defined