openstack/kolla
Code Issues Proposed changes
705226de74
kolla/ansible/roles/keystone/tasks/config.yml
Eduardo Gonzalez ef1fd6b8c0 Custom policy files 
Allow operators to use their custom policy files.
Avoid maintain policy files in kolla repos, only copying
the files when an operator add their custom config.

Implements: blueprint custom-policies
Change-Id: Icf3c961b87cbc7a1f1dd2ffbfffcf271d151d862
2016-10-28 10:47:05 +01:00

116 lines
3.9 KiB
YAML
Raw Blame History

---
- name: Check if policies shall be overwritten
local_action: stat path="{{ node_custom_config }}/keystone/policy.json"
register: keystone_policy
- name: Check if Keystone Domain specific settings enabled
local_action: stat path="{{ node_custom_config }}/keystone/domains"
register: keystone_domain_cfg
- name: Ensuring config directories exist
file:
path: "{{ node_config_directory }}/{{ item }}"
state: "directory"
recurse: yes
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
- name: Creating Keystone Domain directory
file:
dest: "{{ node_config_directory }}/{{ item }}/domains/"
state: "directory"
when:
keystone_domain_cfg.stat.exists
with_items:
- "keystone"
- name: Copying over config.json files for services
template:
src: "{{ item }}.json.j2"
dest: "{{ node_config_directory }}/{{ item }}/config.json"
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
- name: Copying over keystone.conf
merge_configs:
vars:
service_name: "{{ item }}"
sources:
- "{{ role_path }}/templates/keystone.conf.j2"
- "{{ node_custom_config }}/global.conf"
- "{{ node_custom_config }}/database.conf"
- "{{ node_custom_config }}/messaging.conf"
- "{{ node_custom_config }}/keystone.conf"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone.conf"
dest: "{{ node_config_directory }}/{{ item }}/keystone.conf"
with_items:
- "keystone"
- "keystone-fernet"
- "keystone-ssh"
- name: Copying Keystone Domain specific settings
copy:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/domains/"
with_fileglob:
- "{{ node_custom_config }}/keystone/domains/*"
- name: Copying over existing policy.json
template:
src: "{{ node_custom_config }}/keystone/policy.json"
dest: "{{ node_config_directory }}/keystone/policy.json"
when:
keystone_policy.stat.exists
- name: Copying over wsgi-keystone.conf
template:
src: "{{ item }}"
dest: "{{ node_config_directory }}/keystone/wsgi-keystone.conf"
with_first_found:
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/wsgi-keystone.conf"
- "{{ node_custom_config }}/keystone/wsgi-keystone.conf"
- "wsgi-keystone.conf.j2"
- name: Copying over keystone-paste.ini
merge_configs:
sources:
- "{{ role_path }}/templates/keystone-paste.ini.j2"
- "{{ node_custom_config }}/keystone/keystone-paste.ini"
- "{{ node_custom_config }}/keystone/{{ inventory_hostname }}/keystone-paste.ini"
dest: "{{ node_config_directory }}/keystone/keystone-paste.ini"
- name: Generate the required cron jobs for the node
local_action: "command python {{ role_path }}/files/fernet_rotate_cron_generator.py -t {{ (fernet_token_expiry | int) // 60 }} -i {{ groups['keystone'].index(inventory_hostname) }} -n {{ (groups['keystone'] | length) }}"
register: cron_jobs_json
when: keystone_token_provider == 'fernet'
- name: Save the returned from cron jobs for building the crontab
set_fact:
cron_jobs: "{{ (cron_jobs_json.stdout | from_json).cron_jobs }}"
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-fernet
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-fernet/{{ item.dest }}"
with_items:
- { src: "crontab.j2", dest: "crontab" }
- { src: "fernet-rotate.sh.j2", dest: "fernet-rotate.sh" }
- { src: "fernet-node-sync.sh.j2", dest: "fernet-node-sync.sh" }
- { src: "id_rsa", dest: "id_rsa" }
- { src: "ssh_config.j2", dest: "ssh_config" }
when: keystone_token_provider == 'fernet'
- name: Copying files for keystone-ssh
template:
src: "{{ item.src }}"
dest: "{{ node_config_directory }}/keystone-ssh/{{ item.dest }}"
with_items:
- { src: "sshd_config.j2", dest: "sshd_config" }
- { src: "id_rsa.pub", dest: "id_rsa.pub" }
when: keystone_token_provider == 'fernet'
View Git Blame Copy Permalink