987c78c9c4
The keystoneclient package is being installed on the host by PIP but that means that a whole bunch of required dependencies are being pulled in as well. This brings the host to a rather messed up state when installing keystone from distro packages, since distribution and PIP packages are being mixed together. We can simply avoid that by only using the virtualenv where required, in which the keystone client would be installed. We still require the virtualenv package to be installed on the host from PIP at the moment to get the expected recent version of pip inside the virtualenv. Depends-On: I5a78e2120e596d36629b4ba978b2b5df76b149b0 Depends-On: Ib64dcbc960df7d369d202ce8cf7bdc29b3ee0e0a Change-Id: Ia51a1f4081b3a56819237d0352cc27c1f32f433c Implements: blueprint openstack-distribution-packages
85 lines
2.6 KiB
YAML
85 lines
2.6 KiB
YAML
---
|
|
# Copyright 2016, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
keystone_distro_packages:
|
|
- docutils-common
|
|
- git
|
|
- libffi-dev
|
|
- libjs-sphinxdoc
|
|
- libjs-underscore
|
|
- libldap2-dev
|
|
- libsasl2-dev
|
|
- libxslt1.1
|
|
- libxslt1-dev
|
|
- libxml2-dev
|
|
- python-dev
|
|
- python-keystoneclient # Keystoneclient needed to OSA keystone lib
|
|
- rsync
|
|
|
|
keystone_apache_distro_packages:
|
|
- apache2
|
|
- apache2-utils
|
|
- libapache2-mod-proxy-uwsgi
|
|
|
|
# TODO(odyssey4me):
|
|
# We can remove this in R because we only need this to
|
|
# handle upgrades from O->P in order to remove the
|
|
# package when switching to the new configuration.
|
|
keystone_mod_wsgi_distro_packages:
|
|
- libapache2-mod-wsgi
|
|
|
|
keystone_nginx_distro_packages:
|
|
- nginx-full
|
|
|
|
keystone_idp_distro_packages:
|
|
- ssl-cert
|
|
- xmlsec1
|
|
|
|
keystone_sp_distro_packages:
|
|
- libapache2-mod-shib2
|
|
|
|
keystone_developer_mode_distro_packages:
|
|
- build-essential
|
|
|
|
keystone_apache_default_sites:
|
|
- "/etc/apache2/sites-enabled/000-default.conf"
|
|
|
|
keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
|
|
keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
|
|
keystone_apache_conf: "/etc/apache2/apache2.conf"
|
|
keystone_apache_default_log_folder: "/var/log/apache2"
|
|
keystone_apache_default_log_owner: "root"
|
|
keystone_apache_default_log_grp: "adm"
|
|
keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
|
|
|
|
keystone_apache_configs:
|
|
- { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
|
|
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
|
|
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
|
|
|
|
keystone_apache_modules:
|
|
- name: "ssl"
|
|
state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
|
|
- name: "shib2"
|
|
state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
|
|
- name: "proxy_http"
|
|
state: "present"
|
|
- name: "headers"
|
|
state: "present"
|
|
|
|
keystone_nginx_conf_path: "sites-available"
|
|
|
|
keystone_system_service_name: apache2
|