openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes

Remove references to unsupported operating systems 

All references to Gentoo, SUSE, Debian stretch and Centos-7  are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible

Change-Id: I1624730385a7b54cf36a94d313cc298430129736
This commit is contained in:
Jonathan Rosser 2021-03-10 12:16:38 +00:00
parent 489c169874
commit 0f2b8e16c9
8 changed files with 13 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
handlers/main.yml
View File

@ -100,7 +100,6 @@
nc_command:
debian: nc -q 1 $(awk '/^\-l/ {print $2}' "/etc/memcached.conf" | awk -F, '{print $1}') $(awk '/^\-p/ {print $2}' "/etc/memcached.conf")
redhat: nc $(awk -F '-l' '/^OPTIONS/ {print $2}' "/etc/sysconfig/memcached" | awk -F ',' '{gsub(/"/, "", $1); print $1}' | awk -F '-' '{print $1}') 11211
suse: nc -w 1 $(awk -F '-l' '/^MEMCACHED_PARAMS/ {print $2}' "/etc/sysconfig/memcached" | awk -F ',' '{gsub(/"/, "", $1); print $1}' | awk -F '-' '{print $1}') 11211
shell: "echo 'flush_all' | {{ nc_command.get(ansible_facts['os_family'] | lower) }}"
delegate_to: "{{ item }}"
with_items: "{{ groups.memcached_all }}"

9
meta/main.yml
View File

@ -22,17 +22,14 @@ galaxy_info:
platforms:
- name: Debian
versions:
- stretch
- buster
- name: Ubuntu
versions:
- xenial
- bionic
- focal
- name: EL
versions:
- 7
- name: opensuse
versions:
- 15
- 8
categories:
- cloud
- python

6
tasks/keystone_apache.yml
View File

@ -44,14 +44,14 @@
- Restart web server
## NOTE(cloudnull):
## Module enable/disable process is only functional on Debian and SUSE based systems.
## Module enable/disable process is only functional on Debian
- name: Enable/disable apache2 modules
apache2_module:
name: "{{ item.name }}"
state: "{{ item.state }}"
with_items: "{{ keystone_apache_modules }}"
when:
- ansible_facts['pkg_mgr'] in ['apt', 'zypper']
- ansible_facts['pkg_mgr'] == 'apt'
notify:
- Manage LB
- Restart web server
@ -64,7 +64,7 @@
line: 'LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so'
state: "present"
when:
- ansible_facts['pkg_mgr'] in ['yum', 'dnf']
- ansible_facts['pkg_mgr'] == 'dnf'
notify:
- Manage LB
- Restart web server

