Combine Ubuntu/Debian vars together
The only difference in Ubuntu/Debian vars were defenition of `_keystone_sp_apache_mod_auth_openidc_gte_2_4_11`. Though, all currently supported distros are shipped with Apache >= 2.4.11. Ie: * Debian: 2.4.61 [1] * CentOS 9 Stream: 2.4.57 [2] [1] https://packages.debian.org/search?suite=bullseye&keywords=apache2 [2] https://rpmfind.net/linux/rpm2html/search.php?query=httpd(x86-64) Change-Id: I916607130e6bf36580a7527d832c876ccd538eb9
This commit is contained in:
Dmitriy Rabotyagov
parent
bfd4651fe5
commit
d163d91730
@ -47,7 +47,7 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
|
||||
OIDCClientSecret {{ keystone_sp.trusted_idp_list.0.oidc_client_secret }}
|
||||
OIDCCryptoPassphrase {{ keystone_sp.trusted_idp_list.0.oidc_crypto_passphrase }}
|
||||
OIDCRedirectURI {{ keystone_service_publicuri }}{{ keystone_sp.trusted_idp_list.0.oidc_redirect_path | default('/oidc_redirect') }}
|
||||
{% if _keystone_sp_apache_mod_auth_openidc_gte_2_4_11 is defined -%}
|
||||
{% if _keystone_sp_apache_mod_auth_openidc_gte_2_4_11 is defined and _keystone_sp_apache_mod_auth_openidc_gte_2_4_11 -%}
|
||||
OIDCXForwardedHeaders {{ keystone_secure_proxy_ssl_header }}
|
||||
{% endif -%}
|
||||
{% if keystone_sp.trusted_idp_list.0.oidc_auth_verify_jwks_uri is defined -%}
|
||||
|
||||
@ -52,6 +52,9 @@ keystone_idp_distro_packages:
|
||||
- ssl-cert
|
||||
- xmlsec1
|
||||
|
||||
# From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured
|
||||
_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True
|
||||
|
||||
keystone_sp_apache_mod_packages:
|
||||
- name: libapache2-mod-shib
|
||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||
|
||||
@ -45,6 +45,9 @@ keystone_apache_distro_packages:
|
||||
keystone_idp_distro_packages:
|
||||
- xmlsec1
|
||||
|
||||
# From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured
|
||||
_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True
|
||||
|
||||
keystone_sp_apache_mod_packages:
|
||||
- name: shibboleth
|
||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||
|
||||
@ -1,102 +0,0 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cache_timeout: 600
|
||||
|
||||
keystone_distro_packages:
|
||||
- git
|
||||
- openssh-server
|
||||
- rsync
|
||||
- cron
|
||||
- libpython3-dev
|
||||
|
||||
keystone_devel_distro_packages:
|
||||
- docutils-common
|
||||
- libffi-dev
|
||||
- libjs-sphinxdoc
|
||||
- libjs-underscore
|
||||
- libldap2-dev
|
||||
- libsasl2-dev
|
||||
- libsystemd-dev
|
||||
- libssl-dev
|
||||
- libxslt1.1
|
||||
- libxslt1-dev
|
||||
- libxml2-dev
|
||||
- pkg-config
|
||||
|
||||
keystone_service_distro_packages:
|
||||
- python3-keystone
|
||||
- python3-systemd
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
keystone_apache_distro_packages:
|
||||
- apache2
|
||||
- apache2-utils
|
||||
- libapache2-mod-proxy-uwsgi
|
||||
|
||||
keystone_idp_distro_packages:
|
||||
- ssl-cert
|
||||
- xmlsec1
|
||||
|
||||
keystone_sp_apache_mod_packages:
|
||||
- name: libapache2-mod-shib2
|
||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||
- name: libapache2-mod-auth-openidc
|
||||
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
||||
|
||||
keystone_developer_mode_distro_packages:
|
||||
- build-essential
|
||||
|
||||
keystone_oslomsg_amqp1_distro_packages:
|
||||
- libsasl2-modules
|
||||
- sasl2-bin
|
||||
|
||||
keystone_apache_default_sites:
|
||||
- "/etc/apache2/sites-enabled/000-default.conf"
|
||||
|
||||
keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
|
||||
keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
|
||||
keystone_apache_conf: "/etc/apache2/apache2.conf"
|
||||
keystone_apache_default_log_folder: "/var/log/apache2"
|
||||
keystone_apache_default_log_owner: "root"
|
||||
keystone_apache_default_log_grp: "adm"
|
||||
keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
