openstack/openstack-ansible-os_keystone
Code Issues Proposed changes
Files
aefb58080337633e6d4c10bb2709c8d73ab9564d
openstack-ansible-os_keystone/tasks/keystone_post_install.yml
Jesse Pretorius aefb580803 Only do sshd enablement task on the first play host 
We only need to do this task once in the play because it
delegates to all the hosts already. Currently it will do
the sshd enablement 9 times for 3 hosts.

We also add a comment to explain why this is being done
for future reference.

Change-Id: I201101f6d2bf733b375577b6af138272b9d0ce6b
2018-10-03 10:54:00 +01:00

129 lines
4.2 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# If SSH is not running on all nodes immediately, then
# the key rotation script will not be able to copy the
# keys to the other nodes when they rotate.
- name: Enable SSHD on all keystone hosts
systemd:
name: "{{ keystone_sshd }}"
state: started
enabled: yes
masked: no
daemon_reload: yes
delegate_to: "{{ item }}"
with_items: "{{ ansible_play_hosts }}"
when: "inventory_hostname == ansible_play_hosts[0]"
- name: Generate the keystone system user ssh key
user:
name: "{{ keystone_system_user_name }}"
generate_ssh_key: "yes"
delegate_to: "{{ item }}"
with_items: "{{ ansible_play_hosts }}"
when: "inventory_hostname == ansible_play_hosts[0]"
- name: Check whether user-provided configuration files are provided
stat:
path: "{{ item }}"
with_items:
- "{{ keystone_paste_default_file_path }}"
- "{{ keystone_policy_default_file_path }}"
- "{{ keystone_sso_callback_file_path }}"
register: _user_provided_config_files
delegate_to: localhost
- name: Ensure that local config cache path exists on the deploy host
file:
path: "{{ keystone_config_cache_path }}"
state: directory
owner: "{{ keystone_config_cache_path_owner }}"
delegate_to: localhost
run_once: yes
- name: Retrieve default configuration files from venv
fetch:
src: "{{ _keystone_etc }}/keystone/{{ item }}"
dest: "{{ keystone_config_cache_path }}/"
flat: yes
with_items:
- "{{ keystone_paste_default_file_path | basename }}"
- "{{ keystone_sso_callback_file_path | basename }}"
run_once: yes
register: _venv_config_file_fetch
- name: Copy keystone configuration files
config_template:
content: "{{ item.content | default(omit) }}"
src: "{{ item.src | default(omit) }}"
dest: "{{ item.dest }}"
owner: "root"
group: "{{ keystone_system_group_name }}"
mode: "0640"
config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}"
when:
- item.condition | default(True)
with_items:
- src: "keystone.conf.j2"
dest: "/etc/keystone/keystone.conf"
config_overrides: "{{ keystone_keystone_conf_overrides }}"
config_type: "ini"
- src: >-
{{ (_user_provided_config_files['results'][0]['stat']['exists'] | bool) |
ternary(keystone_paste_default_file_path,
keystone_config_cache_path ~ '/' ~ keystone_paste_default_file_path | basename) }}
dest: "/etc/keystone/keystone-paste.ini"
config_overrides: "{{ keystone_keystone_paste_ini_overrides }}"
config_type: "ini"
- src: "{{ keystone_policy_default_file_path }}"
dest: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
config_overrides: "{{ keystone_policy_overrides }}"
config_type: "json"
condition: >-
{{ _user_provided_config_files['results'][1]['stat']['exists'] | bool }}
notify:
- Manage LB
- Restart uWSGI
- Restart web server
- name: Copy Keystone Federation SP SSO callback template
copy:
src: >-
{{ (_user_provided_config_files['results'][2]['stat']['exists'] | bool) |
ternary(keystone_sso_callback_file_path,
keystone_config_cache_path ~ '/' ~ keystone_sso_callback_file_path | basename) }}
dest: "/etc/keystone/sso_callback_template.html"
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0644"
when:
- keystone_sp != {}
notify:
- Manage LB
- Restart uWSGI
- Restart web server
- name: Clean up Keystone Federation SP SSO callback template
file:
path: "/etc/keystone/sso_callback_template.html"
state: absent
when:
- keystone_sp == {}
notify:
- Manage LB
- Restart uWSGI
- Restart web server
View Git Blame Copy Permalink