--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # If SSH is not running on all nodes immediately, then # the key rotation script will not be able to copy the # keys to the other nodes when they rotate. - name: Enable SSHD on all keystone hosts systemd: name: "{{ keystone_sshd }}" state: started enabled: yes masked: no daemon_reload: yes delegate_to: "{{ item }}" with_items: "{{ ansible_play_hosts }}" when: "inventory_hostname == ansible_play_hosts[0]" - name: Generate the keystone system user ssh key user: name: "{{ keystone_system_user_name }}" generate_ssh_key: "yes" delegate_to: "{{ item }}" with_items: "{{ ansible_play_hosts }}" when: "inventory_hostname == ansible_play_hosts[0]" - name: Check whether user-provided configuration files are provided stat: path: "{{ item }}" with_items: - "{{ keystone_policy_default_file_path }}" - "{{ keystone_sso_callback_file_path }}" register: _user_provided_config_files delegate_to: localhost - name: Ensure that local config cache path exists on the deploy host file: path: "{{ keystone_config_cache_path }}" state: directory owner: "{{ keystone_config_cache_path_owner }}" delegate_to: localhost run_once: yes - name: Retrieve default configuration files from venv fetch: src: "{{ _keystone_etc }}/keystone/{{ keystone_sso_callback_file_path | basename }}" dest: "{{ keystone_config_cache_path }}/" flat: yes run_once: yes - name: Copy keystone configuration files config_template: content: "{{ item.content | default(omit) }}" src: "{{ item.src | default(omit) }}" dest: "{{ item.dest }}" owner: "root" group: "{{ keystone_system_group_name }}" mode: "0640" config_overrides: "{{ item.config_overrides }}" config_type: "{{ item.config_type }}" when: - item.condition | default(True) with_items: - src: "keystone.conf.j2" dest: "/etc/keystone/keystone.conf" config_overrides: "{{ keystone_keystone_conf_overrides }}" config_type: "ini" - src: "{{ keystone_policy_default_file_path }}" dest: "/etc/keystone/policy.json-{{ keystone_venv_tag }}" config_overrides: "{{ keystone_policy_overrides }}" config_type: "json" condition: >- {{ _user_provided_config_files['results'][0]['stat']['exists'] | bool }} notify: - Manage LB - Restart uWSGI - Restart web server - name: Copy Keystone Federation SP SSO callback template copy: src: >- {{ (_user_provided_config_files['results'][1]['stat']['exists'] | bool) | ternary(keystone_sso_callback_file_path, keystone_config_cache_path ~ '/' ~ keystone_sso_callback_file_path | basename) }} dest: "/etc/keystone/sso_callback_template.html" owner: "{{ keystone_system_user_name }}" group: "{{ keystone_system_group_name }}" mode: "0644" when: - keystone_sp != {} notify: - Manage LB - Restart uWSGI - Restart web server - name: Clean up Keystone Federation SP SSO callback template file: path: "/etc/keystone/sso_callback_template.html" state: absent when: - keystone_sp == {} notify: - Manage LB - Restart uWSGI - Restart web server