From 096ed19665dad45fe9b1c1790ba599d90ccf233c Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Tue, 18 Sep 2018 17:41:20 +0100
Subject: [PATCH] Implement LDAP domains using last keystone host

To ensure that the domains can be created, we only execute
the tasks on the last member of the keystone_all group so
that the load balancer has at least one other host to work
against.

We also replace the OSA keystone module in the task with
the standard Ansible module, and delegate the task to the
service setup host.

Change-Id: I66ed21cdcf42d0c2012062c8cf74305fecbec312
---
 tasks/keystone_ldap_setup.yml | 27 +++++++++++++++------------
 tasks/main.yml                |  4 +++-
 2 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/tasks/keystone_ldap_setup.yml b/tasks/keystone_ldap_setup.yml
index e25a4b53..705eb6d9 100644
--- a/tasks/keystone_ldap_setup.yml
+++ b/tasks/keystone_ldap_setup.yml
@@ -13,19 +13,22 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
-- name: Create Keystone LDAP domains
-  keystone:
-    command: ensure_domain
-    domain_name: "{{ item.key }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    endpoint: "{{ keystone_service_adminurl }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+- name: Add LDAP domains
+  os_keystone_domain:
+    cloud: default
+    state: present
+    name: "{{ item.key }}"
+    endpoint_type: admin
+    verify: "{{ not keystone_service_adminuri_insecure }}"
+  register: add_ldap_domain
+  until: add_ldap_domain is success
+  retries: 5
+  delay: 10
   with_dict: "{{ keystone_ldap }}"
-  no_log: true
-  run_once: true
+  delegate_to: "{{ keystone_service_setup_host }}"
+  vars:
+    ansible_python_interpreter: >-
+      {{ (keystone_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
 
 - name: Create Keystone LDAP domain configs
   template:
diff --git a/tasks/main.yml b/tasks/main.yml
index fd799298..b16ef62c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -164,7 +164,9 @@
     - keystone-config
 
 - include_tasks: keystone_ldap_setup.yml
-  when: keystone_service_setup | bool
+  when:
+    - "inventory_hostname == ((groups['keystone_all'] | intersect(ansible_play_hosts)) | list)[-1]"
+    - "keystone_service_setup | bool"
   tags:
     - keystone-config