0fbba8a708
With the removal of Keystone V2, the admin and public APIs serve no difference so we're better off removing those extra services. Change-Id: I2a8743357934ace7aa2accc53b0df7b3865b866f
170 lines
4.8 KiB
YAML
170 lines
4.8 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Restart web server
|
|
service:
|
|
name: "{{ (keystone_web_server == 'apache') | ternary(keystone_system_service_name, 'nginx') }}"
|
|
enabled: yes
|
|
state: restarted
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _restart
|
|
until: _restart is success
|
|
retries: 5
|
|
delay: 2
|
|
listen:
|
|
- "venv changed"
|
|
|
|
- name: Wait for web server to complete starting
|
|
wait_for:
|
|
port: "{{ item }}"
|
|
timeout: 25
|
|
delay: 10
|
|
with_items:
|
|
- "{{ keystone_service_port }}"
|
|
register: _wait_check
|
|
until: _wait_check is success
|
|
retries: 5
|
|
listen:
|
|
- "venv changed"
|
|
- "Restart web server"
|
|
|
|
- name: Stop uWSGI
|
|
service:
|
|
name: "{{ item }}"
|
|
state: "stopped"
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _stop
|
|
until: _stop is success
|
|
retries: 5
|
|
delay: 2
|
|
with_items: "{{ keystone_services.keys() | list }}"
|
|
listen:
|
|
- "venv changed"
|
|
- "Restart uWSGI"
|
|
|
|
# NOTE(mnaser): This should be removed in the Stein cycle
|
|
- name: Stop and disable keystone-wsgi-admin
|
|
shell: |
|
|
return_code=0
|
|
if [[ "$(systemctl is-active keystone-wsgi-admin)" == "active" ]]; then
|
|
systemctl stop keystone-wsgi-admin
|
|
return_code=2
|
|
fi
|
|
if [[ "$(systemctl is-enabled keystone-wsgi-admin)" == "enabled" ]]; then
|
|
systemctl disable keystone-wsgi-admin
|
|
return_code=2
|
|
fi
|
|
exit ${return_code}
|
|
args:
|
|
executable: /bin/bash
|
|
register: _remove_admin_service
|
|
changed_when: _remove_admin_service.rc == 2
|
|
failed_when: _remove_admin_service.rc not in [0, 2]
|
|
listen: "Restart uWSGI"
|
|
# This task causes ansible-lint to give a ANSIBLE0014
|
|
# error, which does not make much sense given how the
|
|
# environment variable is used in this case.
|
|
# TODO(odyssey4me):
|
|
# Try to understand the issue ansible-lint is trying
|
|
# to highlight and address it.
|
|
tags:
|
|
- skip_ansible_lint
|
|
|
|
# NOTE(mnaser): This should be removed in the Stein cycle
|
|
- name: Clean up keystone-wsgi-admin service files
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- "/etc/tmpfiles.d/openstack-keystone-wsgi-admin.conf"
|
|
- "/etc/systemd/system/keystone-wsgi-admin.service"
|
|
- "/etc/uwsgi/keystone-wsgi-admin.ini"
|
|
- "/var/www/cgi-bin/keystone/admin"
|
|
listen: "Restart uWSGI"
|
|
|
|
# Note (odyssey4me):
|
|
# The policy.json file is currently read continually by the services
|
|
# and is not only read on service start. We therefore cannot template
|
|
# directly to the file read by the service because the new policies
|
|
# may not be valid until the service restarts. This is particularly
|
|
# important during a major upgrade. We therefore only put the policy
|
|
# file in place after the service has been stopped.
|
|
#
|
|
- name: Check whether a custom policy file is being used
|
|
stat:
|
|
path: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
|
|
register: _custom_policy_file
|
|
listen:
|
|
- "venv changed"
|
|
- "Restart uWSGI"
|
|
|
|
- name: Copy new policy file into place
|
|
copy:
|
|
src: "/etc/keystone/policy.json-{{ keystone_venv_tag }}"
|
|
dest: "/etc/keystone/policy.json"
|
|
owner: "root"
|
|
group: "{{ keystone_system_group_name }}"
|
|
mode: "0640"
|
|
remote_src: yes
|
|
when:
|
|
- _custom_policy_file['stat']['exists'] | bool
|
|
listen:
|
|
- "venv changed"
|
|
- "Restart uWSGI"
|
|
|
|
- name: Start uWSGI
|
|
service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
state: "started"
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _start
|
|
until: _start is success
|
|
retries: 5
|
|
delay: 2
|
|
with_items: "{{ keystone_services.keys() | list }}"
|
|
listen:
|
|
- "venv changed"
|
|
- "Restart uWSGI"
|
|
|
|
- name: Wait for uWSGI socket to be ready
|
|
wait_for:
|
|
port: "{{ item }}"
|
|
timeout: 25
|
|
delay: 10
|
|
with_items:
|
|
- "{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}"
|
|
register: _wait_check
|
|
until: _wait_check is success
|
|
retries: 5
|
|
listen:
|
|
- "venv changed"
|
|
- "Restart uWSGI"
|
|
|
|
- name: Restart Shibd
|
|
service:
|
|
name: "shibd"
|
|
enabled: yes
|
|
state: "restarted"
|
|
daemon_reload: "{{ (ansible_service_mgr == 'systemd') | ternary('yes', omit) }}"
|
|
register: _restart
|
|
until: _restart is success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- meta: noop
|
|
listen: Manage LB
|
|
when: false
|