---
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

keystone_distro_packages:
  - debhelper
  - dh-apparmor
  - docutils-common
  - git
  - libffi-dev
  - libjs-sphinxdoc
  - libjs-underscore
  - libldap2-dev
  - libsasl2-dev
  - libxslt1.1
  - libxslt1-dev
  - libxml2-dev
  - python-dev
  - rsync

keystone_apache_distro_packages:
  - apache2
  - apache2-utils
  - libapache2-mod-proxy-uwsgi

# TODO(odyssey4me):
# We can remove this in R because we only need this to
# handle upgrades from O->P in order to remove the
# package when switching to the new configuration.
keystone_mod_wsgi_distro_packages:
  - libapache2-mod-wsgi

keystone_nginx_distro_packages:
  - nginx-full

keystone_idp_distro_packages:
  - ssl-cert
  - xmlsec1

keystone_sp_distro_packages:
  - libapache2-mod-shib2

keystone_developer_mode_distro_packages:
  - build-essential

keystone_apache_default_sites:
  - "/etc/apache2/sites-enabled/000-default.conf"

keystone_apache_site_available: "/etc/apache2/sites-available/keystone-httpd.conf"
keystone_apache_site_enabled: "/etc/apache2/sites-enabled/keystone-httpd.conf"
keystone_apache_conf: "/etc/apache2/apache2.conf"
keystone_apache_default_log_folder: "/var/log/apache2"
keystone_apache_default_log_owner: "root"
keystone_apache_default_log_grp: "adm"
keystone_apache_security_conf: "/etc/apache2/conf-available/security.conf"

keystone_apache_configs:
  - { src: "keystone-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
  - { src: "keystone-httpd.conf.j2", dest: "/etc/apache2/sites-available/keystone-httpd.conf" }
  - { src: "keystone-httpd-mpm.conf.j2", dest: "/etc/apache2/mods-available/mpm_{{ keystone_httpd_mpm_backend }}.conf" }

keystone_apache_modules:
  - name: "ssl"
    state: "{{ (keystone_ssl | bool) | ternary('present', 'absent') }}"
  - name: "shib2"
    state: "{{ ( keystone_sp != {} ) | ternary('present', 'absent') }}"
  - name: "proxy_http"
    state: "present"
  - name: "headers"
    state: "present"

keystone_nginx_conf_path: "sites-available"

keystone_system_service_name: apache2