Support Keystone Domain specific files
Currently, it is not possible to make use of Keystone Domain
specific settings. Such as different domains using different
LDAP servers or SQL.
To enable for example domain ACME - domain settings would be
put into:
{{ node_custom_config }}keystone/domains/keystone.ACME.conf
Change-Id: I23620978c618dd4a3598d7cb74c3e9cf8c2394ac
Closes-Bug: #1599868
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>
This commit is contained in:
Dave Walker (Daviey)
Dave Walker
parent
5c2c0a9c2b
commit
a5e402f1e8
|
|
@ -1,4 +1,8 @@
|
|||
---
|
||||
- name: Check if Keystone Domain specific settings enabled
|
||||
local_action: stat path="{{ node_custom_config }}/keystone/domains"
|
||||
register: keystone_domain_cfg
|
||||
|
||||
- name: Ensuring config directories exist
|
||||
file:
|
||||
path: "{{ node_config_directory }}/{{ item }}"
|
||||
|
|
@ -7,6 +11,15 @@
|
|||
with_items:
|
||||
- "keystone"
|
||||
|
||||
- name: Creating Keystone Domain directory
|
||||
file:
|
||||
dest: "{{ node_config_directory }}/{{ item }}/domains/"
|
||||
state: "directory"
|
||||
when:
|
||||
keystone_domain_cfg.stat.exists
|
||||
with_items:
|
||||
- "keystone"
|
||||
|
||||
- name: Copying over config.json files for services
|
||||
template:
|
||||
src: "{{ item }}.json.j2"
|
||||
|
|
@ -29,6 +42,13 @@
|
|||
with_items:
|
||||
- "keystone"
|
||||
|
||||
- name: Copying Keystone Domain specific settings
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ node_config_directory }}/keystone/domains/"
|
||||
with_fileglob:
|
||||
- "{{ node_custom_config }}/keystone/domains/*"
|
||||
|
||||
- name: Copying over wsgi-keystone.conf
|
||||
template:
|
||||
src: "wsgi-keystone.conf.j2"
|
||||
|
|
|
|||
|
|
@ -10,6 +10,12 @@ secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
|
|||
connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
|
||||
max_retries = -1
|
||||
|
||||
{% if keystone_domain_cfg.stat.exists %}
|
||||
[identity]
|
||||
domain_specific_drivers_enabled = true
|
||||
domain_config_dir = /etc/keystone/domains
|
||||
{% endif %}
|
||||
|
||||
[cache]
|
||||
backend = oslo_cache.memcache_pool
|
||||
enabled = True
|
||||
|
|
|
|||
|
|
@ -9,6 +9,13 @@
|
|||
"owner": "keystone",
|
||||
"perm": "0600"
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/domains",
|
||||
"dest": "/etc/keystone/domains",
|
||||
"owner": "keystone",
|
||||
"perm": "0600",
|
||||
"optional": true
|
||||
},
|
||||
{
|
||||
"source": "{{ container_config_directory }}/wsgi-keystone.conf",
|
||||
"dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
features:
|
||||
- LDAP & AD support has been added to the base images, and support
|
||||
for Keystone multidomains config files.
|
||||
Loading…
Reference in New Issue