--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # If SSH is not running on all nodes immediately, then # the key rotation script will not be able to copy the # keys to the other nodes when they rotate. - name: Enable SSHD on all keystone hosts systemd: name: "{{ keystone_sshd }}" state: started enabled: yes masked: no daemon_reload: yes delegate_to: "{{ item }}" with_items: "{{ ansible_play_hosts }}" when: _keystone_is_first_play_host - name: Generate the keystone system user ssh key user: name: "{{ keystone_system_user_name }}" generate_ssh_key: "yes" delegate_to: "{{ item }}" with_items: "{{ ansible_play_hosts }}" when: _keystone_is_first_play_host - name: Copy keystone configuration files openstack.config_template.config_template: src: "keystone.conf.j2" dest: "/etc/keystone/keystone.conf" owner: "root" group: "{{ keystone_system_group_name }}" mode: "0640" config_overrides: "{{ keystone_keystone_conf_overrides }}" config_type: "ini" notify: - Manage LB - Restart uWSGI - Restart web server - name: Implement policy.yaml if there are overrides configured openstack.config_template.config_template: content: "{{ keystone_policy_overrides }}" dest: "/etc/keystone/policy.yaml" owner: "root" group: "{{ keystone_system_group_name }}" mode: "0640" config_type: yaml when: - keystone_policy_overrides | length > 0 tags: - keystone-policy-override - name: Remove legacy policy.yaml file file: path: "/etc/keystone/policy.yaml" state: absent when: - keystone_policy_overrides | length == 0 tags: - keystone-policy-override # NOTE(cloudnull): This is using "cp" instead of copy with a remote_source # because we only want to copy the original files once. and we # don't want to need multiple tasks. - name: Preserve original configuration file(s) command: "cp {{ item.target_f }} {{ item.target_f }}.original" args: creates: "{{ item.target_f }}.original" with_items: "{{ keystone_core_files }}" - name: Fetch override files fetch: src: "{{ item.target_f }}" dest: "{{ item.tmp_f }}" flat: yes changed_when: false run_once: true with_items: "{{ keystone_core_files }}" - name: Copy common config openstack.config_template.config_template: src: "{{ item.tmp_f }}" dest: "{{ item.target_f }}" owner: "root" group: "{{ item.group | default(keystone_system_group_name) }}" mode: "0640" config_overrides: "{{ item.config_overrides }}" config_type: "{{ item.config_type }}" with_items: "{{ keystone_core_files }}" notify: - Restart uWSGI - Restart web server - name: Cleanup fetched temp files file: path: "{{ item.tmp_f }}" state: absent changed_when: false delegate_to: localhost run_once: true with_items: "{{ keystone_core_files }}" - name: Copy sso callback file copy: src: "{{ keystone_sso_callback_file_path }}" dest: "/etc/keystone/sso_callback_template.html" when: - keystone_sso_callback_file_path is defined notify: - Restart uWSGI - Restart web server