Commit Graph

6 Commits

Author SHA1 Message Date
Jonathan Rosser 14a2bd072c Migrate ssl certificate generation to the PKI role
This is now common functionality in an ansible role, rather than
being implemented directly in openstack-ansible service roles.

This patch creates the apache server certificate and key using the
pki role when keystone_ssl is true.

A CA certificate and key are generated and installed when keystone
is configured to be an IDP, triggered by keystone_idp.certfile being
defined.

Depends-On: https://review.opendev.org/c/openstack/ansible-role-pki/+/830794
Change-Id: Ie70aecc93b8acb7c1bbad02e98254b7c50c4c86f
2022-03-10 09:58:39 +00:00
Dmitriy Rabotyagov d5bb4643b0 Use memcached plugin from collection
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/824148
Change-Id: I178b287a604755c0001084e8693afb9a1f080e9b
2022-01-11 16:02:54 +02:00
Guilherme Steinmüller 4d1557dcf2 Refactor memcached_servers
This patch aims to add a prefix for memcached_server
on each role to give the ability for deployers to
override the location of memcached cluster. I.e users
wants to create a single memcached cluster with k8s
for each service.

Change-Id: I57e7a977675c203d811bf0afc60ebf2c5661c284
2020-03-13 22:10:07 +00:00
Jean-Philippe Evrard 24369fc6e8 Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I562dc5430f04c09fdd63b07f0f307a273f232d0a
2018-07-12 16:44:21 +02:00
Travis Truman 8797fc707a Cleanup/standardize usage of tags
The numerous tags within the role have been condensed
to two tags: keystone-install and keystone-config

These tags have been chosen as they are namespaced
and cover the two major functions of the role.

Documentation has been updated to inform how each tag
influences the function of the role.

Change-Id: Iea4bff944ce0a35a4b1bc044171472ea44eda323
2016-05-24 15:51:03 -04:00
Miguel Grinberg 0f3dcf6e0e Keystone Federation Identity Provider Configuration
This change adds the bits necessary to configure Keystone as an
identity provider (IdP) for an external service provider (SP).

* New variables to configure Keystone as an identity provider are now
  supported under a root `keystone_idp` variable. Example configurations
  can be seen in Keystone's defaults file. This configuration includes
  the location of the signing certificate, authentication endpoints and
  list of allowed service providers.

* xmlsec1 is installed in the Keystone containers when IdP configuration
  is enabled.

* The IdP metadata and signing certiciate are generated and installed.

Implements: blueprint keystone-federation
Change-Id: I81455e593e3059633a55f7e341511d5ad9eba76f
2015-07-23 20:46:52 +01:00