Adds the config_template to keystone

The change modifies the keystone template tasks such that it's now using the config_template action plugin. This change will make so that config files can be dynamically updated, by a deployer, at run time, without requiring the need to modify the in tree templates or defaults. Partially implements: blueprint tunable-openstack-configuration Change-Id: I957d55df81c7edd4e2a95597a62a75c6bd0f46fe
2015-09-14 16:26:21 -05:00 · 2015-09-14 16:26:21 -05:00 · f38241e671
commit f38241e671
parent 88c948c455
4 changed files with 27 additions and 19 deletions
--- a/playbooks/roles/os_keystone/defaults/main.yml
+++ b/playbooks/roles/os_keystone/defaults/main.yml
@ -349,3 +349,9 @@ keystone_pip_packages:
  - python-memcached
  - python-openstackclient
  - repoze.lru
 ## Tunable overrides
 keystone_keystone_conf_overrides: {}
 keystone_keystone_default_conf_overrides: {}
 keystone_keystone_paste_ini_overrides: {}
 keystone_policy_overrides: {}
--- a/playbooks/roles/os_keystone/tasks/keystone_post_install.yml
+++ b/playbooks/roles/os_keystone/tasks/keystone_post_install.yml
@ -13,15 +13,32 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
- name: Generate Keystone Config
+- name: Copy keystone config
-  template:
+  config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ keystone_system_user_name }}"
    group: "{{ keystone_system_group_name }}"
    mode: "0644"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  with_items:
-    - { src: "keystone.conf.j2", dest: "/etc/keystone/keystone.conf" }
+    - src: "keystone.conf.j2"
-    - { src: "keystone.Default.conf.j2", dest: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf" }
+      dest: "/etc/keystone/keystone.conf"
      config_overrides: "{{ keystone_keystone_conf_overrides }}"
      config_type: "ini"
    - src: "keystone.Default.conf.j2"
      dest: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf"
      config_overrides: "{{ keystone_keystone_default_conf_overrides }}"
      config_type: "ini"
    - src: "keystone-paste.ini.j2"
      dest: "/etc/keystone/keystone-paste.ini"
      config_overrides: "{{ keystone_keystone_paste_ini_overrides }}"
      config_type: "ini"
    - src: "policy.json.j2"
      dest: "/etc/keystone/policy.json"
      config_overrides: "{{ keystone_policy_overrides }}"
      config_type: "json"
  notify:
    - Restart Apache
  tags:
@ -35,7 +52,6 @@
    group: "{{ keystone_system_group_name }}"
    mode: "{{ item.mode|default('0644') }}"
  with_items:
    - { src: "keystone-paste.ini", dest: "/etc/keystone/keystone-paste.ini" }
    - { src: "sso_callback_template.html", dest: "/etc/keystone/sso_callback_template.html" }
    - { src: "keystone-wsgi.py", dest: "/var/www/cgi-bin/keystone/admin", mode: "0755" }
    - { src: "keystone-wsgi.py", dest: "/var/www/cgi-bin/keystone/main", mode: "0755" }
@ -43,17 +59,3 @@
    - Restart Apache
  tags:
    - keystone-config
 - name: Apply updates to Policy file
  config_template:
    src: "policy.json"
    dest: "/etc/keystone/policy.json"
    owner: "{{ keystone_system_user_name }}"
    group: "{{ keystone_system_group_name }}"
    mode: "0644"
    config_overrides: "{{ keystone_policy_overrides|default({}) }}"
    config_type: "json"
  notify:
    - Restart Apache
  tags:
    - keystone-config
--- a/playbooks/roles/os_keystone/templates/keystone-paste.ini.j2
+++ b/playbooks/roles/os_keystone/templates/keystone-paste.ini.j2
--- a/playbooks/roles/os_keystone/templates/policy.json.j2
+++ b/playbooks/roles/os_keystone/templates/policy.json.j2