diff options
6 files changed, 115 insertions, 8 deletions
diff --git a/deploy/adapters/ansible/roles/apache/tasks/main.yml b/deploy/adapters/ansible/roles/apache/tasks/main.yml index 11e49c0b..7053229a 100755 --- a/deploy/adapters/ansible/roles/apache/tasks/main.yml +++ b/deploy/adapters/ansible/roles/apache/tasks/main.yml @@ -18,7 +18,7 @@ dest: '{{ apache_config_dir }}/ports.conf' src: ports.conf.j2 notify: - - restart dashboard services + - restart apache related services - name: remove default listen port on centos lineinfile: diff --git a/deploy/adapters/ansible/roles/keystone/handlers/main.yml b/deploy/adapters/ansible/roles/keystone/handlers/main.yml new file mode 100755 index 00000000..608a8a09 --- /dev/null +++ b/deploy/adapters/ansible/roles/keystone/handlers/main.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +- name: restart keystone services + service: name={{ item }} state=restarted enabled=yes + with_items: services | union(services_noarch) diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml index 0c4eccc3..78732496 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml @@ -9,19 +9,66 @@ --- - include_vars: "{{ ansible_os_family }}.yml" +- name: disable auto start + copy: + content: "#!/bin/sh\nexit 101" + dest: "/usr/sbin/policy-rc.d" + mode: 0755 + when: ansible_os_family == "Debian" + - name: install keystone packages action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" with_items: packages | union(packages_noarch) +- name: enable auto start + file: + path=/usr/sbin/policy-rc.d + state=absent + when: ansible_os_family == "Debian" + - name: generate keystone service list lineinfile: dest=/opt/service create=yes line='{{ item }}' with_items: services | union(services_noarch) +- name: delete sqlite database + file: + path: /var/lib/keystone/keystone.db + state: absent + - name: update keystone conf template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes + notify: + - restart keystone services -- name: delete sqlite database - shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed +- name: assure listen port exist + lineinfile: + dest: '{{ apache_config_dir }}/ports.conf' + regexp: '{{ item.regexp }}' + line: '{{ item.line}}' + with_items: + - regexp: "^Listen {{ internal_ip }}:5000" + line: "Listen {{ internal_ip }}:5000" + - regexp: "^Listen {{ internal_ip }}:35357" + line: "Listen {{ internal_ip }}:35357" + notify: + - restart keystone services + +- name: update apache2 configs + template: + src: wsgi-keystone.conf.j2 + dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf' + when: ansible_os_family == 'Debian' + notify: + - restart keystone services + +- name: enable keystone server + file: + src: "/etc/apache2/sites-available/wsgi-keystone.conf" + dest: "/etc/apache2/sites-enabled/wsgi-keystone.conf" + state: "link" + when: ansible_os_family == 'Debian' + notify: + - restart keystone services - name: keystone source files template: src={{ item }} dest=/opt/{{ item }} @@ -29,6 +76,4 @@ - admin-openrc.sh - demo-openrc.sh -- name: restart keystone services - service: name={{ item }} state=restarted enabled=yes - with_items: services | union(services_noarch) +- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 new file mode 100644 index 00000000..ff7526a8 --- /dev/null +++ b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -0,0 +1,46 @@ + {% set work_threads = (ansible_processor_vcpus + 1) // 2 %} +<VirtualHost {{ internal_ip }}:5000> + WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-public + WSGIScriptAlias / /usr/bin/keystone-wsgi-public + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/apache2/keystone.log + CustomLog /var/log/apache2/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> + +<VirtualHost {{ internal_ip }}:35357> + WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP} + WSGIProcessGroup keystone-admin + WSGIScriptAlias / /usr/bin/keystone-wsgi-admin + WSGIApplicationGroup %{GLOBAL} + WSGIPassAuthorization On + <IfVersion >= 2.4> + ErrorLogFormat "%{cu}t %M" + </IfVersion> + ErrorLog /var/log/apache2/keystone.log + CustomLog /var/log/apache2/keystone_access.log combined + + <Directory /usr/bin> + <IfVersion >= 2.4> + Require all granted + </IfVersion> + <IfVersion < 2.4> + Order allow,deny + Allow from all + </IfVersion> + </Directory> +</VirtualHost> diff --git a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml index 0f5f620d..ea7cd9d0 100644 --- a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml +++ b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml @@ -14,4 +14,6 @@ packages: - keystone services: - - keystone + - apache2 + +apache_config_dir: /etc/apache2 diff --git a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml b/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml index 99006037..1785ed5b 100644 --- a/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml +++ b/deploy/adapters/ansible/roles/keystone/vars/RedHat.yml @@ -13,4 +13,6 @@ packages: - openstack-keystone services: - - openstack-keystone + - httpd + +apache_config_dir: /etc/httpd/conf.d |