Ansible 2.x - Address deprecation warning of bare variables
Ansible 2.2 will not allow "bare" variable references in with_* loops. See https://docs.ansible.com/ansible/porting_guide_2.0.html#deprecated for details. Change-Id: I0e14d913a069fa25b90cfd8daf922ae093056203
This commit is contained in:
parent
86a545d7c5
commit
d208029342
|
@ -227,6 +227,7 @@ keystone_recreate_keys: False
|
||||||
## Federation
|
## Federation
|
||||||
|
|
||||||
# Enable the following section on the Keystone IdP
|
# Enable the following section on the Keystone IdP
|
||||||
|
keystone_idp: {}
|
||||||
#keystone_idp:
|
#keystone_idp:
|
||||||
# certfile: "/etc/keystone/ssl/idp_signing_cert.pem"
|
# certfile: "/etc/keystone/ssl/idp_signing_cert.pem"
|
||||||
# keyfile: "/etc/keystone/ssl/idp_signing_key.pem"
|
# keyfile: "/etc/keystone/ssl/idp_signing_key.pem"
|
||||||
|
@ -253,6 +254,7 @@ keystone_recreate_keys: False
|
||||||
# Enable the following section in order to install and configure
|
# Enable the following section in order to install and configure
|
||||||
# Keystone as a Resource Service Provider (SP) and to configure
|
# Keystone as a Resource Service Provider (SP) and to configure
|
||||||
# trusts with specific Identity Providers (IdP).
|
# trusts with specific Identity Providers (IdP).
|
||||||
|
keystone_sp: {}
|
||||||
#keystone_sp:
|
#keystone_sp:
|
||||||
# cert_duration_years: 5
|
# cert_duration_years: 5
|
||||||
# trusted_dashboard_list:
|
# trusted_dashboard_list:
|
||||||
|
|
|
@ -74,7 +74,7 @@
|
||||||
- name: Enable/disable mod_shib2 for apache2
|
- name: Enable/disable mod_shib2 for apache2
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: shib2
|
name: shib2
|
||||||
state: "{{ ( keystone_sp is defined ) | ternary('present', 'absent') }}"
|
state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
|
||||||
ignore_errors: yes
|
ignore_errors: yes
|
||||||
notify:
|
notify:
|
||||||
- Restart Apache
|
- Restart Apache
|
||||||
|
|
|
@ -32,7 +32,7 @@
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
when: item.domain is defined
|
when: item.domain is defined
|
||||||
with_items: keystone_federated_identities
|
with_items: "{{ keystone_federated_identities | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure project which remote IDP users are mapped onto exists
|
- name: Ensure project which remote IDP users are mapped onto exists
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
when: item.project is defined
|
when: item.project is defined
|
||||||
with_items: keystone_federated_identities
|
with_items: "{{ keystone_federated_identities | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure user which remote IDP users are mapped onto exists
|
- name: Ensure user which remote IDP users are mapped onto exists
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -63,7 +63,7 @@
|
||||||
item.user is defined and
|
item.user is defined and
|
||||||
item.password is defined and
|
item.password is defined and
|
||||||
item.project is defined
|
item.project is defined
|
||||||
with_items: keystone_federated_identities
|
with_items: "{{ keystone_federated_identities | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure Group for external IDP users exists
|
- name: Ensure Group for external IDP users exists
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -76,7 +76,7 @@
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
when: item.group is defined
|
when: item.group is defined
|
||||||
with_items: keystone_federated_identities
|
with_items: "{{ keystone_federated_identities | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure Role for external IDP users exists
|
- name: Ensure Role for external IDP users exists
