Merge "Support Keystone Domain specific files"

2016-07-18 12:15:52 +00:00 · 2016-07-18 12:15:52 +00:00 · d665e01f57
commit d665e01f57
parent 455d71d9cc a5e402f1e8
4 changed files with 37 additions and 0 deletions
--- a/ansible/roles/keystone/tasks/config.yml
+++ b/ansible/roles/keystone/tasks/config.yml
@ -1,4 +1,8 @@
 ---
+- name: Check if Keystone Domain specific settings enabled
+  local_action: stat path="{{ node_custom_config }}/keystone/domains"
+  register: keystone_domain_cfg
+
 - name: Ensuring config directories exist
  file:
    path: "{{ node_config_directory }}/{{ item }}"
@ -7,6 +11,15 @@
  with_items:
    - "keystone"

+- name: Creating Keystone Domain directory
+  file:
+    dest: "{{ node_config_directory }}/{{ item }}/domains/"
+    state: "directory"
+  when:
+      keystone_domain_cfg.stat.exists
+  with_items:
+    - "keystone"
+
 - name: Copying over config.json files for services
  template:
    src: "{{ item }}.json.j2"
@ -29,6 +42,13 @@
  with_items:
    - "keystone"

+- name: Copying Keystone Domain specific settings
+  copy:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/keystone/domains/"
+  with_fileglob:
+    - "{{ node_custom_config }}/keystone/domains/*"
+
 - name: Copying over wsgi-keystone.conf
  template:
    src: "wsgi-keystone.conf.j2"
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@ -10,6 +10,12 @@ secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
 connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
 max_retries = -1

+{% if keystone_domain_cfg.stat.exists %}
+[identity]
+domain_specific_drivers_enabled = true
+domain_config_dir = /etc/keystone/domains
+{% endif %}
+
 [cache]
 backend = oslo_cache.memcache_pool
 enabled = True
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@ -9,6 +9,13 @@
            "owner": "keystone",
            "perm": "0600"
        },
+        {
+            "source": "{{ container_config_directory }}/domains",
+            "dest": "/etc/keystone/domains",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
        {
            "source": "{{ container_config_directory }}/wsgi-keystone.conf",
            "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
--- a/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml
+++ b/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - LDAP & AD support has been added to the base images, and support
+    for Keystone multidomains config files.