Support Keystone Domain specific files

Currently, it is not possible to make use of Keystone Domain specific settings. Such as different domains using different LDAP servers or SQL. To enable for example domain ACME - domain settings would be put into: {{ node_custom_config }}keystone/domains/keystone.ACME.conf Change-Id: I23620978c618dd4a3598d7cb74c3e9cf8c2394ac Closes-Bug: #1599868 Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
2016-07-07 14:36:42 +01:00 · 2016-07-07 14:36:42 +01:00 · a5e402f1e8
commit a5e402f1e8
parent 5c2c0a9c2b
4 changed files with 37 additions and 0 deletions
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@ -1,4 +1,8 @@
 ---
+- name: Check if Keystone Domain specific settings enabled
+  local_action: stat path="{{ node_custom_config }}/keystone/domains"
+  register: keystone_domain_cfg
+
 - name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item }}"
@ -7,6 +11,15 @@
  with_items:
    - "keystone"

+- name: Creating Keystone Domain directory
+  file:
+    dest: "{{ node_config_directory }}/{{ item }}/domains/"
+    state: "directory"
+  when:
+      keystone_domain_cfg.stat.exists
+  with_items:
+    - "keystone"
+
 - name: Copying over config.json files for services
  template:
    src: "{{ item }}.json.j2"
@ -29,6 +42,13 @@
  with_items:
    - "keystone"

+- name: Copying Keystone Domain specific settings
+  copy:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/keystone/domains/"
+  with_fileglob:
+    - "{{ node_custom_config }}/keystone/domains/*"
+
 - name: Copying over wsgi-keystone.conf
  template:
    src: "wsgi-keystone.conf.j2"
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@ -10,6 +10,12 @@ secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
 connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
 max_retries = -1

+{% if keystone_domain_cfg.stat.exists %}
+[identity]
+domain_specific_drivers_enabled = true
+domain_config_dir = /etc/keystone/domains
+{% endif %}
+
 [cache]
 backend = oslo_cache.memcache_pool
 enabled = True
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@ -9,6 +9,13 @@
            "owner": "keystone",
            "perm": "0600"
        },
+        {
+            "source": "{{ container_config_directory }}/domains",
+            "dest": "/etc/keystone/domains",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
        {
            "source": "{{ container_config_directory }}/wsgi-keystone.conf",
            "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
--- a/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml
+++ b/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - LDAP & AD support has been added to the base images, and support
+    for Keystone multidomains config files.