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -90,7 +90,7 @@
|
||||||
when: >
|
when: >
|
||||||
item.group is defined and
|
item.group is defined and
|
||||||
item.project is defined
|
item.project is defined
|
||||||
with_items: keystone_federated_identities
|
with_items: "{{ keystone_federated_identities | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure Group/Project/Role mapping exists
|
- name: Ensure Group/Project/Role mapping exists
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -106,7 +106,7 @@
|
||||||
when: >
|
when: >
|
||||||
item.group is defined and
|
item.group is defined and
|
||||||
item.project is defined
|
item.project is defined
|
||||||
with_items: keystone_federated_identities
|
with_items: "{{ keystone_federated_identities | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure mapping for external IDP attributes exists
|
- name: Ensure mapping for external IDP attributes exists
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -119,7 +119,7 @@
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
when: item.protocol.mapping.name is defined
|
when: item.protocol.mapping.name is defined
|
||||||
with_items: keystone_federated_protocols
|
with_items: "{{ keystone_federated_protocols | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure external IDP
|
- name: Ensure external IDP
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -133,7 +133,7 @@
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
when: item.name is defined
|
when: item.name is defined
|
||||||
with_items: keystone_sp.trusted_idp_list
|
with_items: "{{ keystone_sp.trusted_idp_list | default([]) }}"
|
||||||
|
|
||||||
- name: Ensure federation protocol exists
|
- name: Ensure federation protocol exists
|
||||||
keystone:
|
keystone:
|
||||||
|
@ -147,4 +147,4 @@
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
when: item.protocol.name is defined
|
when: item.protocol.name is defined
|
||||||
with_items: keystone_federated_protocols
|
with_items: "{{ keystone_federated_protocols | default([]) }}"
|
||||||
|
|
|
@ -22,4 +22,4 @@
|
||||||
{{ keystone_system_user_name }}@{{ hostvars[item]['ansible_ssh_host'] }}:{{ keystone_fernet_tokens_key_repository }}/
|
{{ keystone_system_user_name }}@{{ hostvars[item]['ansible_ssh_host'] }}:{{ keystone_fernet_tokens_key_repository }}/
|
||||||
become: yes
|
become: yes
|
||||||
become_user: "{{ keystone_system_user_name }}"
|
become_user: "{{ keystone_system_user_name }}"
|
||||||
with_items: groups['keystone_all'][1:]
|
with_items: "{{ groups['keystone_all'][1:] }}"
|
||||||
|
|
|
@ -18,6 +18,6 @@
|
||||||
{{ keystone_bin }}/keystone-manage saml_idp_metadata > {{ keystone_idp.idp_metadata_path }}
|
{{ keystone_bin }}/keystone-manage saml_idp_metadata > {{ keystone_idp.idp_metadata_path }}
|
||||||
become: yes
|
become: yes
|
||||||
become_user: "{{ keystone_system_user_name }}"
|
become_user: "{{ keystone_system_user_name }}"
|
||||||
when: keystone_idp is defined
|
when: keystone_idp != {}
|
||||||
notify:
|
notify:
|
||||||
- Restart Apache
|
- Restart Apache
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
sp_name: "{{ item.id }}"
|
sp_name: "{{ item.id }}"
|
||||||
sp_url: "{{ item.sp_url }}"
|
sp_url: "{{ item.sp_url }}"
|
||||||
sp_auth_url: "{{ item.auth_url }}"
|
sp_auth_url: "{{ item.auth_url }}"
|
||||||
with_items: keystone_idp.service_providers
|
with_items: "{{ keystone_idp.service_providers | default([]) }}"
|
||||||
register: add_service_providers
|
register: add_service_providers
|
||||||
until: add_service_providers|success
|
until: add_service_providers|success
|
||||||
retries: 5
|
retries: 5
|
||||||
|
|
|
@ -58,7 +58,7 @@
|
