Last active
August 29, 2015 14:20
-
-
Save cloudnull/c648a126d2b474af2cea to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/playbooks/roles/os_keystone/defaults/main.yml b/playbooks/roles/os_keystone/defaults/main.yml | |
| index 2af0baa..882383b 100644 | |
| --- a/playbooks/roles/os_keystone/defaults/main.yml | |
| +++ b/playbooks/roles/os_keystone/defaults/main.yml | |
| @@ -134,6 +134,9 @@ keystone_ssl_cipher_suite: "{{ ssl_cipher_suite }}" | |
| # password: "secrete" | |
| # ... | |
| +keystone_ldap_identity_driver: keystone.identity.backends.ldap.Identity | |
| +keystone_ldap_domain_config_dir: /etc/keystone/domains | |
| + | |
| ## Policy vars | |
| # Provide a list of access controls to update the default policy.json with. These changes will be merged | |
| # with the access controls in the default policy.json. E.g. | |
| diff --git a/playbooks/roles/os_keystone/tasks/keystone_post_install.yml b/playbooks/roles/os_keystone/tasks/keystone_post_install.yml | |
| index f25e0ef..09d07fa 100644 | |
| --- a/playbooks/roles/os_keystone/tasks/keystone_post_install.yml | |
| +++ b/playbooks/roles/os_keystone/tasks/keystone_post_install.yml | |
| @@ -21,6 +21,7 @@ | |
| group: "{{ keystone_system_group_name }}" | |
| with_items: | |
| - { src: "keystone.conf.j2", dest: "/etc/keystone/keystone.conf" } | |
| + - { src: "keystone.Default.conf.j2", dest: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf" } | |
| notify: | |
| - Restart Apache | |
| tags: | |
| diff --git a/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml b/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml | |
| index 9c27804..d03248e 100644 | |
| --- a/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml | |
| +++ b/playbooks/roles/os_keystone/tasks/keystone_pre_install.yml | |
| @@ -41,6 +41,7 @@ | |
| group: "{{ item.group|default(keystone_system_group_name) }}" | |
| with_items: | |
| - { path: "/etc/keystone" } | |
| + - { path: "{{ keystone_ldap_domain_config_dir }}" } | |
| - { path: "/etc/keystone/ssl" } | |
| - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } | |
| - { path: "{{ keystone_system_user_home }}" } | |
| diff --git a/playbooks/roles/os_keystone/templates/keystone.conf.j2 b/playbooks/roles/os_keystone/templates/keystone.conf.j2 | |
| index 065e28e..520e890 100644 | |
| --- a/playbooks/roles/os_keystone/templates/keystone.conf.j2 | |
| +++ b/playbooks/roles/os_keystone/templates/keystone.conf.j2 | |
| @@ -56,6 +56,10 @@ pool_timeout = {{ keystone_database_pool_timeout }} | |
| [identity] | |
| driver = {{ keystone_identity_driver }} | |
| +{% if keystone_ldap is defined %} | |
| +domain_config_dir = {{ keystone_ldap_domain_config_dir }} | |
| +domain_specific_drivers_enabled = True | |
| +{% endif %} | |
| [assignment] | |
| @@ -68,16 +72,6 @@ caching = true | |
| driver = {{ keystone_resource_driver }} | |
| -{% if keystone_ldap is defined %} | |
| -{% for section in keystone_ldap|dictsort %} | |
| -[{{ section.0 }}] | |
| -{% for key, value in section.1.items() %} | |
| -{{ key }} = {{ value }} | |
| -{% endfor %} | |
| -{% endfor %} | |
| -{% endif %} | |
| - | |
| - | |
| [token] | |
| enforce_token_bind = permissive | |
| expiration = {{ keystone_token_expiration }} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
keystone.conf:
[identity]
driver = keystone.identity.backends.sql.Identity
domain_specific_drivers_enabled = True
domain_config_dir = /etc/keystone/domains
/etc/keystone/domainskeystone.Default.conf
[identity]
driver = keystone.identity.backends.ldap.Identity
[ldap]