18
tasks/keystone_install.yml
View File

@ -24,7 +24,7 @@
- { path: "/var/lock/keystone", mode: "2755" }
- { path: "/var/log/httpd", mode: "2755" }
when:
- ansible_facts['pkg_mgr'] in ['yum', 'dnf']
- ansible_facts['pkg_mgr'] == 'dnf'
- name: Create system links
file:
@ -34,7 +34,7 @@
with_items:
- { src: "/var/log/httpd", dest: "/var/log/apache2" }
when:
- ansible_facts['pkg_mgr'] in ['yum', 'dnf']
- ansible_facts['pkg_mgr'] == 'dnf'
- name: Add shibboleth repo
yum_repository:
@ -44,7 +44,7 @@
gpgkey: "{{ keystone_centos_shibboleth_key }}"
gpgcheck: yes
when:
- ansible_facts['pkg_mgr'] in ['yum', 'dnf']
- ansible_facts['pkg_mgr'] == 'dnf'
- keystone_sp != {}
- name: Add NGINX repository keys
@ -52,7 +52,7 @@
key: "{{ keystone_centos_nginx_key }}"
state: present
when:
- ansible_facts['pkg_mgr'] in ['yum', 'dnf']
- ansible_facts['pkg_mgr'] == 'dnf'
- keystone_web_server == 'nginx'
register: add_nginx_key
until: add_nginx_key is success
@ -65,7 +65,7 @@
description: 'nginx repo'
baseurl: "{{ keystone_centos_nginx_mirror }}"
when:
- ansible_facts['pkg_mgr'] in ['yum', 'dnf']
- ansible_facts['pkg_mgr'] == 'dnf'
- keystone_web_server == 'nginx'
register: add_nginx_repo
until: add_nginx_repo is success
@ -87,9 +87,6 @@
name: "{{ (keystone_web_server == 'nginx') | ternary(keystone_apache_distro_packages, keystone_nginx_distro_packages) }}"
state: absent
autoremove: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
newuse: "{{ (ansible_facts['pkg_mgr'] == 'portage') | ternary('yes', omit) }}"
changed_use: "{{ (ansible_facts['pkg_mgr'] == 'portage') | ternary('yes', omit) }}"
noreplace: "{{ (ansible_facts['pkg_mgr'] == 'portage') | ternary('yes', omit) }}"
when: "(is_metal is undefined) or
not (is_metal | bool)"
@ -97,11 +94,8 @@
package:
name: "{{ keystone_package_list }}"
state: "{{ keystone_package_state }}"
update_cache: "{{ (ansible_facts['pkg_mgr'] in ['apt', 'zypper']) | ternary('yes', omit) }}"
update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(cache_timeout, omit) }}"
newuse: "{{ (ansible_facts['pkg_mgr'] == 'portage') | ternary('yes', omit) }}"
changed_use: "{{ (ansible_facts['pkg_mgr'] == 'portage') | ternary('yes', omit) }}"
noreplace: "{{ (ansible_facts['pkg_mgr'] == 'portage') | ternary('yes', omit) }}"
register: install_packages
until: install_packages is success
retries: 5

14
tasks/keystone_nginx.yml
View File

@ -58,20 +58,6 @@
- Manage LB
- Restart web server
# NOTE(prometheanfire): Nginx needs to be told to load configs from keystone_nginx_conf_path
- name: Configure nginx.conf
copy:
src: nginx.conf
dest: /etc/nginx/nginx.conf
mode: "0644"
group: root
owner: root
when:
- ansible_facts['pkg_mgr'] == 'portage'
notify:
- Manage LB
- Restart web server
# Configure app
- name: Configure virtual hosts
template:

2
templates/keystone-uwsgi.ini.j2
View File

@ -6,7 +6,7 @@ gid = {{ keystone_system_group_name }}
{% if keystone_install_method == 'source' %}
virtualenv = /openstack/venvs/keystone-{{ keystone_venv_tag }}
{% endif %}
{% if keystone_install_method == 'distro' and (ansible_os_family | lower) in ['debian', 'suse' ] %}
{% if keystone_install_method == 'distro' and (ansible_os_family | lower) == 'debian' %}
plugin = python3
{% endif %}
wsgi-file = {{ keystone_bin }}/{{ item }}

85
vars/gentoo.yml
View File

@ -1,85 +0,0 @@
---
# Copyright 2019, Matthew Thode
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
cache_timeout: 600
keystone_distro_packages:
- dev-vcs/git
- net-misc/openssh
- net-misc/rsync
- sys-process/cronie
keystone_devel_distro_packages:
- dev-python/docutils
- net-nds/openldap
- dev-libs/cyrus-sasl
- dev-libs/libxslt
- dev-libs/libxml2
keystone_service_distro_packages:
- sys-auth/keystone
- dev-python/python-systemd
- www-servers/uwsgi
keystone_apache_distro_packages:
- www-servers/apache
- app-admin/apache-tools
keystone_nginx_distro_packages:
- www-servers/nginx
keystone_idp_distro_packages:
- dev-libs/xmlsec
keystone_sp_distro_packages: [] # nope
keystone_developer_mode_distro_packages: []
keystone_oslomsg_amqp1_distro_packages:
- dev-libs/cyrus-sasl
keystone_apache_default_sites:
- "/etc/apache2/sites-enabled/000-default.conf"
keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
keystone_apache_conf: "/etc/apache2/apache2.conf"
keystone_apache_default_log_folder: "/var/log/apache2"
keystone_apache_default_log_owner: "root"
keystone_apache_default_log_grp: "adm"
keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"
keystone_apache_configs:
- { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }
keystone_apache_modules:
- name: "ssl"
state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
- name: "shib2"
state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
- name: "proxy_http"
state: "present"
- name: "headers"
state: "present"
# This can be enabled when Apache2.5+ is available
# - name: "mod_journald"
# state: "present
keystone_nginx_conf_path: "sites-available"
keystone_system_service_name: apache2
keystone_uwsgi_bin: '/usr/bin'
keystone_sshd: sshd

