Fixes playbook runtime issues with ldap

When using an LDAP backend the plabooks fail when "ensuring.*"
which is a keystone client action. The reason for the failure is
related to how ldap backend, and is triggered when the service
users are within the ldap and not SQL. To resolve the issue a boolean
conditional was created on the various OS_.* roles to skip specific
tasks when the service users have already been added into LDAP.

Change-Id: I64a8d1e926c54b821f8bfb561a8b6f755bc1ed93
Closes-Bug: #1518351
Closes-Bug: #1519174
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit is contained in:
Kevin Carter 2015-11-23 14:35:16 -06:00 committed by Major Hayden
parent 89fda33d18
commit b710e53f80
2 changed files with 5 additions and 0 deletions

View File

@ -322,6 +322,8 @@ keystone_recreate_keys: False
# - name: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'
# id: upn
keystone_service_in_ldap: false
# Keystone Federation SP Packages
keystone_sp_apt_packages:
- libapache2-mod-shib2

View File

@ -87,6 +87,7 @@
password: "{{ keystone_auth_admin_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not keystone_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
@ -121,6 +122,7 @@
role_name: "{{ keystone_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not keystone_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
@ -137,6 +139,7 @@
role_name: "{{ keystone_default_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_member_role
when: not keystone_service_in_ldap | bool
until: add_member_role|success
retries: 5
delay: 10