Implement LDAP domains using last keystone host
To ensure that the domains can be created, we only execute the tasks on the last member of the keystone_all group so that the load balancer has at least one other host to work against. We also replace the OSA keystone module in the task with the standard Ansible module, and delegate the task to the service setup host. Change-Id: I66ed21cdcf42d0c2012062c8cf74305fecbec312
This commit is contained in:
parent
91edbed231
commit
096ed19665
|
@ -13,19 +13,22 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
- name: Create Keystone LDAP domains
|
||||
keystone:
|
||||
command: ensure_domain
|
||||
domain_name: "{{ item.key }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
- name: Add LDAP domains
|
||||
os_keystone_domain:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ item.key }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_ldap_domain
|
||||
until: add_ldap_domain is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_dict: "{{ keystone_ldap }}"
|
||||
no_log: true
|
||||
run_once: true
|
||||
delegate_to: "{{ keystone_service_setup_host }}"
|
||||
vars:
|
||||
ansible_python_interpreter: >-
|
||||
{{ (keystone_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }}
|
||||
|
||||
- name: Create Keystone LDAP domain configs
|
||||
template:
|
||||
|
|
|
@ -164,7 +164,9 @@
|
|||
- keystone-config
|
||||
|
||||
- include_tasks: keystone_ldap_setup.yml
|
||||
when: keystone_service_setup | bool
|
||||
when:
|
||||
- "inventory_hostname == ((groups['keystone_all'] | intersect(ansible_play_hosts)) | list)[-1]"
|
||||
- "keystone_service_setup | bool"
|
||||
tags:
|
||||
- keystone-config
|
||||
|
||||
|
|
Loading…
Reference in New Issue