6661a9dab7
To standarize variable name across roles, this change renames `keystone_ssl` to `keystone_backend_ssl`. All other roles use `<service>_backend_ssl` format. It also better describes what it does. With `keystone_ssl` it's unclear whether it is about frontend or backend. Backward compatibility will not be implemented because securing haproxy traffic to its backends with TLS is currently not supported by OSA so it is hard to leverage `keystone_ssl` variable anyway. Change-Id: Ibf8607a4cf62ab518a09d64b1054ff7fbc580000
103 lines
3.0 KiB
YAML
103 lines
3.0 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
cache_timeout: 600
|
|
|
|
keystone_distro_packages:
|
|
- git
|
|
- openssh-server
|
|
- rsync
|
|
- cron
|
|
- libpython3-dev
|
|
|
|
keystone_devel_distro_packages:
|
|
- docutils-common
|
|
- libffi-dev
|
|
- libjs-sphinxdoc
|
|
- libjs-underscore
|
|
- libldap2-dev
|
|
- libsasl2-dev
|
|
- libsystemd-dev
|
|
- libssl-dev
|
|
- libxslt1.1
|
|
- libxslt1-dev
|
|
- libxml2-dev
|
|
- pkg-config
|
|
|
|
keystone_service_distro_packages:
|
|
- python3-keystone
|
|
- python3-systemd
|
|
- uwsgi
|
|
- uwsgi-plugin-python3
|
|
|
|
keystone_apache_distro_packages:
|
|
- apache2
|
|
- apache2-utils
|
|
- libapache2-mod-proxy-uwsgi
|
|
|
|
keystone_idp_distro_packages:
|
|
- ssl-cert
|
|
- xmlsec1
|
|
|
|
keystone_sp_apache_mod_packages:
|
|
- name: libapache2-mod-shib2
|
|
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
|
- name: libapache2-mod-auth-openidc
|
|
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
|
|
|
keystone_developer_mode_distro_packages:
|
|
- build-essential
|
|
|
|
keystone_oslomsg_amqp1_distro_packages:
|
|
- libsasl2-modules
|
|
- sasl2-bin
|
|
|
|
keystone_apache_default_sites:
|
|
- "/etc/apache2/sites-enabled/000-default.conf"
|
|
|
|
keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
|
|
keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
|
|
keystone_apache_conf: "/etc/apache2/apache2.conf"
|
|
keystone_apache_default_log_folder: "/var/log/apache2"
|
|
keystone_apache_default_log_owner: "root"
|
|
keystone_apache_default_log_grp: "adm"
|
|
keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
|
|
|
|
keystone_apache_configs:
|
|
- { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
|
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
|
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
|
|
|
keystone_apache_modules:
|
|
- name: "ssl"
|
|
state: "{{ (keystone_backend_ssl | bool) | ternary('present', 'absent') }}"
|
|
- name: "shib2"
|
|
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
|
|
- name: "auth_openidc"
|
|
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
|
|
- name: "proxy_uwsgi"
|
|
state: "present"
|
|
- name: "headers"
|
|
state: "present"
|
|
# This can be enabled when Apache2.5+ is available
|
|
# - name: "mod_journald"
|
|
# state: "present
|
|
|
|
keystone_system_service_name: "{{ (keystone_use_uwsgi | bool) | ternary('keystone-wsgi-public', 'apache2') }}"
|
|
|
|
keystone_uwsgi_bin: '/usr/bin'
|
|
|
|
keystone_sshd: ssh
|