Remove dangling Default domain cfg file

The multi-domain LDAP support added in 12.0.6 left behind a keystone.Default.conf file that causes Keystone errors when adding a new domain backed by LDAP. This patch removes the file unless the deployer has specifically created a domain called 'Default'. This is a combined backport of: - https://review.openstack.org/287440 (patch) - https://review.openstack.org/287444 (release notes) Closes-bug: 1547542 Change-Id: I28cbd9afece968002db10e899c5172f1fd3dcc1a
2016-03-04 07:49:23 -06:00 · 2016-03-04 07:49:23 -06:00 · aafb287c64
parent 9fc96eb7e1
commit aafb287c64
2 changed files with 18 additions and 0 deletions
--- a/playbooks/roles/os_keystone/tasks/keystone_ldap_setup.yml
+++ b/playbooks/roles/os_keystone/tasks/keystone_ldap_setup.yml
@ -39,3 +39,15 @@
  tags:
    - keystone-ldap-domain-config

+# Bug 1547542 - Older versions of the keystone role would deploy a blank
+# keystone.Default.conf and this will cause errors when adding LDAP-backed
+# domains.
+- name: Remove Keystone Default domain configuration file if not needed
+  file:
+    path: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf"
+    state: absent
+  when: keystone_ldap.Default is not defined
+  notify:
+    - Restart Apache
+  tags:
+    - keystone-ldap-domain-config
--- a/releasenotes/notes/keystone-remove-default-domain-file-03c6908cd23427dc.yaml
+++ b/releasenotes/notes/keystone-remove-default-domain-file-03c6908cd23427dc.yaml
@ -0,0 +1,6 @@
+fixes:
+  - The addition of multi-domain LDAP configuration support left behind a
+    configuration file for the default domain that causes problems with
+    Keystone. This file will automatically be removed if the deployer is not
+    using the Default domain with an LDAP back end.
+    (`Bug 1547542 <https://bugs.launchpad.net/openstack-ansible/+bug/1547542>`_)