openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Merge "Cleanup/standardize usage of tags"

Browse Source
This commit is contained in:
Jenkins 2016-06-01 16:31:21 +00:00 committed by Gerrit Code Review
commit 1500e9dac5
30 changed files with 48 additions and 276 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.rst
View File

@ -65,3 +65,13 @@ Example Playbook
keystone_rabbitmq_servers: 10.100.100.101
keystone_rabbitmq_use_ssl: true
galera_client_drop_config_file: false
Tags
====
This role supports two tags: ``keystone-install`` and ``keystone-config``
The ``keystone-install`` tag can be used to install and upgrade.
The ``keystone-config`` tag can be used to maintain configuration of the
service.

17
tasks/keystone_apache.yml
View File

@ -25,8 +25,6 @@
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
notify:
- Restart Apache
tags:
- keystone-httpd
- name: Disable default apache site
file:
@ -34,8 +32,6 @@
state: "absent"
notify:
- Restart Apache
tags:
- keystone-httpd
- name: Enabled keystone vhost
file:
@ -44,8 +40,6 @@
state: "link"
notify:
- Restart Apache
tags:
- keystone-httpd
- name: Ensure Apache ServerName
lineinfile:
@ -53,8 +47,6 @@
line: "ServerName {{ ansible_hostname }}"
notify:
- Restart Apache
tags:
- keystone-httpd
- name: Ensure Apache ServerTokens
lineinfile:
@ -63,8 +55,6 @@
line: "ServerTokens {{ keystone_apache_servertokens }}"
notify:
- Restart Apache
tags:
- keystone-httpd
- name: Ensure Apache ServerSignature
lineinfile:
@ -73,8 +63,6 @@
line: "ServerSignature {{ keystone_apache_serversignature }}"
notify:
- Restart Apache
tags:
- keystone-httpd
- name: Enable/disable mod_ssl for apache2
apache2_module:
@ -82,9 +70,6 @@
state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
notify:
- Restart Apache
tags:
- keystone-httpd
- keystone-ssl
- name: Enable/disable mod_shib2 for apache2
apache2_module:
@ -93,5 +78,3 @@
ignore_errors: yes
notify:
- Restart Apache
tags:
- keystone-httpd

5
tasks/keystone_db_setup.yml
View File

@ -17,8 +17,3 @@
command: "{{ keystone_bin }}/keystone-manage db_sync"
become: yes
become_user: "{{ keystone_system_user_name }}"
tags:
- keystone-db-setup
- keystone-db-sync
- keystone-setup
- keystone-command-bin

20
tasks/keystone_federation_sp_idp_setup.yml
View File

@ -21,8 +21,6 @@
- name: Set keystone_federated_identities fact
keystone_sp:
sp_data: "{{ keystone_sp }}"
tags:
- keystone-federation-sp
- name: Ensure domain which remote IDP users are mapped onto exists
keystone:
@ -35,8 +33,6 @@
insecure: "{{ keystone_service_adminuri_insecure }}"
when: item.domain is defined
with_items: keystone_federated_identities
tags:
- keystone-federation-sp
- name: Ensure project which remote IDP users are mapped onto exists
keystone:
@ -50,8 +46,6 @@
insecure: "{{ keystone_service_adminuri_insecure }}"
when: item.project is defined
with_items: keystone_federated_identities
tags:
- keystone-federation-sp
- name: Ensure user which remote IDP users are mapped onto exists
keystone:
@ -70,8 +64,6 @@
item.password is defined and
item.project is defined
with_items: keystone_federated_identities
tags:
- keystone-federation-sp
- name: Ensure Group for external IDP users exists
keystone:
@ -85,8 +77,6 @@
insecure: "{{ keystone_service_adminuri_insecure }}"
when: item.group is defined
with_items: keystone_federated_identities
tags:
- keystone-federation-sp
- name: Ensure Role for external IDP users exists
keystone:
@ -101,8 +91,6 @@
item.group is defined and
item.project is defined
with_items: keystone_federated_identities
tags:
- keystone-federation-sp
- name: Ensure Group/Project/Role mapping exists
keystone:
@ -119,8 +107,6 @@
item.group is defined and
item.project is defined
with_items: keystone_federated_identities
tags:
- keystone-federation-sp
- name: Ensure mapping for external IDP attributes exists
keystone:
@ -134,8 +120,6 @@
insecure: "{{ keystone_service_adminuri_insecure }}"
when: item.protocol.mapping.name is defined
with_items: keystone_federated_protocols
tags:
- keystone-federation-sp
- name: Ensure external IDP
keystone:
@ -150,8 +134,6 @@
insecure: "{{ keystone_service_adminuri_insecure }}"
when: item.name is defined
with_items: keystone_sp.trusted_idp_list
tags:
- keystone-federation-sp
- name: Ensure federation protocol exists
keystone:
@ -166,5 +148,3 @@
insecure: "{{ keystone_service_adminuri_insecure }}"
when: item.protocol.name is defined
with_items: keystone_federated_protocols
tags:
- keystone-federation-sp