||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: keystone_requires_pip_packages
|
with_items: "{{ keystone_requires_pip_packages }}"
|
||||||
|
|
||||||
- name: Get local venv checksum
|
- name: Get local venv checksum
|
||||||
stat:
|
stat:
|
||||||
|
@ -134,7 +134,7 @@
|
||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: keystone_pip_packages
|
with_items: "{{ keystone_pip_packages }}"
|
||||||
when:
|
when:
|
||||||
- keystone_get_venv | failed or keystone_developer_mode | bool
|
- keystone_get_venv | failed or keystone_developer_mode | bool
|
||||||
notify:
|
notify:
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: keystone_apt_packages
|
with_items: "{{ keystone_apt_packages }}"
|
||||||
|
|
||||||
- name: Install IdP apt packages
|
- name: Install IdP apt packages
|
||||||
apt:
|
apt:
|
||||||
|
@ -40,8 +40,8 @@
|
||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: keystone_idp_apt_packages
|
with_items: "{{ keystone_idp_apt_packages }}"
|
||||||
when: keystone_idp is defined
|
when: keystone_idp != {}
|
||||||
|
|
||||||
- name: Install SP apt packages
|
- name: Install SP apt packages
|
||||||
apt:
|
apt:
|
||||||
|
@ -51,8 +51,8 @@
|
||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: keystone_sp_apt_packages
|
with_items: "{{ keystone_sp_apt_packages }}"
|
||||||
when: keystone_sp is defined
|
when: keystone_sp != {}
|
||||||
|
|
||||||
- name: Install developer mode apt packages
|
- name: Install developer mode apt packages
|
||||||
apt:
|
apt:
|
||||||
|
@ -62,6 +62,6 @@
|
||||||
until: install_packages|success
|
until: install_packages|success
|
||||||
retries: 5
|
retries: 5
|
||||||
delay: 2
|
delay: 2
|
||||||
with_items: keystone_developer_apt_packages
|
with_items: "{{ keystone_developer_apt_packages }}"
|
||||||
when:
|
when:
|
||||||
- keystone_developer_mode | bool
|
- keystone_developer_mode | bool
|
||||||
|
|
|
@ -17,5 +17,5 @@
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "{{ keystone_system_user_name }}"
|
user: "{{ keystone_system_user_name }}"
|
||||||
key: "{{ hostvars[item]['keystone_pubkey'] | b64decode }}"
|
key: "{{ hostvars[item]['keystone_pubkey'] | b64decode }}"
|
||||||
with_items: groups['keystone_all']
|
with_items: "{{ groups['keystone_all'] }}"
|
||||||
when: hostvars[item]['keystone_pubkey'] is defined
|
when: hostvars[item]['keystone_pubkey'] is defined
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||||
endpoint: "{{ keystone_service_adminurl }}"
|
endpoint: "{{ keystone_service_adminurl }}"
|
||||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||||
with_dict: keystone_ldap
|
with_dict: "{{ keystone_ldap }}"
|
||||||
run_once: true
|
run_once: true
|
||||||
|
|
||||||
- name: Create Keystone LDAP domain configs
|
- name: Create Keystone LDAP domain configs
|
||||||
|
@ -33,7 +33,7 @@
|
||||||
owner: "{{ keystone_system_user_name }}"
|
owner: "{{ keystone_system_user_name }}"
|
||||||
group: "{{ keystone_system_group_name }}"
|
group: "{{ keystone_system_group_name }}"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
with_dict: keystone_ldap
|
with_dict: "{{ keystone_ldap }}"
|
||||||
notify:
|
notify:
|
||||||
- Restart Apache
|
- Restart Apache
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: "present"
|
state: "present"
|
||||||
system: "yes"
|
system: "yes"
|
||||||
with_items: keystone_system_additional_groups
|
with_items: "{{ keystone_system_additional_groups }}"
|
||||||
|
|
||||||
- name: Remove old key file(s) if found
|
- name: Remove old key file(s) if found
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
fail:
|
fail:
|
||||||
msg: "Please set the {{ item }} variable prior to applying this role."
|
msg: "Please set the {{ item }} variable prior to applying this role."
