From 8c1ebb02a92700a8c9d68f4eff162df65553b50a Mon Sep 17 00:00:00 2001
From: Markos Chandras <mchandras@suse.de>
Date: Tue, 4 Jul 2017 10:11:05 +0100
Subject: [PATCH] Add support for the openSUSE Leap distributions

Add support for the openSUSE Leap distributions. Additionally,
for openSUSE, we need to load some extra apache2 modules which are
not there by default.

Change-Id: Iac555cefa0a7a6ecf344761d54644fd3fa2443f9
---
 meta/main.yml              |  5 ++
 tasks/keystone_apache.yml  | 12 ++---
 tasks/keystone_install.yml |  2 +-
 tasks/keystone_nginx.yml   |  9 +++-
 vars/suse-42.yml           | 93 ++++++++++++++++++++++++++++++++++++++
 vars/ubuntu-16.04.yml      |  8 ++++
 6 files changed, 118 insertions(+), 11 deletions(-)
 create mode 100644 vars/suse-42.yml

diff --git a/meta/main.yml b/meta/main.yml
index 08f5c4cc..056248eb 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -26,6 +26,11 @@ galaxy_info:
     - name: EL
       versions:
         - 7
+    - name: opensuse
+      versions:
+        - 42.1
+        - 42.2
+        - 42.3
   categories:
     - cloud
     - python
diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml
index 4fce7956..915ee378 100644
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@@ -33,20 +33,14 @@
     group: "{{ keystone_apache_default_log_grp }}"
 
 ## NOTE(cloudnull):
-## Module enable/disable process is only functional on Debian based systems.
+## Module enable/disable process is only functional on Debian and SUSE based systems.
 - name: Enable/disable apache2 modules
   apache2_module:
     name: "{{ item.name }}"
     state: "{{ item.state }}"
-  with_items:
-    - name: "ssl"
-      state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
-    - name: "shib2"
-      state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
-    - name: "proxy_http"
-      state: "present"
+  with_items: "{{ keystone_apache_modules }}"
   when:
-    - ansible_pkg_mgr == 'apt'
+    - ansible_pkg_mgr in ['apt', 'zypper']
   notify:
     - Restart web server
 
diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml
index 1bf1e080..037dd4b4 100644
--- a/tasks/keystone_install.yml
+++ b/tasks/keystone_install.yml
@@ -69,7 +69,7 @@
   package:
     name: "{{ keystone_package_list }}"
     state: "{{ keystone_package_state }}"
-    update_cache: "{{ (ansible_pkg_mgr == 'apt') | ternary('yes', omit) }}"
+    update_cache: "{{ (ansible_pkg_mgr in ['apt', 'zypper']) | ternary('yes', omit) }}"
     cache_valid_time: "{{ (ansible_pkg_mgr == 'apt') | ternary(cache_timeout, omit) }}"
   register: install_packages
   until: install_packages | success
diff --git a/tasks/keystone_nginx.yml b/tasks/keystone_nginx.yml
index 119bfa78..d06d1778 100644
--- a/tasks/keystone_nginx.yml
+++ b/tasks/keystone_nginx.yml
@@ -28,12 +28,19 @@
 
 - name: Configure custom nginx log format
   lineinfile:
-    insertbefore: access_log
+    # NOTE(hwoarang) Not every nginx.conf file is the same
+    # so it's best if we just append new stuff after known starting blocks.
+    insertafter: http {
     dest: "/etc/nginx/nginx.conf"
     line: "log_format custom '{{ keystone_nginx_access_log_format_combined }} {{ keystone_nginx_access_log_format_extras }}';"
   notify:
     - Restart web server
 
+- name: Ensure configuration directory exists
+  file:
+    path: "/etc/nginx/{{ keystone_nginx_conf_path }}"
+    state: directory
+
 # Configure app
 - name: Configure virtual hosts
   template:
diff --git a/vars/suse-42.yml b/vars/suse-42.yml
new file mode 100644
index 00000000..4abc8de6
--- /dev/null
+++ b/vars/suse-42.yml
@@ -0,0 +1,93 @@
+---
+# Copyright 2016, Rackspace US, Inc.
+# Copyright 2017, SUSE LINUX GmbH.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+keystone_distro_packages:
+  - ca-certificates
+  - cronie
+  - cyrus-sasl-devel
+  - git-core
+  - libffi-devel
+  - libxml2-devel
+  - libxslt-devel
+  - openldap2
+  - openldap2-devel
+  - openssl
+  - python-devel
+  - rsync
+  - which
+
+keystone_apache_distro_packages:
+  - apache2
+  - apache2-utils
+  - apache2-mod_proxy_uwsgi
+
+keystone_mod_wsgi_distro_packages:
+  - apache2-mod_wsgi
+
+keystone_mod_proxy_uwsgi_distro_packages:
+  - apache2-mod_uwsgi
+
+keystone_nginx_distro_packages:
+  - nginx
+
+keystone_idp_distro_packages:
+  - xmlsec1
+
+keystone_sp_distro_packages:
+  - shibboleth-sp
+
+keystone_developer_mode_distro_packages:
+  - patterns-openSUSE-devel_basis
+
+keystone_apache_default_sites:
+  - "/etc/apache2/conf.d/gitweb.conf"
+
+keystone_apache_conf: "/etc/apache2/httpd.conf"
+keystone_apache_default_log_folder: "/var/log/apache2"
+keystone_apache_default_log_owner: "root"
+keystone_apache_default_log_grp: "root"
+keystone_apache_security_conf: "{{ keystone_apache_conf }}"
+
+keystone_apache_configs:
+  - { src: "keystone-ports.conf.j2", dest: "/etc/apache2/conf.d/ports.conf" }
+  - { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/conf.d/keystone-httpd.conf" }
+  - { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mod_{{ keystone_httpd_mpm_backend }}.conf" }
+
+keystone_apache_modules:
+  - name: "authz_host"
+    state: "present"
+  - name: "access_compat"
+    state: "present"
+  - name: "version"
+    state: "present"
+  - name: "ssl"
+    state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
+  - name: "shib2"
+    state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
+  - name: "proxy"
+    state: "present"
+  - name: "proxy_http"
+    state: "present"
+  - name: "proxy_fcgi"
+    state: "present"
+  - name: "proxy_wstunnel"
+    state: "present"
+  - name: "proxy_uwsgi"
+    state: "present"
+
+keystone_nginx_conf_path: 'conf.d'
+
+keystone_system_service_name: apache2
diff --git a/vars/ubuntu-16.04.yml b/vars/ubuntu-16.04.yml
index 73edc33d..17de72b9 100644
--- a/vars/ubuntu-16.04.yml
+++ b/vars/ubuntu-16.04.yml
@@ -70,6 +70,14 @@ keystone_apache_configs:
   - { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
   - { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
 
+keystone_apache_modules:
+  - name: "ssl"
+    state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
+  - name: "shib2"
+    state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
+  - name: "proxy_http"
+    state: "present"
+
 keystone_nginx_conf_path: "sites-available"
 
 keystone_system_service_name: apache2