15
tasks/keystone_federation_sp_setup.yml
View File

@ -25,9 +25,6 @@
- { src: "shibboleth2.xml.j2", dest: "/etc/shibboleth/shibboleth2.xml" }
notify:
- Restart Shibd
tags:
- keystone-config
- keystone-federation-sp
- name: Generate the Shibboleth SP key-pair
shell: "shib-keygen -h {{ external_lb_vip_address }} -y {{ keystone_sp.cert_duration_years }}"
@ -37,9 +34,6 @@
notify:
- Restart Apache
- Restart Shibd
tags:
- keystone-config
- keystone-federation-sp
- name: Store Shibboleth SP key-pair
memcached:
@ -56,9 +50,6 @@
retries: 5
delay: 2
when: inventory_hostname == groups['keystone_all'][0]
tags:
- keystone-config
- keystone-federation-sp
- name: Distribute the Shibboleth SP key-pair
memcached:
@ -80,9 +71,6 @@
notify:
- Restart Apache
- Restart Shibd
tags:
- keystone-config
- keystone-federation-sp
- name: Set appropriate file ownership on the Shibboleth SP key-pair
file:
@ -96,6 +84,3 @@
notify:
- Restart Apache
- Restart Shibd
tags:
- keystone-config
- keystone-federation-sp

6
tasks/keystone_fernet_keys_autorotate.yml
View File

@ -25,8 +25,6 @@
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0755"
tags:
- keystone-fernet-auto-rotate
# This creates the auto rotation job on the first keystone host.
- name: Create auto rotation job
@ -38,8 +36,6 @@
cron_file: keystone-fernet-rotate
when: >
inventory_hostname == groups['keystone_all'][0]
tags:
- keystone-fernet-auto-rotate
# This makes sure that no auto rotation jobs are on any other hosts.
- name: Remove extra auto rotation job
@ -49,5 +45,3 @@
state: "absent"
when: >
inventory_hostname != groups['keystone_all'][0]
tags:
- keystone-fernet-auto-rotate

9
tasks/keystone_fernet_keys_create.yml
View File

@ -17,8 +17,6 @@
stat:
path: "{{ keystone_fernet_tokens_key_repository }}/0"
register: _fernet_keys
tags:
- keystone-fernet
- name: Create fernet keys for Keystone
command: >
@ -28,10 +26,6 @@
become: yes
become_user: "{{ keystone_system_user_name }}"
when: not _fernet_keys.stat.exists
tags:
- keystone-setup
- keystone-fernet
- keystone-command-bin
- name: Rotate fernet keys for Keystone
command: >
@ -41,6 +35,3 @@
become: yes
become_user: "{{ keystone_system_user_name }}"
when: _fernet_keys.stat.exists
tags:
- keystone-fernet
- keystone-command-bin

2
tasks/keystone_fernet_keys_distribute.yml
View File

@ -23,5 +23,3 @@
become: yes
become_user: "{{ keystone_system_user_name }}"
with_items: groups['keystone_all'][1:]
tags:
- keystone-fernet-distribute

5
tasks/keystone_idp_metadata.yml
View File

@ -20,7 +20,4 @@
become_user: "{{ keystone_system_user_name }}"
when: keystone_idp is defined
notify:
- Restart Apache
tags:
- keystone-config
- keystone-idp
- Restart Apache

3
tasks/keystone_idp_self_signed_create.yml
View File

@ -33,9 +33,6 @@
when: >
inventory_hostname == groups['keystone_all'][0]
notify: Restart Apache
tags:
- keystone-config
- keystone-idp
- name: Set appropriate file ownership on the IdP self-signed cert
file:

2
tasks/keystone_idp_self_signed_distribute.yml
View File

@ -30,8 +30,6 @@
retries: 5
delay: 2
notify: Restart Apache
tags:
- keystone-idp
- name: Set appropriate file ownership on the IdP self-signed cert
file:

2
tasks/keystone_idp_self_signed_store.yml
View File

@ -27,5 +27,3 @@
until: memcache_keys|success
retries: 5
delay: 2
tags:
- keystone-idp

2
tasks/keystone_idp_sp_setup.yml
View File

@ -28,5 +28,3 @@
until: add_service_providers|success
retries: 5
delay: 10
tags:
- keystone-idp

47
tasks/keystone_install.yml
View File

@ -16,8 +16,6 @@
- include: keystone_install_apt.yml
when:
- ansible_pkg_mgr == 'apt'
tags:
- install-apt
- name: Create developer mode constraint file
copy:
@ -28,9 +26,6 @@
{% endfor %}
when:
- keystone_developer_mode | bool
tags:
- keystone-install
- keystone-pip-packages
- name: Clone requirements git repository
git:
@ -41,27 +36,18 @@
version: "{{ keystone_requirements_git_install_branch }}"
when:
- keystone_developer_mode | bool
tags:
- keystone-install
- keystone-pip-packages
- name: Add constraints to pip_install_options fact for developer mode
set_fact:
pip_install_options_fact: "{{ pip_install_options|default('') }} --constraint /opt/developer-pip-constraints.txt --constraint /opt/requirements/upper-constraints.txt"
when:
- keystone_developer_mode | bool
tags:
- keystone-install
- keystone-pip-packages
- name: Set pip_install_options_fact when not in developer mode
set_fact:
pip_install_options_fact: "{{ pip_install_options|default('') }}"
when:
- not keystone_developer_mode | bool
tags:
- keystone-install
- keystone-pip-packages
- name: Install required pip packages
pip:
@ -73,9 +59,6 @@
retries: 5
delay: 2
with_items: keystone_requires_pip_packages
tags:
- keystone-install
- keystone-pip-packages
- name: Get local venv checksum
stat:
@ -85,9 +68,6 @@
- not keystone_developer_mode | bool
- keystone_venv_enabled | bool
register: local_venv_stat
tags:
- keystone-install
- keystone-pip-packages
- name: Get remote venv checksum
uri:
@ -97,9 +77,6 @@
- not keystone_developer_mode | bool
- keystone_venv_enabled | bool
register: remote_venv_checksum
tags:
- keystone-install
- keystone-pip-packages
# TODO: When project moves to ansible 2 we can pass this a sha256sum which will:
# a) allow us to remove force: yes
@ -118,17 +95,11 @@
- keystone_venv_enabled | bool
- (local_venv_stat.stat.exists == False or
{{ local_venv_stat.stat.checksum is defined and local_venv_stat.stat.checksum != remote_venv_checksum.content | trim }})
tags:
- keystone-install
- keystone-pip-packages
- name: Set keystone get_venv fact
set_fact:
keystone_get_venv: "{{ get_venv }}"
when: keystone_venv_enabled | bool
tags:
- keystone-install
- keystone-pip-packages
- name: Remove existing venv
file:
@ -137,9 +108,6 @@
when:
- keystone_venv_enabled | bool
- keystone_get_venv | changed
tags:
- keystone-install
- keystone-pip-packages
- name: Create keystone venv dir
file:
@ -149,9 +117,6 @@
- not keystone_developer_mode | bool
- keystone_venv_enabled | bool
- keystone_get_venv | changed
tags:
- keystone-install
- keystone-pip-packages
- name: Unarchive pre-built venv
unarchive:
@ -164,9 +129,6 @@
- keystone_get_venv | changed
notify:
- Restart Apache
tags:
- keystone-install
- keystone-pip-packages
- name: Update virtualenv path
command: >
@ -175,9 +137,6 @@
- not keystone_developer_mode | bool
- keystone_venv_enabled | bool
- keystone_get_venv | success
tags:
- keystone-install
- keystone-pip-packages
- name: Install pip packages (venv)
pip:
@ -196,9 +155,6 @@
- keystone_get_venv | failed or keystone_developer_mode | bool
notify:
- Restart Apache
tags:
- keystone-install
- keystone-pip-packages
- name: Install pip packages (no venv)
pip:
@ -215,6 +171,3 @@
- not keystone_venv_enabled | bool
notify:
- Restart Apache
tags:
- keystone-install
- keystone-pip-packages

