openstack
/
openstack-ansible-os_keystone
Code Issues Proposed changes
994 Commits 8 Branches 17 Tags 11 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Dmitriy Rabotyagov eea1a4853f Fix linters and metadata 
With update of ansible-lint to version >=6.0.0 a lot of new
linters were added, that enabled by default. In order to comply
with linter rules we're applying changes to the role.

With that we also update metdata to reflect current state.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-systemd_service/+/888223
Change-Id: Id92330b3c709201a74612c8353cefa75778eac0c
 2023-07-14 20:44:53 +02:00
Kevin Carter 56eadbfa76 Set the user argument in the cron module 
This change sets the user argument in the cron module which is
required in future versions of ansible when the cron_file argument
is also used.

Filter deprecations for skipped items have also been fixed.

Change-Id: I803cd3c62707880e873662ea86590274b2766d21
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
 2019-02-22 02:12:23 +00:00
Jonathan Rosser b564d1775d Fix ansible deprecation warnings 
===
[DEPRECATION WARNING]: Using tests as filters is deprecated.
Instead of using `result|search` use `result is search`. This
feature will be removed in version 2.9.
===

Change-Id: I8e856ecaeb82446785dbdcd23688bb0db0a30857
 2018-12-03 17:23:30 +00:00
Jean-Philippe Evrard 24369fc6e8 Fix usage of "|" for tests 
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I562dc5430f04c09fdd63b07f0f307a273f232d0a
 2018-07-12 16:44:21 +02:00
Logan V b3425781ec Rebuild credential-key repo during keystone[0] rebuild 
When the first Keystone container is rebult in an existing environment,
the credential key repository is overwritten with new keys and the
existing keys are overwritten on the other infrastructure hosts without
any migration taking place. This results in an irrevocable loss of
the keys used to encrypt the credentials.

Now we will collect keys from any existing credential keys on the other
containers and use them to rebuild the credential-key repo on the primary
container before performing a key migration and rotation.

If no keys are found on the other containers, we will perform a
credential_setup on the primary container and sync the keys, just
as we would have before.

Closes-Bug: #1667960
Change-Id: Ic616d397574573629273838fbf68ea3f6bdb0468
 2017-03-04 02:46:39 +00:00
Andy McCrae fbd9535221 Add credential_setup for keystone 
We need to setup the appropriate directory for credential_setup and run
the keystone-manage credential_setup command.

We created the directory and the '[credential]' stanza in the
keystone.conf, which will ensure we can add additional settings using
config_template if any further are required.

We need to setup the autorotation cron job and distribution for
credential keys.

Additionally, we include all tempest tests now that we are
supporting this feature.

Change-Id: Ifd85ed1a64538ed037e4426cc50238d2b16d51e5
 2016-09-08 12:06:48 +01:00