All references to Gentoo, SUSE, Debian stretch and Centos-7 are removed.
Conditional tasks, ternary operators and variables are simplified where possible
OS specific variables files are generalised where possible
Change-Id: I1624730385a7b54cf36a94d313cc298430129736
This patch adds support for using mod_auth_openidc instead of shibboleth for
supporting users who have a preference to use oidc for federation. A new
variable called apache_mod is added to keystone_sp allowing the auth library
to be selected. If left undefined shibboleth auth module will continue to be
installed by default maintaining backward compatibility.
This patch does not support simultaneous use of shibboleth and mod_auth_openidc
primarily because shib2 depends on libcurl3 but mod_auth_openidc depends on
libcurl4 which cannot coexist on Ubuntu. This can be resolved when there is a
shib3 package available in a future release of Ubuntu.
Change-Id: I80031f7d3f0fcc2029cd6861dcb6687e8a9f0a2e
With Train (current master) openSUSE is switching the openstack packages
to use Python 3. This means that we need to use the python3 module for
uwsgi.
Change-Id: I0fcb9d6a1df8893f3f4e6593a1614611e6712418
Keystone requires this package at runtime and currently assumes
that it is present in the environment. This patch ensures that
assumption is correct.
Change-Id: Ifb427af8ec4d18089732b7e77a2703f535631e6e
This reverts commit 781835e752.
The package is actually required on the memcached hosts, not
the keystone hosts. This helped make role tests pass because
in the role tests memcache and keystone are often on the same
containers.
The actual fix will be https://review.openstack.org/613099 which
ensures that netcat is installed on the memcache hosts instead.
Depends-On: https://review.openstack.org/613099
Change-Id: I55158c332a35e150f61541e8c2c1390e397d7d2c
Commit afc0e5b1ce ("Add memcache flushing handler on db migrations")
added an implicit dependency to the 'nc' package but it did not add it
to the list of required packages so things break like this:
["/bin/sh: nc: command not found"]
As such, we need to add the package to the rest of the distro packages.
Fixes: afc0e5b1ce ("Add memcache flushing handler on db migrations")
Change-Id: Ieab35215e84d6971cd9c2068206ebf2103cbc4b4
The ssh service on ubuntu based systems is "ssh" which is established by
the service unit path `/lib/systemd/system/ssh.service`. When running
the service will respond to the name "sshd" however this is just an
alias. This change adds a variable to set the service unit name
based on the distro family which will allow the service to start should
it be masked.
The change will now delegate to all nodes within the keystone cluster
ensuring ssh is enabled and started. If SSH is not running everywhere at
the same time keystone key rotation will not be possible later on in the
role.
Change-Id: I552a6bb09b3ab917bfcad140633fe4662c0c5a82
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
The keystone containers rely on SSHD for the key synchronisation,
so in this patch we ensure that it is installed, enabled and
running.
Change-Id: I044c080dba1068f79f4018b54b8ad120192b3932
To make the transition between versions easier,
we rename the vars file. This also resolves
issues when meta-dependent role inclusions do
not pick up the correct file when using the
include_vars task with multiple search paths.
Change-Id: Ibe1758b4d2187f0bd85368ce91089ea30ca652ac