|
||||||
when: (item is undefined) or (item is none)
|
when: (item is undefined) or (item is none)
|
||||||
with_items: keystone_required_secrets
|
with_items: "{{ keystone_required_secrets }}"
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@
|
||||||
- keystone-install
|
- keystone-install
|
||||||
- keystone-config
|
- keystone-config
|
||||||
when:
|
when:
|
||||||
- keystone_sp is defined
|
- keystone_sp != {}
|
||||||
|
|
||||||
- include: keystone_db_setup.yml
|
- include: keystone_db_setup.yml
|
||||||
tags:
|
tags:
|
||||||
|
@ -108,7 +108,7 @@
|
||||||
- keystone-config
|
- keystone-config
|
||||||
when:
|
when:
|
||||||
- keystone_service_setup | bool
|
- keystone_service_setup | bool
|
||||||
- keystone_sp is defined
|
- keystone_sp != {}
|
||||||
- inventory_hostname == groups['keystone_all'][0]
|
- inventory_hostname == groups['keystone_all'][0]
|
||||||
|
|
||||||
- name: Flush handlers
|
- name: Flush handlers
|
||||||
|
@ -119,4 +119,4 @@
|
||||||
- keystone-install
|
- keystone-install
|
||||||
- keystone-config
|
- keystone-config
|
||||||
when:
|
when:
|
||||||
- keystone_idp is defined
|
- keystone_idp != {}
|
||||||
|
|
|
@ -31,7 +31,7 @@
|
||||||
SSLOptions +StdEnvVars +ExportCertData
|
SSLOptions +StdEnvVars +ExportCertData
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if keystone_sp is defined -%}
|
{% if keystone_sp != {} -%}
|
||||||
ShibURLScheme {{ keystone_service_publicuri_proto }}
|
ShibURLScheme {{ keystone_service_publicuri_proto }}
|
||||||
|
|
||||||
<Location /Shibboleth.sso>
|
<Location /Shibboleth.sso>
|
||||||
|
|
|
@ -45,7 +45,7 @@ cache_time = {{ keystone_revocation_cache_time }}
|
||||||
|
|
||||||
|
|
||||||
[auth]
|
[auth]
|
||||||
{% if keystone_sp is defined %}
|
{% if keystone_sp != {} %}
|
||||||
methods = {{ keystone_auth_methods }},saml2
|
methods = {{ keystone_auth_methods }},saml2
|
||||||
saml2 = keystone.auth.plugins.mapped.Mapped
|
saml2 = keystone.auth.plugins.mapped.Mapped
|
||||||
{% else %}
|
{% else %}
|
||||||
|
@ -106,7 +106,7 @@ driver = {{ keystone_token_driver }}
|
||||||
[catalog]
|
[catalog]
|
||||||
caching = false
|
caching = false
|
||||||
|
|
||||||
{% if keystone_idp is defined %}
|
{% if keystone_idp != {} %}
|
||||||
[saml]
|
[saml]
|
||||||
certfile = "{{ keystone_idp.certfile }}"
|
certfile = "{{ keystone_idp.certfile }}"
|
||||||
keyfile = "{{ keystone_idp.keyfile }}"
|
keyfile = "{{ keystone_idp.keyfile }}"
|
||||||
|
@ -157,7 +157,7 @@ rabbit_hosts = {{ keystone_rabbitmq_servers }}
|
||||||
rabbit_use_ssl = {{ keystone_rabbitmq_use_ssl }}
|
rabbit_use_ssl = {{ keystone_rabbitmq_use_ssl }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if keystone_sp is defined %}
|
{% if keystone_sp != {} %}
|
||||||
[federation]
|
[federation]
|
||||||
remote_id_attribute = Shib-Identity-Provider
|
remote_id_attribute = Shib-Identity-Provider
|
||||||
{% if keystone_sp.trusted_dashboard_list is defined %}
|
{% if keystone_sp.trusted_dashboard_list is defined %}
|
||||||
|
|
Loading…
Reference in New Issue