14
tasks/keystone_install_apt.yml
View File

@ -21,8 +21,6 @@
until: apt_update|success
retries: 5
delay: 2
tags:
- keystone-apt-packages
- name: Install apt packages
apt:
@ -33,9 +31,6 @@
retries: 5
delay: 2
with_items: keystone_apt_packages
tags:
- keystone-install
- keystone-apt-packages
- name: Install IdP apt packages
apt:
@ -47,9 +42,6 @@
delay: 2
with_items: keystone_idp_apt_packages
when: keystone_idp is defined
tags:
- keystone-install
- keystone-apt-packages
- name: Install SP apt packages
apt:
@ -61,9 +53,6 @@
delay: 2
with_items: keystone_sp_apt_packages
when: keystone_sp is defined
tags:
- keystone-install
- keystone-apt-packages
- name: Install developer mode apt packages
apt:
@ -76,6 +65,3 @@
with_items: keystone_developer_apt_packages
when:
- keystone_developer_mode | bool
tags:
- keystone-install
- keystone-apt-packages

3
tasks/keystone_key_distribute.yml
View File

@ -18,6 +18,3 @@
user: "{{ keystone_system_user_name }}"
key: "{{ hostvars[item]['keystone_pubkey'] | b64decode }}"
with_items: groups['keystone_all']
tags:
- keystone-key
- keystone-key-distribute

6
tasks/keystone_key_populate.yml
View File

@ -18,13 +18,7 @@
src: "{{ keystone_system_user_home }}/.ssh/id_rsa.pub"
register: keystone_pub
changed_when: false
tags:
- keystone-key
- keystone-key-create
- name: Register a fact for the keystone pub key
set_fact:
keystone_pubkey: "{{ keystone_pub.content }}"
tags:
- keystone-key
- keystone-key-create

6
tasks/keystone_key_setup.yml
View File

@ -14,11 +14,5 @@
# limitations under the License.
- include: keystone_key_populate.yml
tags:
- keystone-key
- keystone-key-create
- include: keystone_key_distribute.yml
tags:
- keystone-key
- keystone-key-distribute

6
tasks/keystone_ldap_setup.yml
View File

@ -25,8 +25,6 @@
insecure: "{{ keystone_service_adminuri_insecure }}"
with_dict: keystone_ldap
run_once: true
tags:
- keystone-ldap-domain-create
- name: Create Keystone LDAP domain configs
template:
@ -38,8 +36,6 @@
with_dict: keystone_ldap
notify:
- Restart Apache
tags:
- keystone-ldap-domain-config
# Bug 1547542 - Older versions of the keystone role would deploy a blank
# keystone.Default.conf and this will cause errors when adding LDAP-backed
@ -51,5 +47,3 @@
when: keystone_ldap.Default is not defined
notify:
- Restart Apache
tags:
- keystone-ldap-domain-config

6
tasks/keystone_messaging_setup.yml
View File

@ -18,9 +18,6 @@
name: "{{ keystone_rabbitmq_vhost }}"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
tags:
- keystone-rabbitmq
- keystone-rabbitmq-vhost
- name: Ensure rabbitmq user
rabbitmq_user:
@ -32,6 +29,3 @@
write_priv: ".*"
state: "present"
delegate_to: "{{ groups['rabbitmq_all'][0] }}"
tags:
- keystone-rabbitmq
- keystone-rabbitmq-user

10
tasks/keystone_post_install.yml
View File

@ -37,8 +37,6 @@
config_type: "json"
notify:
- Restart Apache
tags:
- keystone-config
- name: Drop Keystone Configs
copy:
@ -49,8 +47,6 @@
mode: "0644"
notify:
- Restart Apache
tags:
- keystone-config
- name: Drop Keystone WSGI Configs
template:
@ -64,21 +60,15 @@
- { src: "keystone-wsgi.py.j2", dest: "/var/www/cgi-bin/keystone/main", mode: "0755" }
notify:
- Restart Apache
tags:
- keystone-config
- name: Get keystone command path
command: which keystone
register: keystone_command_path
when:
- not keystone_venv_enabled | bool
tags:
- keystone-command-bin
- name: Set keystone command path
set_fact:
keystone_bin: "{{ keystone_command_path.stdout | dirname }}"
when:
- not keystone_venv_enabled | bool
tags:
- keystone-command-bin

