Merge "Improvements to federation packaging"
This commit is contained in:
commit
96b76aea88
@ -104,6 +104,12 @@
|
|||||||
- Manage LB
|
- Manage LB
|
||||||
- Restart web server
|
- Restart web server
|
||||||
|
|
||||||
|
- name: Install/remove apache mod packages for federated authentication
|
||||||
|
package:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
with_items: "{{ keystone_sp_apache_mod_packages }}"
|
||||||
|
|
||||||
- name: Install the python venv
|
- name: Install the python venv
|
||||||
import_role:
|
import_role:
|
||||||
name: "python_venv_build"
|
name: "python_venv_build"
|
||||||
|
@ -55,10 +55,11 @@ keystone_idp_distro_packages:
|
|||||||
- ssl-cert
|
- ssl-cert
|
||||||
- xmlsec1
|
- xmlsec1
|
||||||
|
|
||||||
keystone_sp_distro_packages:
|
keystone_sp_apache_mod_packages:
|
||||||
- "{{ keystone_sp_apache_mod_shib | ternary('libcurl3', 'libcurl4') }}"
|
- name: libapache2-mod-shib
|
||||||
- "{{ keystone_sp_apache_mod_auth_openidc | ternary('libapache2-mod-auth-openidc',
|
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||||
'libapache2-mod-shib2') }}"
|
- name: libapache2-mod-auth-openidc
|
||||||
|
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
||||||
|
|
||||||
keystone_developer_mode_distro_packages:
|
keystone_developer_mode_distro_packages:
|
||||||
- build-essential
|
- build-essential
|
||||||
@ -86,7 +87,7 @@ keystone_apache_configs:
|
|||||||
keystone_apache_modules:
|
keystone_apache_modules:
|
||||||
- name: "ssl"
|
- name: "ssl"
|
||||||
state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
|
state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
|
||||||
- name: "shib2"
|
- name: "shib"
|
||||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||||
- name: "auth_openidc"
|
- name: "auth_openidc"
|
||||||
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
||||||
|
@ -25,9 +25,6 @@ keystone_package_list: |-
|
|||||||
{% if keystone_idp != {} %}
|
{% if keystone_idp != {} %}
|
||||||
{% set _ = packages.extend(keystone_idp_distro_packages) %}
|
{% set _ = packages.extend(keystone_idp_distro_packages) %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if keystone_sp != {} %}
|
|
||||||
{% set _ = packages.extend(keystone_sp_distro_packages) %}
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
{% else %}
|
||||||
{% set _ = packages.extend(keystone_nginx_distro_packages) %}
|
{% set _ = packages.extend(keystone_nginx_distro_packages) %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -49,9 +49,11 @@ keystone_nginx_distro_packages:
|
|||||||
keystone_idp_distro_packages:
|
keystone_idp_distro_packages:
|
||||||
- xmlsec1
|
- xmlsec1
|
||||||
|
|
||||||
keystone_sp_distro_packages:
|
keystone_sp_apache_mod_packages:
|
||||||
- "{{ keystone_sp_apache_mod_auth_openidc | ternary('mod_auth_openidc',
|
- name: shibboleth
|
||||||
'shibboleth') }}"
|
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||||
|
- name: mod-auth-openidc
|
||||||
|
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
||||||
|
|
||||||
keystone_developer_mode_distro_packages:
|
keystone_developer_mode_distro_packages:
|
||||||
- gcc
|
- gcc
|
||||||
|
@ -25,9 +25,6 @@ keystone_package_list: |-
|
|||||||
{% if keystone_idp != {} %}
|
{% if keystone_idp != {} %}
|
||||||
{% set _ = packages.extend(keystone_idp_distro_packages) %}
|
{% set _ = packages.extend(keystone_idp_distro_packages) %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if keystone_sp != {} %}
