From b710e53f80d27e54dd2ff6cad0eedeab2ee08438 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin.carter@rackspace.com>
Date: Mon, 23 Nov 2015 14:35:16 -0600
Subject: [PATCH] Fixes playbook runtime issues with ldap

When using an LDAP backend the plabooks fail when "ensuring.*"
which is a keystone client action. The reason for the failure is
related to how ldap backend, and is triggered when the service
users are within the ldap and not SQL. To resolve the issue a boolean
conditional was created on the various OS_.* roles to skip specific
tasks when the service users have already been added into LDAP.

Change-Id: I64a8d1e926c54b821f8bfb561a8b6f755bc1ed93
Closes-Bug: #1518351
Closes-Bug: #1519174
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
---
 defaults/main.yml                | 2 ++
 tasks/keystone_service_setup.yml | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index ef1f8904..204b9ae9 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -322,6 +322,8 @@ keystone_recreate_keys: False
 #            - name: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn'
 #              id: upn
 
+keystone_service_in_ldap: false
+
 # Keystone Federation SP Packages
 keystone_sp_apt_packages:
   - libapache2-mod-shib2
diff --git a/tasks/keystone_service_setup.yml b/tasks/keystone_service_setup.yml
index d4faa89a..c7e19f6d 100644
--- a/tasks/keystone_service_setup.yml
+++ b/tasks/keystone_service_setup.yml
@@ -87,6 +87,7 @@
     password: "{{ keystone_auth_admin_password }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   register: add_service
+  when: not keystone_service_in_ldap | bool
   until: add_service|success
   retries: 5
   delay: 10
@@ -121,6 +122,7 @@
     role_name: "{{ keystone_role_name }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   register: add_service
+  when: not keystone_service_in_ldap | bool
   until: add_service|success
   retries: 5
   delay: 10
@@ -137,6 +139,7 @@
     role_name: "{{ keystone_default_role_name }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
   register: add_member_role
+  when: not keystone_service_in_ldap | bool
   until: add_member_role|success
   retries: 5
   delay: 10