21
tasks/keystone_pre_install.yml
View File

@ -18,8 +18,6 @@
name: "{{ keystone_system_group_name }}"
state: "present"
system: "yes"
tags:
- keystone-group
- name: create additional groups
group:
@ -27,8 +25,6 @@
state: "present"
system: "yes"
with_items: keystone_system_additional_groups
tags:
- keystone-group
- name: Remove old key file(s) if found
file:
@ -39,9 +35,6 @@
- "{{ keystone_system_user_home }}/.ssh/id_rsa"
- "{{ keystone_system_user_home }}/.ssh/id_rsa.pub"
when: keystone_recreate_keys | bool
tags:
- keystone-key
- keystone-key-create
- name: Create the keystone system user
user:
@ -54,10 +47,6 @@
createhome: "yes"
home: "{{ keystone_system_user_home }}"
generate_ssh_key: "yes"
tags:
- keystone-user
- keystone-key
- keystone-key-create
- name: Create keystone dir
file:
@ -75,8 +64,6 @@
- { path: "{{ keystone_system_user_home }}" }
- { path: "/var/www/cgi-bin", owner: root, group: root }
- { path: "/var/www/cgi-bin/keystone" }
tags:
- keystone-dirs
- name: Create keystone venv dir
file:
@ -86,8 +73,6 @@
- { path: "/openstack/venvs" }
- { path: "{{ keystone_venv_bin }}" }
when: keystone_venv_enabled | bool
tags:
- keystone-dirs
- name: Test for log directory or link
shell: |
@ -100,9 +85,6 @@
register: log_dir
failed_when: false
changed_when: log_dir.rc != 0
tags:
- keystone-dirs
- keystone-logs
- name: Create keystone log dir
file:
@ -112,6 +94,3 @@
group: "{{ keystone_system_group_name }}"
mode: "0755"
when: log_dir.rc != 0
tags:
- keystone-dirs
- keystone-logs

31
tasks/keystone_service_setup.yml
View File

@ -18,9 +18,6 @@
name: "{{ keystone_system_service_name }}"
state: restarted
pattern: "{{ keystone_system_service_name }}"
tags:
- keystone-db-sync
- keystone-setup
- name: Wait for keystone admin to come up
wait_for:
@ -28,9 +25,6 @@
port: "{{ keystone_admin_port }}"
timeout: 25
delay: 10
tags:
- keystone-db-sync
- keystone-setup
- name: Wait for keystone service to come up
wait_for:
@ -38,9 +32,6 @@
port: "{{ keystone_service_port }}"
timeout: 25
delay: 10
tags:
- keystone-db-sync
- keystone-setup
- name: Bootstrap keystone admin and endpoint
command: |
@ -60,10 +51,6 @@
until: add_service|success
retries: 5
delay: 10
tags:
- keystone-api-setup
- keystone-service-add
- keystone-setup
# Create a service tenant
- name: Ensure service tenant
@ -80,9 +67,6 @@
until: add_service|success
retries: 5
delay: 10
tags:
- keystone-api-setup
- keystone-setup
# Add the default user role
- name: Ensure default keystone user role
@ -99,9 +83,6 @@
until: add_member_role|success
retries: 5
delay: 10
tags:
- keystone-api-setup
- keystone-setup
# Create a service
- name: Ensure Keystone Service
@ -119,10 +100,6 @@
until: add_service|success
retries: 5
delay: 10
tags:
- keystone-api-setup
- keystone-service-add
- keystone-setup
# Create a service user
- name: Ensure Keystone user
@ -140,10 +117,6 @@
until: add_service|success
retries: 5
delay: 10
tags:
- keystone-api-setup
- keystone-service-add
- keystone-setup
# Add a role to the user
- name: Ensure Keystone user to Admin role
@ -161,7 +134,3 @@
until: add_service|success
retries: 5
delay: 10
tags:
- keystone-api-setup
- keystone-service-add
- keystone-setup

4
tasks/keystone_ssl.yml
View File

@ -17,9 +17,5 @@
when: >
keystone_ssl | bool and
(keystone_user_ssl_cert is not defined or keystone_user_ssl_key is not defined)
tags:
- keystone-ssl
- include: keystone_ssl_user_provided.yml
tags:
- keystone-ssl

7
tasks/keystone_ssl_key_create.yml
View File

@ -18,8 +18,6 @@
dest: "{{ keystone_ssl_cert }}"
state: "absent"
when: keystone_ssl_self_signed_regen | bool
tags:
- keystone-ssl
- name: Create self-signed Apache ssl cert
command: >
@ -31,9 +29,6 @@
-extensions v3_ca
creates={{ keystone_ssl_cert }}
notify: Restart Apache
tags:
- keystone-configs
- keystone-ssl
- name: Ensure keystone user owns the self-signed key and certificate
file:
@ -45,5 +40,3 @@
- "{{ keystone_ssl_key }}"
- "{{ keystone_ssl_cert }}"
notify: Restart Apache
tags:
- keystone-ssl

