Commit Graph

8 Commits

Author SHA1 Message Date
Jonathan Rosser be2efe9f8f Tidy IDP setup task files
Remove task files with just a single task and move the tasks up
one layer.

Change-Id: Iffdc333170987aa49d267ee749542c875a262d97
2022-03-10 09:58:57 +00:00
Dmitriy Rabotyagov d5bb4643b0 Use memcached plugin from collection
Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/824148
Change-Id: I178b287a604755c0001084e8693afb9a1f080e9b
2022-01-11 16:02:54 +02:00
Jean-Philippe Evrard 24369fc6e8 Fix usage of "|" for tests
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.

This should fix it.

Change-Id: I562dc5430f04c09fdd63b07f0f307a273f232d0a
2018-07-12 16:44:21 +02:00
Markos Chandras a3e3368ad1 Do not log passwords
This prevents data to be leaked into the callback plugin.

Change-Id: If3f5c6d25a198dc82fd702ffb82a5ae438e775ba
2018-04-17 12:24:23 +01:00
Travis Truman d208029342 Ansible 2.x - Address deprecation warning of bare variables
Ansible 2.2 will not allow "bare" variable references
in with_* loops. See https://docs.ansible.com/ansible/porting_guide_2.0.html#deprecated
for details.

Change-Id: I0e14d913a069fa25b90cfd8daf922ae093056203
2016-07-11 08:57:41 -04:00
Travis Truman 8797fc707a Cleanup/standardize usage of tags
The numerous tags within the role have been condensed
to two tags: keystone-install and keystone-config

These tags have been chosen as they are namespaced
and cover the two major functions of the role.

Documentation has been updated to inform how each tag
influences the function of the role.

Change-Id: Iea4bff944ce0a35a4b1bc044171472ea44eda323
2016-05-24 15:51:03 -04:00
Jimmy McCrory a08d7b1ce8 Use keystone-manage bootstrap command
https://review.openstack.org/#/c/255599/ implemented a keystone-manage
bootstrap command as an alternative to using an admin token when
bootstrapping the keystone service. Admin tokens have been deprecated
as of Mitaka and will be removed in Ocata.

The use of this command replaces tasks to create the admin user, its
password, role, and project and the keystone service endpoints.

The keystone_auth_admin_token variable has been removed and its use in
any tasks against the keystone library have been replaced with login
credentials for the admin user.

The functional test has been updated to use the current head of
stable/mitaka and master for keystone and requirements respectively. The
policy and api-paste files have also been updated from the head of
keystone stable/mitaka.

This change will require updates to make use of the same SHAs in the
integrated openstack-ansible repo and in a majority of the OpenStack
service roles' tests.

Change-Id: I720fab85efe11a7512a124e44a73cf67b5f686b5
2016-03-16 21:37:55 -07:00
Miguel Grinberg 0f3dcf6e0e Keystone Federation Identity Provider Configuration
This change adds the bits necessary to configure Keystone as an
identity provider (IdP) for an external service provider (SP).

* New variables to configure Keystone as an identity provider are now
  supported under a root `keystone_idp` variable. Example configurations
  can be seen in Keystone's defaults file. This configuration includes
  the location of the signing certificate, authentication endpoints and
  list of allowed service providers.

* xmlsec1 is installed in the Keystone containers when IdP configuration
  is enabled.

* The IdP metadata and signing certiciate are generated and installed.

Implements: blueprint keystone-federation
Change-Id: I81455e593e3059633a55f7e341511d5ad9eba76f
2015-07-23 20:46:52 +01:00