openstack-ansible-os_keystone/tasks/keystone_install.yml

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Create keystone dir
  file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner|default(keystone_system_user_name) }}"
    group: "{{ item.group|default(keystone_system_group_name) }}"
    mode: "{{ item.mode|default('0755') }}"
  with_items:
    - { path: "/etc/pki/tls/certs", owner: "root", group: "root" }
    - { path: "/etc/pki/tls/private", owner: "root", group: "root" }
    - { path: "/var/lock/keystone", mode: "2755" }
    - { path: "/var/log/httpd", mode: "2755" }
  when: ansible_pkg_mgr == 'yum'

- name: Create system links
  file:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    state: "link"
  with_items:
    - { src: "/etc/pki/tls/certs", dest: "/etc/ssl/certs" }
    - { src: "/etc/pki/tls/private", dest: "/etc/ssl/private" }
    - { src: "/var/log/httpd", dest: "/var/log/apache2" }
  when: ansible_pkg_mgr == 'yum'

- name: Add shibboleth repo
  yum_repository:
    name: "shibboleth"
    description: "shibboleth Repo"
    baseurl: "http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7/"
    gpgkey: "http://download.opensuse.org/repositories/security:/shibboleth/CentOS_7//repodata/repomd.xml.key"
    gpgcheck: yes
  when:
    - ansible_pkg_mgr == 'yum'
    - keystone_sp != {}

- name: Ensure apt cache is up to date
  apt:
    update_cache: yes
    cache_valid_time: "{{ cache_timeout }}"
  when:
    - ansible_pkg_mgr == 'apt'

- name: Install distro packages
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_distro_packages }}"

- name: Install distro packages for Apache
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_apache_distro_packages }}"
  when:
    - keystone_apache_enabled | bool

- name: Install distro packages for mod_wsgi
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_mod_wsgi_distro_packages }}"
  when:
    - keystone_mod_wsgi_enabled | bool

- name: Install distro packages for mod_proxy_uwsgi
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_mod_proxy_uwsgi_distro_packages }}"
  when:
    - not keystone_mod_wsgi_enabled | bool

- name: Install distro packages for Nginx
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_nginx_distro_packages }}"
  when:
    - not keystone_apache_enabled | bool

- name: Install distro packages for IdP
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_idp_distro_packages }}"
  when:
    - keystone_apache_enabled | bool
    - keystone_idp != {}

- name: Install distro packages for SP
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_sp_distro_packages }}"
  when:
    - keystone_apache_enabled | bool
    - keystone_sp != {}

- name: Install distro packages for developer mode
  package:
    name: "{{ item }}"
    state: "{{ keystone_package_state }}"
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  with_items: "{{ keystone_developer_mode_distro_packages }}"
  when:
    - keystone_developer_mode | bool

- name: Create developer mode constraint file
  copy:
    dest: "/opt/developer-pip-constraints.txt"
    content: |
      {% for item in keystone_developer_constraints %}
      {{ item }}
      {% endfor %}
  when: keystone_developer_mode | bool

- name: Install required pip packages
  pip:
    name: "{{ keystone_requires_pip_packages }}"
    state: "{{ keystone_pip_package_state }}"
    extra_args: >-
      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
      {{ pip_install_options | default('') }}
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2

- name: Attempt venv download
  get_url:
    url: "{{ keystone_venv_download_url }}"
    dest: "/var/cache/{{ keystone_venv_download_url | basename }}"
    checksum: "sha1:{{ lookup('url', keystone_venv_download_url | replace('tgz', 'checksum')) }}"
  register: keystone_get_venv
  when: keystone_venv_download | bool

- name: Remove existing venv
  file:
    path: "{{ keystone_bin | dirname }}"
    state: absent
  when: keystone_get_venv | changed

- name: Create keystone venv dir
  file:
    path: "{{ keystone_bin | dirname }}"
    state: directory
  register: keystone_venv_dir
  when: keystone_get_venv | changed

- name: Unarchive pre-built venv
  unarchive:
    src: "/var/cache/{{ keystone_venv_download_url | basename }}"
    dest: "{{ keystone_bin | dirname }}"
    copy: "no"
  when: keystone_get_venv | changed
  notify:
    - Restart Keystone APIs on first node
    - Restart Keystone APIs on other nodes
    - Restart service on first node
    - Restart service on other nodes

- name: Install pip packages
  pip:
    name: "{{ keystone_pip_packages }}"
    state: "{{ keystone_pip_package_state }}"
    virtualenv: "{{ keystone_bin | dirname }}"
    virtualenv_site_packages: "no"
    extra_args: >-
      {{ keystone_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }}
      {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}
      {{ pip_install_options | default('') }}
  register: install_packages
  until: install_packages|success
  retries: 5
  delay: 2
  when: keystone_get_venv | failed or keystone_get_venv | skipped
  notify:
    - Restart Keystone APIs on first node
    - Restart Keystone APIs on other nodes
    - Restart service on first node
    - Restart service on other nodes

- name: CentOS remove python from path first
  file:
    path:  "{{ keystone_bin | dirname }}/bin/python2.7"
    state: "absent"
  when:
    - ansible_pkg_mgr == 'yum'
    - keystone_get_venv | changed

- name: Update virtualenv path
  command: >
    virtualenv-tools --update-path=auto --reinitialize {{ keystone_bin | dirname }}
  when: keystone_get_venv | changed

- name: Create WSGI symlinks
  file:
    src: "{{ item.src }}"
    dest: "/var/www/cgi-bin/keystone/{{ item.dest }}"
    state: link
    force: yes
  with_items:
    - src: "{{ keystone_bin }}/keystone-wsgi-admin"
      dest: admin
    - src: "{{ keystone_bin }}/keystone-wsgi-public"
      dest: main