115
vars/suse.yml
View File

@ -1,115 +0,0 @@
---
# Copyright 2016, Rackspace US, Inc.
# Copyright 2017, SUSE LINUX GmbH.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
keystone_distro_packages:
- ca-certificates
- cron
- git-core
- openssh
- rsync
keystone_devel_distro_packages:
- cyrus-sasl-devel
- libffi-devel
- libopenssl-devel
- libxml2-devel
- libxslt-devel
- openldap2-devel
- systemd-devel
- pkg-config
- python3-devel
keystone_service_distro_packages:
- openstack-keystone
- uwsgi
- uwsgi-python3
keystone_apache_distro_packages:
- apache2
- apache2-utils
- apache2-mod_proxy_uwsgi
keystone_mod_proxy_uwsgi_distro_packages:
- apache2-mod_uwsgi
keystone_nginx_distro_packages:
- nginx
keystone_idp_distro_packages:
- xmlsec1
keystone_sp_distro_packages:
- "{{ keystone_sp_apache_mod_auth_openidc | ternary('apache2-mod_auth_openidc',
'shibboleth-sp') }}"
keystone_developer_mode_distro_packages:
- "{{ (ansible_facts['distribution_version'] is version ('42', '>=')) | ternary('patterns-openSUSE-devel_basis', 'patterns-devel-base-devel_basis') }}"
keystone_oslomsg_amqp1_distro_packages:
- cyrus-sasl
- cyrus-sasl-plain
- cyrus-sasl-digestmd5
keystone_apache_default_sites:
- "/etc/apache2/conf.d/gitweb.conf"
keystone_apache_conf: "/etc/apache2/httpd.conf"
keystone_apache_default_log_folder: "/var/log/apache2"
keystone_apache_default_log_owner: "root"
keystone_apache_default_log_grp: "root"
keystone_apache_security_conf: "{{ keystone_apache_conf }}"
keystone_apache_configs:
- { src: "keystone-ports.conf.j2", dest: "/etc/apache2/conf.d/ports.conf" }
- { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/conf.d/keystone-httpd.conf" }
- { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mod_{{ keystone_httpd_mpm_backend }}.conf" }
keystone_apache_modules:
- name: "authz_host"
state: "present"
- name: "access_compat"
state: "present"
- name: "version"
state: "present"
- name: "ssl"
state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
- name: "shib2"
state: "{{ keystone_sp_apache_mod_shib | ternary('present', 'absent') }}"
- name: "auth_openidc"
state: "{{ keystone_sp_apache_mod_auth_openidc | ternary('present', 'absent') }}"
- name: "proxy"
state: "present"
- name: "proxy_http"
state: "present"
- name: "proxy_fcgi"
state: "present"
- name: "proxy_wstunnel"
state: "present"
- name: "proxy_uwsgi"
state: "present"
- name: "headers"
state: "present"
# This can be enabled when Apache2.5+ is available
# - name: "mod_journald"
# state: "present"
keystone_nginx_conf_path: 'conf.d'
keystone_system_service_name: apache2
keystone_uwsgi_bin: '/usr/sbin'
keystone_sshd: sshd