openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Updated ldap config to support multi domain

Browse Source 
Enables default domain support using ldap. This change moves the
ldap config to the default domain and enables domain specific
drivers.

Change-Id: I85f6610a25617fdea1fc216b53df0ab30260fed9
Cloes-Bug: 1447768
This commit is contained in:
Kevin Carter 2015-04-28 12:53:45 -05:00
parent 8fa62d0829
commit d2bff403bd
5 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
defaults/main.yml
View File

@ -134,6 +134,9 @@ keystone_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
# password: "secrete" # password: "secrete"
# ... # ...
keystone_ldap_identity_driver: keystone.identity.backends.ldap.Identity
keystone_ldap_domain_config_dir: /etc/keystone/domains
## Policy vars ## Policy vars
# Provide a list of access controls to update the default policy.json with. These changes will be merged # Provide a list of access controls to update the default policy.json with. These changes will be merged
# with the access controls in the default policy.json. E.g. # with the access controls in the default policy.json. E.g.

1
tasks/keystone_post_install.yml
View File

@ -21,6 +21,7 @@
group: "{{ keystone_system_group_name }}" group: "{{ keystone_system_group_name }}"
with_items: with_items:
- { src: "keystone.conf.j2", dest: "/etc/keystone/keystone.conf" } - { src: "keystone.conf.j2", dest: "/etc/keystone/keystone.conf" }
- { src: "keystone.Default.conf.j2", dest: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf" }
notify: notify:
- Restart Apache - Restart Apache
tags: tags:

1
tasks/keystone_pre_install.yml
View File

@ -41,6 +41,7 @@
group: "{{ item.group|default(keystone_system_group_name) }}" group: "{{ item.group|default(keystone_system_group_name) }}"
with_items: with_items:
- { path: "/etc/keystone" } - { path: "/etc/keystone" }
- { path: "{{ keystone_ldap_domain_config_dir }}" }
- { path: "/etc/keystone/ssl" } - { path: "/etc/keystone/ssl" }
- { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
- { path: "{{ keystone_system_user_home }}" } - { path: "{{ keystone_system_user_home }}" }

12
templates/keystone.Default.conf.j2 Normal file
View File

@ -0,0 +1,12 @@
# LDAP configuration options
{% if keystone_ldap is defined %}
[identity]
driver = {{ keystone_ldap_identity_driver }}
{% for section in keystone_ldap|dictsort %}
[{{ section.0 }}]
{% for key, value in section.1.items() %}
{{ key }} = {{ value }}
{% endfor %}
{% endfor %}
{% endif %}

14
templates/keystone.conf.j2
View File

@ -56,6 +56,10 @@ pool_timeout = {{ keystone_database_pool_timeout }}
[identity] [identity]
driver = {{ keystone_identity_driver }} driver = {{ keystone_identity_driver }}
{% if keystone_ldap is defined %}
domain_config_dir = {{ keystone_ldap_domain_config_dir }}
domain_specific_drivers_enabled = True
{% endif %}
[assignment] [assignment]
@ -68,16 +72,6 @@ caching = true
driver = {{ keystone_resource_driver }} driver = {{ keystone_resource_driver }}
{% if keystone_ldap is defined %}
{% for section in keystone_ldap|dictsort %}
[{{ section.0 }}]
{% for key, value in section.1.items() %}
{{ key }} = {{ value }}
{% endfor %}
{% endfor %}
{% endif %}
[token] [token]
enforce_token_bind = permissive enforce_token_bind = permissive
expiration = {{ keystone_token_expiration }} expiration = {{ keystone_token_expiration }}