openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Fix certificate installation for keystone

Browse Source 
There are problems when keystone_idp has legitimately undefined keys,
and also variable name which should be templated.

Change-Id: Iabe61d63994e38cb3f99c8285deff60ef2e9ee55
This commit is contained in:
Jonathan Rosser 2022-05-04 17:39:10 +01:00
parent 05f0cd9027
commit 4f02985c43
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
defaults/main.yml
View File

@ -295,33 +295,33 @@ keystone_pki_install_certificates:
# Apache certificates
- src: "{{ keystone_user_ssl_cert | default(keystone_pki_certs_path ~ 'keystone_' ~ ansible_facts['hostname'] ~ '.crt') }}"
dest: "{{ keystone_ssl_cert }}"
owner: "keystone_system_user_name"
group: "keystone_system_group_name"
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0644"
condition: "{{ keystone_ssl }}"
- src: "{{ keystone_user_ssl_key | default(keystone_pki_keys_path ~ 'keystone_' ~ ansible_facts['hostname'] ~ '.key.pem') }}"
dest: "{{ keystone_ssl_key }}"
owner: "keystone_system_user_name"
group: "keystone_system_group_name"
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0600"
condition: "{{ keystone_ssl }}"
- src: "{{ keystone_user_ssl_ca_cert | default(keystone_pki_intermediate_cert_path) }}"
dest: "{{ keystone_ssl_ca_cert }}"
owner: "keystone_system_user_name"
group: "keystone_system_group_name"
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0644"
condition: "{{ keystone_ssl }}"
# IDP certificates
- src: "{{ keystone_pki_dir ~ '/roots/' ~ keystone_idp_authority_name ~ '/certs/' ~ keystone_idp_authority_name ~ '.crt' }}"
dest: "{{ keystone_idp['certfile'] }}"
owner: "keystone_system_user_name"
dest: "{{ keystone_idp['certfile'] | default('') }}"
owner: "{{ keystone_system_user_name }}"
group: "keystone_system_group_name"
mode: "0640"
condition: "{{ keystone_idp['certfile'] is defined | bool }}"
- src: "{{ keystone_pki_dir ~ '/roots/' ~ keystone_idp_authority_name ~ '/private/' ~ keystone_idp_authority_name ~ '.key.pem' }}"
dest: "{{ keystone_idp['keyfile'] }}"
owner: "keystone_system_user_name"
group: "keystone_system_group_name"
dest: "{{ keystone_idp['keyfile'] | default('') }}"
owner: "{{ keystone_system_user_name }}"
group: "{{ keystone_system_group_name }}"
mode: "0640"
condition: "{{ keystone_idp['keyfile'] is defined | bool }}"