6
tasks/keystone_ssl_key_distribute.yml
View File

@ -20,8 +20,6 @@
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0640"
tags:
- keystone-ssl
- name: Distribute self signed ssl cert
copy:
@ -30,8 +28,6 @@
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0640"
tags:
- keystone-ssl
- name: Ensure keystone user owns the self-signed key and certificate
file:
@ -41,5 +37,3 @@
with_items:
- "{{ keystone_ssl_key }}"
- "{{ keystone_ssl_cert }}"
tags:
- keystone-ssl

6
tasks/keystone_ssl_key_store.yml
View File

@ -18,20 +18,14 @@
src: "{{ keystone_ssl_cert }}"
register: _keystone_ssl_cert
changed_when: false
tags:
- keystone-ssl
- name: Store ssl key
slurp:
src: "{{ keystone_ssl_key }}"
register: _keystone_ssl_key
changed_when: false
tags:
- keystone-ssl
- name: Register a fact for the cert and key
set_fact:
keystone_ssl_cert_fact: "{{ _keystone_ssl_cert.content }}"
keystone_ssl_key_fact: "{{ _keystone_ssl_key.content }}"
tags:
- keystone-ssl

9
tasks/keystone_ssl_user_provided.yml
View File

@ -22,9 +22,6 @@
mode: "0644"
when: keystone_user_ssl_cert is defined
notify: Restart Apache
tags:
- keystone-configs
- keystone-ssl
- name: Drop user provided ssl key
copy:
@ -35,9 +32,6 @@
mode: "0640"
when: keystone_user_ssl_key is defined
notify: Restart Apache
tags:
- keystone-configs
- keystone-ssl
- name: Drop user provided ssl CA cert
copy:
@ -48,6 +42,3 @@
mode: "0644"
when: keystone_user_ssl_ca_cert is defined
notify: Restart Apache
tags:
- keystone-configs
- keystone-ssl

4
tasks/keystone_token_cleanup.yml
View File

@ -18,6 +18,4 @@
name: "Clear out stale keystone tokens"
minute: 0
job: "{{ keystone_bin }}/keystone-manage token_flush"
user: "{{ keystone_system_user_name }}"
tags:
- keystone-config
user: "{{ keystone_system_user_name }}"

40
tasks/main.yml
View File

@ -31,38 +31,64 @@
- always
- include: keystone_pre_install.yml
tags:
- keystone-install
- include: keystone_install.yml
tags:
- keystone-install
- include: keystone_post_install.yml
tags:
- keystone-install
- keystone-config
- include: keystone_key_setup.yml
tags:
- keystone-key
- keystone-key-distribute
- keystone-install
- include: keystone_fernet.yml
tags:
- keystone-fernet
- keystone-install
- keystone-config
when:
- "'fernet' in keystone_token_provider"
- keystone_service_setup | bool
- include: keystone_federation_sp_setup.yml
tags:
- keystone-install
- keystone-config
when:
- keystone_sp is defined
- include: keystone_db_setup.yml
tags:
- keystone-install
when:
- keystone_database_enabled | bool
- inventory_hostname == groups['keystone_all'][0]
- include: keystone_token_cleanup.yml
tags:
- keystone-install
when:
- "'sql' in keystone_token_driver"
- include: keystone_ssl.yml
tags:
- keystone-install
- keystone-config
- include: keystone_apache.yml
tags:
- keystone-install
- keystone-config
- include: keystone_service_setup.yml
tags:
- keystone-install
- keystone-config
when:
- keystone_service_setup | bool
- inventory_hostname == groups['keystone_all'][0]
@ -71,10 +97,13 @@
when:
- keystone_service_setup | bool
tags:
- keystone-install
- keystone-config
- keystone-ldap
- include: keystone_federation_sp_idp_setup.yml
tags:
- keystone-install
- keystone-config
when:
- keystone_service_setup | bool
- keystone_sp is defined
@ -84,5 +113,8 @@
meta: flush_handlers
- include: keystone_idp_setup.yml
tags:
- keystone-install
- keystone-config
when:
- keystone_idp is defined