--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Restart web server on first node command: "/bin/true" notify: - Restart web server - Wait for web server to complete starting when: - inventory_hostname == groups['keystone_all'][0] tags: - keystone-config - name: Restart web server on other nodes command: "/bin/true" notify: - Restart web server - Wait for web server to complete starting when: - inventory_hostname != groups['keystone_all'][0] tags: - keystone-config - name: Restart web server service: name: "{{ (keystone_apache_enabled | bool) | ternary(keystone_system_service_name, 'nginx') }}" enabled: yes state: restarted daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" register: _restart until: _restart | success retries: 5 delay: 2 tags: - keystone-config - name: Wait for web server to complete starting wait_for: port: "{{ item }}" timeout: 25 delay: 10 with_items: - "{{ keystone_service_port }}" - "{{ keystone_admin_port }}" register: _wait_check until: _wait_check | success retries: 5 tags: - keystone-config - name: Restart uWSGI on first node command: "/bin/true" when: - inventory_hostname == groups['keystone_all'][0] notify: - Stop uWSGI - Copy new policy file into place - Start uWSGI - Wait for uWSGI socket to be ready tags: - keystone-config - name: Restart uWSGI on other nodes command: "/bin/true" when: - inventory_hostname != groups['keystone_all'][0] notify: - Stop uWSGI - Copy new policy file into place - Start uWSGI - Wait for uWSGI socket to be ready tags: - keystone-config - name: Stop uWSGI service: name: "{{ item }}" state: "stopped" daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" register: _stop until: _stop | success retries: 5 delay: 2 with_items: "{{ keystone_wsgi_program_names }}" when: - not keystone_mod_wsgi_enabled | bool tags: - keystone-config # Note (odyssey4me): # The policy.json file is currently read continually by the services # and is not only read on service start. We therefore cannot template # directly to the file read by the service because the new policies # may not be valid until the service restarts. This is particularly # important during a major upgrade. We therefore only put the policy # file in place after the service has been stopped. # - name: Copy new policy file into place copy: src: "/etc/keystone/policy.json-{{ keystone_venv_tag }}" dest: "/etc/keystone/policy.json" owner: "root" group: "{{ keystone_system_group_name }}" mode: "0640" remote_src: yes tags: - keystone-config - name: Start uWSGI service: name: "{{ item }}" enabled: yes state: "started" daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" register: _start until: _start | success retries: 5 delay: 2 with_items: "{{ keystone_wsgi_program_names }}" when: - not keystone_mod_wsgi_enabled | bool tags: - keystone-config - name: Wait for uWSGI socket to be ready wait_for: port: "{{ item }}" timeout: 25 delay: 10 with_items: - "{{ keystone_uwsgi_ports['keystone-wsgi-admin']['socket'] }}" - "{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}" when: - not keystone_mod_wsgi_enabled | bool register: _wait_check until: _wait_check | success retries: 5 tags: - keystone-config - name: Restart Shibd service: name: "shibd" enabled: yes state: "restarted" daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}" register: _restart until: _restart | success retries: 5 delay: 2 tags: - keystone-config - name: Perform a Keystone DB sync contract command: "{{ keystone_bin }}/keystone-manage db_sync --contract" become: yes become_user: "{{ keystone_system_user_name }}" tags: - keystone-config