From a5e402f1e829be553e79f43ee32b2bc9ba189b12 Mon Sep 17 00:00:00 2001 From: "Dave Walker (Daviey)" Date: Thu, 7 Jul 2016 14:36:42 +0100 Subject: [PATCH] Support Keystone Domain specific files Currently, it is not possible to make use of Keystone Domain specific settings. Such as different domains using different LDAP servers or SQL. To enable for example domain ACME - domain settings would be put into: {{ node_custom_config }}keystone/domains/keystone.ACME.conf Change-Id: I23620978c618dd4a3598d7cb74c3e9cf8c2394ac Closes-Bug: #1599868 Signed-off-by: Dave Walker (Daviey) --- ansible/roles/keystone/tasks/config.yml | 20 +++++++++++++++++++ .../roles/keystone/templates/keystone.conf.j2 | 6 ++++++ .../roles/keystone/templates/keystone.json.j2 | 7 +++++++ .../notes/support-ldap-e678ce5b0a7eaedb.yaml | 4 ++++ 4 files changed, 37 insertions(+) create mode 100644 releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml index 0c55c7b6c1..e64a8d7df2 100644 --- a/ansible/roles/keystone/tasks/config.yml +++ b/ansible/roles/keystone/tasks/config.yml @@ -1,4 +1,8 @@ --- +- name: Check if Keystone Domain specific settings enabled + local_action: stat path="{{ node_custom_config }}/keystone/domains" + register: keystone_domain_cfg + - name: Ensuring config directories exist file: path: "{{ node_config_directory }}/{{ item }}" @@ -7,6 +11,15 @@ with_items: - "keystone" +- name: Creating Keystone Domain directory + file: + dest: "{{ node_config_directory }}/{{ item }}/domains/" + state: "directory" + when: + keystone_domain_cfg.stat.exists + with_items: + - "keystone" + - name: Copying over config.json files for services template: src: "{{ item }}.json.j2" @@ -29,6 +42,13 @@ with_items: - "keystone" +- name: Copying Keystone Domain specific settings + copy: + src: "{{ item }}" + dest: "{{ node_config_directory }}/keystone/domains/" + with_fileglob: + - "{{ node_custom_config }}/keystone/domains/*" + - name: Copying over wsgi-keystone.conf template: src: "wsgi-keystone.conf.j2" diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 index 512fa1dabe..f5c9054deb 100644 --- a/ansible/roles/keystone/templates/keystone.conf.j2 +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -10,6 +10,12 @@ secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }} max_retries = -1 +{% if keystone_domain_cfg.stat.exists %} +[identity] +domain_specific_drivers_enabled = true +domain_config_dir = /etc/keystone/domains +{% endif %} + [cache] backend = oslo_cache.memcache_pool enabled = True diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2 index b5ecc3db8e..21cc9559ec 100644 --- a/ansible/roles/keystone/templates/keystone.json.j2 +++ b/ansible/roles/keystone/templates/keystone.json.j2 @@ -9,6 +9,13 @@ "owner": "keystone", "perm": "0600" }, + { + "source": "{{ container_config_directory }}/domains", + "dest": "/etc/keystone/domains", + "owner": "keystone", + "perm": "0600", + "optional": true + }, { "source": "{{ container_config_directory }}/wsgi-keystone.conf", "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf", diff --git a/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml b/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml new file mode 100644 index 0000000000..997dc06f24 --- /dev/null +++ b/releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml @@ -0,0 +1,4 @@ +--- +features: + - LDAP & AD support has been added to the base images, and support + for Keystone multidomains config files.