|
||||
|
||||
keystone_apache_configs:
|
||||
- { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
||||
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
||||
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
||||
|
||||
keystone_apache_modules:
|
||||
- name: "ssl"
|
||||
state: "{{ (keystone_backend_ssl | bool) | ternary('present', 'absent') }}"
|
||||
- name: "shib2"
|
||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||
- name: "auth_openidc"
|
||||
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
||||
- name: "proxy_uwsgi"
|
||||
state: "present"
|
||||
- name: "headers"
|
||||
state: "present"
|
||||
# This can be enabled when Apache2.5+ is available
|
||||
# - name: "mod_journald"
|
||||
# state: "present
|
||||
|
||||
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}"
|
||||
|
||||
keystone_uwsgi_bin: '/usr/bin'
|
||||
|
||||
keystone_sshd: ssh
|
||||
@ -1,106 +0,0 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
cache_timeout: 600
|
||||
|
||||
keystone_distro_packages:
|
||||
- git
|
||||
- libldap-common
|
||||
- openssh-server
|
||||
- rsync
|
||||
- cron
|
||||
- libpython3-dev
|
||||
|
||||
keystone_devel_distro_packages:
|
||||
- docutils-common
|
||||
- libffi-dev
|
||||
- libjs-sphinxdoc
|
||||
- libjs-underscore
|
||||
- libldap2-dev
|
||||
- libsasl2-dev
|
||||
- libsystemd-dev
|
||||
- libssl-dev
|
||||
- libxslt1.1
|
||||
- libxslt1-dev
|
||||
- libxml2-dev
|
||||
- pkg-config
|
||||
|
||||
keystone_service_distro_packages:
|
||||
- python3-keystone
|
||||
- python3-systemd
|
||||
- uwsgi
|
||||
- uwsgi-plugin-python3
|
||||
|
||||
keystone_apache_distro_packages:
|
||||
- apache2
|
||||
- apache2-utils
|
||||
- libapache2-mod-proxy-uwsgi
|
||||
|
||||
keystone_idp_distro_packages:
|
||||
- ssl-cert
|
||||
- xmlsec1
|
||||
|
||||
keystone_sp_apache_mod_packages:
|
||||
- name: libapache2-mod-shib
|
||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||
- name: libapache2-mod-auth-openidc
|
||||
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
||||
|
||||
keystone_developer_mode_distro_packages:
|
||||
- build-essential
|
||||
|
||||
keystone_oslomsg_amqp1_distro_packages:
|
||||
- libsasl2-modules
|
||||
- sasl2-bin
|
||||
|
||||
keystone_apache_default_sites:
|
||||
- "/etc/apache2/sites-enabled/000-default.conf"
|
||||
|
||||
keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
|
||||
keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
|
||||
keystone_apache_conf: "/etc/apache2/apache2.conf"
|
||||
keystone_apache_default_log_folder: "/var/log/apache2"
|
||||
keystone_apache_default_log_owner: "root"
|
||||
keystone_apache_default_log_grp: "adm"
|
||||
keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
|
||||
|
||||
keystone_apache_configs:
|
||||
- { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
||||
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
||||
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
||||
|
||||
keystone_apache_modules:
|
||||
- name: "ssl"
|
||||
state: "{{ (keystone_backend_ssl | bool) | ternary('present', 'absent') }}"
|
||||
- name: "shib"
|
||||
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
||||
- name: "auth_openidc"
|
||||
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
||||
- name: "proxy_uwsgi"
|
||||
state: "present"
|
||||
- name: "headers"
|
||||
state: "present"
|
||||
# This can be enabled when Apache2.5+ is available
|
||||
# - name: "mod_journald"
|
||||
# state: "present
|
||||
|
||||
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}"
|
||||
|
||||
keystone_uwsgi_bin: '/usr/bin'
|
||||
|
||||
keystone_sshd: ssh
|
||||
|
||||
# From 2.4.11, mod_auth_openidc ignores X-Forwarded headers unless explicitly configured
|
||||
_keystone_sp_apache_mod_auth_openidc_gte_2_4_11: True
|
||||
Loading…
Reference in New Issue
Block a user