Merge "Updated ldap config to support multi domain"

2015-05-14 17:14:27 +00:00 · 2015-05-14 17:14:27 +00:00 · 2d24912c1c
commit 2d24912c1c
parent 56b84f0e34 f79738cf1f
5 changed files with 21 additions and 10 deletions
--- a/playbooks/roles/os_keystone/defaults/main.yml
+++ b/playbooks/roles/os_keystone/defaults/main.yml
@ -134,6 +134,9 @@ keystone_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
 #     password: "secrete"
 #     ...

+keystone_ldap_identity_driver: keystone.identity.backends.ldap.Identity
+keystone_ldap_domain_config_dir: /etc/keystone/domains
+
 ## Policy vars
 # Provide a list of access controls to update the default policy.json with. These changes will be merged
 # with the access controls in the default policy.json. E.g.
--- a/playbooks/roles/os_keystone/tasks/keystone_post_install.yml
+++ b/playbooks/roles/os_keystone/tasks/keystone_post_install.yml
@ -21,6 +21,7 @@
    group: "{{ keystone_system_group_name }}"
  with_items:
    - { src: "keystone.conf.j2", dest: "/etc/keystone/keystone.conf" }
+    - { src: "keystone.Default.conf.j2", dest: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf" }
  notify:
    - Restart Apache
  tags:
--- a/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml
+++ b/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml
@ -41,6 +41,7 @@
    group: "{{ item.group|default(keystone_system_group_name) }}"
  with_items:
    - { path: "/etc/keystone" }
+    - { path: "{{ keystone_ldap_domain_config_dir }}" }
    - { path: "/etc/keystone/ssl" }
    - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
    - { path: "{{ keystone_system_user_home }}" }
--- a/playbooks/roles/os_keystone/templates/keystone.Default.conf.j2
+++ b/playbooks/roles/os_keystone/templates/keystone.Default.conf.j2
@ -0,0 +1,12 @@
+# LDAP configuration options
+{% if keystone_ldap is defined %}
+[identity]
+driver = {{ keystone_ldap_identity_driver }}
+
+{% for section in keystone_ldap|dictsort %}
+[{{ section.0 }}]
+{% for key, value in section.1.items() %}
+{{ key }} = {{ value }}
+{% endfor %}
+{% endfor %}
+{% endif %}
--- a/playbooks/roles/os_keystone/templates/keystone.conf.j2
+++ b/playbooks/roles/os_keystone/templates/keystone.conf.j2
@ -56,6 +56,10 @@ pool_timeout = {{ keystone_database_pool_timeout }}

 [identity]
 driver = {{ keystone_identity_driver }}
+{% if keystone_ldap is defined %}
+domain_config_dir = {{ keystone_ldap_domain_config_dir }}
+domain_specific_drivers_enabled = True
+{% endif %}


 [assignment]
@ -68,16 +72,6 @@ caching = true
 driver = {{ keystone_resource_driver }}


-{% if keystone_ldap is defined %}
-{% for section in keystone_ldap|dictsort %}
-[{{ section.0 }}]
-{% for key, value in section.1.items() %}
-{{ key }} = {{ value }}
-{% endfor %}
-{% endfor %}
-{% endif %}
-
-
 [token]
 enforce_token_bind = permissive
 expiration = {{ keystone_token_expiration }}