Fixes playbook runtime issues with ldap
When using an LDAP backend the plabooks fail when "ensuring.*" which is a keystone client action. The reason for the failure is related to how ldap backend, and is triggered when the service users are within the ldap and not SQL. To resolve the issue a boolean conditional was created on the various OS_.* roles to skip specific tasks when the service users have already been added into LDAP. Change-Id: I64a8d1e926c54b821f8bfb561a8b6f755bc1ed93 Closes-Bug: #1518351 Closes-Bug: #1519174 Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
parent
89fda33d18
commit
b710e53f80
@ -322,6 +322,8 @@ keystone_recreate_keys: False
|
||||
# - name: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'
|
||||
# id: upn
|
||||
|
||||
keystone_service_in_ldap: false
|
||||
|
||||
# Keystone Federation SP Packages
|
||||
keystone_sp_apt_packages:
|
||||
- libapache2-mod-shib2
|
||||
|
@ -87,6 +87,7 @@
|
||||
password: "{{ keystone_auth_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not keystone_service_in_ldap | bool
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
@ -121,6 +122,7 @@
|
||||
role_name: "{{ keystone_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not keystone_service_in_ldap | bool
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
@ -137,6 +139,7 @@
|
||||
role_name: "{{ keystone_default_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_member_role
|
||||
when: not keystone_service_in_ldap | bool
|
||||
until: add_member_role|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
Loading…
Reference in New Issue
Block a user