 a3e3368ad1
			
		
	
	a3e3368ad1
	
	
	
		
			
			This prevents data to be leaked into the callback plugin. Change-Id: If3f5c6d25a198dc82fd702ffb82a5ae438e775ba
		
			
				
	
	
		
			55 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			55 lines
		
	
	
		
			1.8 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| ---
 | |
| # Copyright 2015, Rackspace US, Inc.
 | |
| #
 | |
| # Licensed under the Apache License, Version 2.0 (the "License");
 | |
| # you may not use this file except in compliance with the License.
 | |
| # You may obtain a copy of the License at
 | |
| #
 | |
| #     http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| # Unless required by applicable law or agreed to in writing, software
 | |
| # distributed under the License is distributed on an "AS IS" BASIS,
 | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 | |
| # See the License for the specific language governing permissions and
 | |
| # limitations under the License.
 | |
| 
 | |
| 
 | |
| - name: Create Keystone LDAP domains
 | |
|   keystone:
 | |
|     command: ensure_domain
 | |
|     domain_name: "{{ item.key }}"
 | |
|     login_user: "{{ keystone_admin_user_name }}"
 | |
|     login_password: "{{ keystone_auth_admin_password }}"
 | |
|     login_project_name: "{{ keystone_admin_tenant_name }}"
 | |
|     endpoint: "{{ keystone_service_adminurl }}"
 | |
|     insecure: "{{ keystone_service_adminuri_insecure }}"
 | |
|   with_dict: "{{ keystone_ldap }}"
 | |
|   no_log: true
 | |
|   run_once: true
 | |
| 
 | |
| - name: Create Keystone LDAP domain configs
 | |
|   template:
 | |
|     src: keystone.domain.conf.j2
 | |
|     dest: "{{ keystone_ldap_domain_config_dir }}/keystone.{{ item.key }}.conf"
 | |
|     owner: "root"
 | |
|     group: "{{ keystone_system_group_name }}"
 | |
|     mode: "0640"
 | |
|   with_dict: "{{ keystone_ldap }}"
 | |
|   notify:
 | |
|     - Manage LB
 | |
|     - Restart uWSGI
 | |
|     - Restart web server
 | |
| 
 | |
| # Bug 1547542 - Older versions of the keystone role would deploy a blank
 | |
| # keystone.Default.conf and this will cause errors when adding LDAP-backed
 | |
| # domains.
 | |
| - name: Remove Keystone Default domain configuration file if not needed
 | |
|   file:
 | |
|     path: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf"
 | |
|     state: absent
 | |
|   when: keystone_ldap.Default is not defined
 | |
|   notify:
 | |
|     - Manage LB
 | |
|     - Restart uWSGI
 | |
|     - Restart web server
 |