openstack-ansible-os_keystone/tasks/keystone_pre_install.yml

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: create the system group
  group:
    name: "{{ keystone_system_group_name }}"
    state: "present"
    system: "yes"
  tags:
    - keystone-group

- name: Create the keystone system user
  user:
    name: "{{ keystone_system_user_name }}"
    group: "{{ keystone_system_group_name }}"
    comment: "{{ keystone_system_comment }}"
    shell: "{{ keystone_system_shell }}"
    system: "yes"
    createhome: "yes"
    home: "{{ keystone_system_user_home }}"
  tags:
    - keystone-user

- name: Create keystone dir
  file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner|default(keystone_system_user_name) }}"
    group: "{{ item.group|default(keystone_system_group_name) }}"
  with_items:
    - { path: "/etc/keystone" }
    - { path: "{{ keystone_ldap_domain_config_dir }}" }
    - { path: "/etc/keystone/ssl" }
    - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
    - { path: "{{ keystone_system_user_home }}" }
    - { path: "/var/www/cgi-bin", owner: root, group: root }
    - { path: "/var/www/cgi-bin/keystone" }
  tags:
    - keystone-dirs

- name: Create keystone fernet-keys dir
  file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner|default(keystone_system_user_name) }}"
    group: "{{ item.group|default(keystone_system_group_name) }}"
    mode: "{{ item.mode }}"
  with_items:
    - { path: "{{ keystone_fernet_tokens_key_repository }}", mode: '0750' }
  when: >
    'fernet' in keystone_token_provider    
  tags:
    - keystone-dirs
    - keystone-fernet

- name: Test for log directory or link
  shell: |
    if [ -h "/var/log/keystone"  ]; then
      chown -h {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "/var/log/keystone"
      chown -R {{ keystone_system_user_name }}:{{ keystone_system_group_name }} "$(readlink /var/log/keystone)"
    else
      exit 1
    fi    
  register: log_dir
  failed_when: false
  changed_when: log_dir.rc != 0
  tags:
    - keystone-dirs
    - keystone-logs

- name: Create keystone log dir
  file:
    path: "{{ item.path }}"
    state: directory
    owner: "{{ item.owner|default(keystone_system_user_name) }}"
    group: "{{ item.group|default(keystone_system_group_name) }}"
    mode: "{{ item.mode|default('0755') }}"
  with_items:
    - { path: "/var/log/keystone" }
  when: log_dir.rc != 0
  tags:
    - keystone-dirs
    - keystone-logs