summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xdeploy/adapters/ansible/roles/apache/tasks/main.yml2
-rwxr-xr-xdeploy/adapters/ansible/roles/keystone/handlers/main.yml12
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml55
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j246
-rw-r--r--deploy/adapters/ansible/roles/keystone/vars/Debian.yml4
-rw-r--r--deploy/adapters/ansible/roles/keystone/vars/RedHat.yml4
6 files changed, 115 insertions, 8 deletions
diff --git a/deploy/adapters/ansible/roles/apache/tasks/main.yml b/deploy/adapters/ansible/roles/apache/tasks/main.yml
index 11e49c0b..7053229a 100755
--- a/deploy/adapters/ansible/roles/apache/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/apache/tasks/main.yml
@@ -18,7 +18,7 @@
dest: '{{ apache_config_dir }}/ports.conf'
src: ports.conf.j2
notify:
- - restart dashboard services
+ - restart apache related services
- name: remove default listen port on centos
lineinfile:
diff --git a/deploy/adapters/ansible/roles/keystone/handlers/main.yml b/deploy/adapters/ansible/roles/keystone/handlers/main.yml
new file mode 100755
index 00000000..608a8a09
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/handlers/main.yml
@@ -0,0 +1,12 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: restart keystone services
+ service: name={{ item }} state=restarted enabled=yes
+ with_items: services | union(services_noarch)
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
index 0c4eccc3..78732496 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -9,19 +9,66 @@
---
- include_vars: "{{ ansible_os_family }}.yml"
+- name: disable auto start
+ copy:
+ content: "#!/bin/sh\nexit 101"
+ dest: "/usr/sbin/policy-rc.d"
+ mode: 0755
+ when: ansible_os_family == "Debian"
+
- name: install keystone packages
action: "{{ ansible_pkg_mgr }} name={{ item }} state=present"
with_items: packages | union(packages_noarch)
+- name: enable auto start
+ file:
+ path=/usr/sbin/policy-rc.d
+ state=absent
+ when: ansible_os_family == "Debian"
+
- name: generate keystone service list
lineinfile: dest=/opt/service create=yes line='{{ item }}'
with_items: services | union(services_noarch)
+- name: delete sqlite database
+ file:
+ path: /var/lib/keystone/keystone.db
+ state: absent
+
- name: update keystone conf
template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes
+ notify:
+ - restart keystone services
-- name: delete sqlite database
- shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed
+- name: assure listen port exist
+ lineinfile:
+ dest: '{{ apache_config_dir }}/ports.conf'
+ regexp: '{{ item.regexp }}'
+ line: '{{ item.line}}'
+ with_items:
+ - regexp: "^Listen {{ internal_ip }}:5000"
+ line: "Listen {{ internal_ip }}:5000"
+ - regexp: "^Listen {{ internal_ip }}:35357"
+ line: "Listen {{ internal_ip }}:35357"
+ notify:
+ - restart keystone services
+
+- name: update apache2 configs
+ template:
+ src: wsgi-keystone.conf.j2
+ dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
+
+- name: enable keystone server
+ file:
+ src: "/etc/apache2/sites-available/wsgi-keystone.conf"
+ dest: "/etc/apache2/sites-enabled/wsgi-keystone.conf"
+ state: "link"
+ when: ansible_os_family == 'Debian'
+ notify:
+ - restart keystone services
- name: keystone source files
template: src={{ item }} dest=/opt/{{ item }}
@@ -29,6 +76,4 @@
- admin-openrc.sh
- demo-openrc.sh
-- name: restart keystone services
- service: name={{ item }} state=restarted enabled=yes
- with_items: services | union(services_noarch)
+- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
new file mode 100644
index 00000000..ff7526a8
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -0,0 +1,46 @@
+ {% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+<VirtualHost {{ internal_ip }}:5000>
+ WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-public
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-public
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/apache2/keystone.log
+ CustomLog /var/log/apache2/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
+
+<VirtualHost {{ internal_ip }}:35357>
+ WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIProcessGroup keystone-admin
+ WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
+ WSGIApplicationGroup %{GLOBAL}
+ WSGIPassAuthorization On
+ <IfVersion >= 2.4>
+ ErrorLogFormat "%{cu}t %M"
+ </IfVersion>
+ ErrorLog /var/log/apache2/keystone.log
+ CustomLog /var/log/apache2/keystone_access.log combined
+
+ <Directory /usr/bin>
+ <IfVersion >= 2.4>
+ Require all granted
+ </IfVersion>
+ <IfVersion < 2.4>
+ Order allow,deny
+ Allow from all
+ </IfVersion>
+ </Directory>
+</VirtualHost>
diff --git a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
index 0f5f620d..ea7cd9d0 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
@@ -14,4 +14,6 @@ packages:
- keystone
services:
- - keystone
+ - apache2
+
+apache_config_dir: /etc/apache2
diff --git a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml b/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml
index 99006037..1785ed5b 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml
@@ -13,4 +13,6 @@ packages:
- openstack-keystone
services:
- - openstack-keystone
+ - httpd
+
+apache_config_dir: /etc/httpd/conf.d