64a01c573b
Due to the debug message plugin the handler restart messages show at the end of the playbook execution which is a little confusing. Using debug also requires setting changed_when to true which is a little extra bit of code which we do not have to carry. Instead we use the command module which is simple, works and less wordy. Change-Id: I9e3acb966c0d16b61fbc998642e36f4015064155
173 lines
4.5 KiB
YAML
173 lines
4.5 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Restart web server on first node
|
|
command: "/bin/true"
|
|
notify:
|
|
- Restart web server
|
|
- Wait for web server to complete starting
|
|
when:
|
|
- inventory_hostname == groups['keystone_all'][0]
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Restart web server on other nodes
|
|
command: "/bin/true"
|
|
notify:
|
|
- Restart web server
|
|
- Wait for web server to complete starting
|
|
when:
|
|
- inventory_hostname != groups['keystone_all'][0]
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Restart web server
|
|
service:
|
|
name: "{{ (keystone_apache_enabled | bool) | ternary(keystone_system_service_name, 'nginx') }}"
|
|
enabled: yes
|
|
state: restarted
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _restart
|
|
until: _restart | success
|
|
retries: 5
|
|
delay: 2
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Wait for web server to complete starting
|
|
wait_for:
|
|
port: "{{ item }}"
|
|
timeout: 25
|
|
delay: 10
|
|
with_items:
|
|
- "{{ keystone_service_port }}"
|
|
- "{{ keystone_admin_port }}"
|
|
register: _wait_check
|
|
until: _wait_check | success
|
|
retries: 5
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Restart uWSGI on first node
|
|
command: "/bin/true"
|
|
when:
|
|
- inventory_hostname == groups['keystone_all'][0]
|
|
notify:
|
|
- Stop uWSGI
|
|
- Copy new policy file into place
|
|
- Start uWSGI
|
|
- Wait for uWSGI socket to be ready
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Restart uWSGI on other nodes
|
|
command: "/bin/true"
|
|
when:
|
|
- inventory_hostname != groups['keystone_all'][0]
|
|
notify:
|
|
- Stop uWSGI
|
|
- Copy new policy file into place
|
|
- Start uWSGI
|
|
- Wait for uWSGI socket to be ready
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Stop uWSGI
|
|
service:
|
|
name: "{{ item }}"
|
|
state: "stopped"
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _stop
|
|
until: _stop | success
|
|
retries: 5
|
|
delay: 2
|
|
with_items: "{{ keystone_wsgi_program_names }}"
|
|
when:
|
|
- not keystone_mod_wsgi_enabled | bool
|
|
tags:
|
|
- keystone-config
|
|
|
|
# Note (odyssey4me):
|
|
# The policy.json file is currently read continually by the services
|
|
# and is not only read on service start. We therefore cannot template
|
|
# directly to the file read by the service because the new policies
|
|
# may not be valid until the service restarts. This is particularly
|
|
# important during a major upgrade. We therefore only put the policy
|
|
# file in place after the service has been stopped.
|
|
#
|
|
- name: Copy new policy file into place
|
|
copy:
|
|
src: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
|
|
dest: "/etc/keystone/policy.json"
|
|
owner: "root"
|
|
group: "{{ keystone_system_group_name }}"
|
|
mode: "0640"
|
|
remote_src: yes
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Start uWSGI
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: "started"
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _start
|
|
until: _start | success
|
|
retries: 5
|
|
delay: 2
|
|
with_items: "{{ keystone_wsgi_program_names }}"
|
|
when:
|
|
- not keystone_mod_wsgi_enabled | bool
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Wait for uWSGI socket to be ready
|
|
wait_for:
|
|
port: "{{ item }}"
|
|
timeout: 25
|
|
delay: 10
|
|
with_items:
|
|
- "{{ keystone_uwsgi_ports['keystone-wsgi-admin']['socket'] }}"
|
|
- "{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}"
|
|
when:
|
|
- not keystone_mod_wsgi_enabled | bool
|
|
register: _wait_check
|
|
until: _wait_check | success
|
|
retries: 5
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Restart Shibd
|
|
service:
|
|
name: "shibd"
|
|
enabled: yes
|
|
state: "restarted"
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _restart
|
|
until: _restart | success
|
|
retries: 5
|
|
delay: 2
|
|
tags:
|
|
- keystone-config
|
|
|
|
- name: Perform a Keystone DB sync contract
|
|
command: "{{ keystone_bin }}/keystone-manage db_sync --contract"
|
|
become: yes
|
|
become_user: "{{ keystone_system_user_name }}"
|
|
tags:
|
|
- keystone-config
|
|
|