openstack-ansible-os_keystone/doc/source/index.rst

Keystone role for OpenStack-Ansible

configure-keystone.rst configure-federation.rst configure-federation-wrapper.rst configure-federation-sp.rst configure-federation-idp.rst configure-federation-mapping.rst

To clone or view the source code for this repository, visit the role repository for os_keystone.

Default variables

../../defaults/main.yml

Dependencies

This role needs pip >= 7.1 installed on the target host.

To use this role, define the following variables:

# hostname or IP of load balancer providing external network
# access to Keystone
external_lb_vip_address: 10.100.100.102

# hostname or IP of load balancer providing internal network
# access to Keystone
internal_lb_vip_address: 10.100.100.102

# password used by the keystone service to interact with Galera
keystone_container_mysql_password: "YourPassword"

keystone_auth_admin_password: "SuperSecretePassword"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"

This list is not exhaustive at present. See role internals for further details.

Example playbook

../../examples/playbook.yml

External Restart Hooks

When the role performs a restart of the service, it will notify an Ansible handler named Manage LB, which is a noop within this role. In the playbook, other roles may be loaded before and after this role which will implement Ansible handler listeners for Manage LB, allowing external roles to manage the load balancer endpoints responsible for sending traffic to the servers being restarted by marking them in maintenance or active mode, draining sessions, etc. For an example implementation, please reference the ansible-haproxy-endpoints role used by the openstack-ansible project.

Tags

This role supports two tags: keystone-install and keystone-config

The keystone-install tag can be used to install and upgrade.

The keystone-config tag can be used to maintain configuration of the service.