|
|
||||||
{% set _ = packages.extend(keystone_sp_distro_packages) %}
|
|
||||||
{% endif %}
|
|
||||||
{% else %}
|
{% else %}
|
||||||
{% set _ = packages.extend(keystone_nginx_distro_packages) %}
|
{% set _ = packages.extend(keystone_nginx_distro_packages) %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -1,106 +0,0 @@
|
|||||||
---
|
|
||||||
# Copyright 2016, Rackspace US, Inc.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
cache_timeout: 600
|
|
||||||
|
|
||||||
keystone_distro_packages:
|
|
||||||
- git
|
|
||||||
- openssh-server
|
|
||||||
- rsync
|
|
||||||
- cron
|
|
||||||
- libpython3-dev
|
|
||||||
|
|
||||||
keystone_devel_distro_packages:
|
|
||||||
- docutils-common
|
|
||||||
- libffi-dev
|
|
||||||
- libjs-sphinxdoc
|
|
||||||
- libjs-underscore
|
|
||||||
- libldap2-dev
|
|
||||||
- libsasl2-dev
|
|
||||||
- libsystemd-dev
|
|
||||||
- libssl-dev
|
|
||||||
- libxslt1.1
|
|
||||||
- libxslt1-dev
|
|
||||||
- libxml2-dev
|
|
||||||
- pkg-config
|
|
||||||
- python3-dev
|
|
||||||
|
|
||||||
keystone_service_distro_packages:
|
|
||||||
- python3-keystone
|
|
||||||
- python3-systemd
|
|
||||||
- uwsgi
|
|
||||||
- uwsgi-plugin-python3
|
|
||||||
|
|
||||||
keystone_apache_distro_packages:
|
|
||||||
- apache2
|
|
||||||
- apache2-utils
|
|
||||||
- libapache2-mod-proxy-uwsgi
|
|
||||||
|
|
||||||
keystone_nginx_distro_packages:
|
|
||||||
- nginx-extras
|
|
||||||
|
|
||||||
keystone_idp_distro_packages:
|
|
||||||
- ssl-cert
|
|
||||||
- xmlsec1
|
|
||||||
|
|
||||||
keystone_sp_distro_packages:
|
|
||||||
- libapache2-mod-auth-openidc
|
|
||||||
- libapache2-mod-shib
|
|
||||||
|
|
||||||
keystone_developer_mode_distro_packages:
|
|
||||||
- build-essential
|
|
||||||
|
|
||||||
keystone_oslomsg_amqp1_distro_packages:
|
|
||||||
- libsasl2-modules
|
|
||||||
- sasl2-bin
|
|
||||||
|
|
||||||
keystone_apache_default_sites:
|
|
||||||
- "/etc/apache2/sites-enabled/000-default.conf"
|
|
||||||
|
|
||||||
keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
|
|
||||||
keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
|
|
||||||
keystone_apache_conf: "/etc/apache2/apache2.conf"
|
|
||||||
keystone_apache_default_log_folder: "/var/log/apache2"
|
|
||||||
keystone_apache_default_log_owner: "root"
|
|
||||||
keystone_apache_default_log_grp: "adm"
|
|
||||||
keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
|
|
||||||
|
|
||||||
keystone_apache_configs:
|
|
||||||
- { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
|
||||||
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
|
||||||
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
|
||||||
|
|
||||||
keystone_apache_modules:
|
|
||||||
- name: "ssl"
|
|
||||||
state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
|
|
||||||
- name: "shib"
|
|
||||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
|
||||||
- name: "auth_openidc"
|
|
||||||
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
|
||||||
- name: "proxy_uwsgi"
|
|
||||||
state: "present"
|
|
||||||
- name: "headers"
|
|
||||||
state: "present"
|
|
||||||
# This can be enabled when Apache2.5+ is available
|
|
||||||
# - name: "mod_journald"
|
|
||||||
# state: "present
|
|
||||||
|
|
||||||
keystone_nginx_conf_path: "sites-available"
|
|
||||||
|
|
||||||
keystone_system_service_name: apache2
|
|
||||||
|
|
||||||
keystone_uwsgi_bin: '/usr/bin'
|
|
||||||
|
|
||||||
keystone_sshd: ssh
|
|
Loading…
Reference in New Issue
Block a user