diff --git a/handlers/main.yml b/handlers/main.yml index afdceae8..2a441bde 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Restart web server - service: + ansible.builtin.service: name: "{{ keystone_system_service_name }}" enabled: true state: restarted @@ -27,7 +27,7 @@ - "venv changed" - name: Wait for web server to complete starting - wait_for: + ansible.builtin.wait_for: host: "{{ keystone_web_server_bind_address }}" port: "{{ item }}" timeout: 25 @@ -42,7 +42,7 @@ - "Restart web server" - name: Stop uWSGI - service: + ansible.builtin.service: name: "{{ item }}" state: "stopped" daemon_reload: "{{ (ansible_facts['service_mgr'] == 'systemd') | ternary('yes', omit) }}" @@ -56,7 +56,7 @@ - "Restart uWSGI" - name: Start uWSGI - service: + ansible.builtin.service: name: "{{ item }}" enabled: true state: "started" @@ -71,7 +71,7 @@ - "Restart uWSGI" - name: Wait for uWSGI socket to be ready - wait_for: + ansible.builtin.wait_for: host: "{{ (keystone_use_uwsgi | bool) | ternary(keystone_uwsgi_bind_address, '127.0.0.1') }}" port: "{{ (keystone_use_uwsgi | bool) | ternary(keystone_service_port, keystone_uwsgi_ports['keystone-wsgi-public']['socket']) }}" timeout: 25 @@ -84,7 +84,7 @@ - "Restart uWSGI" - name: Restart Shibd - service: + ansible.builtin.service: name: "shibd" enabled: true state: "restarted" @@ -95,7 +95,7 @@ delay: 2 - name: Restart ssh - service: + ansible.builtin.service: name: "{{ keystone_sshd }}" state: "restarted" @@ -104,7 +104,7 @@ nc_command: debian: nc -q 1 $(awk '/^\-l/ {print $2}' "/etc/memcached.conf" | awk -F, '{print $1}') $(awk '/^\-p/ {print $2}' "/etc/memcached.conf") redhat: nc $(awk -F '-l' '/^OPTIONS/ {print $2}' "/etc/sysconfig/memcached" | awk -F ',' '{gsub(/"/, "", $1); print $1}' | awk -F '-' '{print $1}') 11211 - shell: "echo 'flush_all' | {{ nc_command.get(ansible_facts['os_family'] | lower) }}" + ansible.builtin.shell: "echo 'flush_all' | {{ nc_command.get(ansible_facts['os_family'] | lower) }}" changed_when: false delegate_to: "{{ item }}" with_items: "{{ groups.memcached_all }}" diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml index 5e5ed278..18027aff 100644 --- a/tasks/keystone_apache.yml +++ b/tasks/keystone_apache.yml @@ -14,19 +14,19 @@ # limitations under the License. - name: Create apache nogroup group - group: + ansible.builtin.group: name: "nogroup" system: "yes" - name: Create apache nogroup user - user: + ansible.builtin.user: name: "nogroup" group: "nogroup" system: "yes" shell: "/bin/false" - name: Ensure apache log folder exists - file: + ansible.builtin.file: dest: "{{ keystone_apache_default_log_folder }}" state: directory owner: "{{ keystone_apache_default_log_owner }}" @@ -34,7 +34,7 @@ mode: "0755" - name: Ensure apache2 MPM for Debian/Ubuntu - apache2_module: + community.general.apache2_module: name: "{{ item.name }}" state: "{{ item.state }}" warn_mpm_absent: false @@ -44,7 +44,7 @@ notify: Restart web server - name: Ensure apache2 MPM for EL - copy: + ansible.builtin.copy: content: | LoadModule mpm_{{ keystone_httpd_mpm_backend }}_module modules/mod_mpm_{{ keystone_httpd_mpm_backend }}.so @@ -57,7 +57,7 @@ ## NOTE(cloudnull): ## Module enable/disable process is only functional on Debian - name: Enable apache2 modules - apache2_module: + community.general.apache2_module: name: "{{ item.name }}" state: "{{ item.state }}" with_items: "{{ keystone_apache_modules }}" @@ -68,7 +68,7 @@ - Restart web server - name: Place apache2 config files - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "root" @@ -81,7 +81,7 @@ ## NOTE(cloudnull): ## Module enable/disable process is only functional on Debian - name: Disable apache2 modules - apache2_module: + community.general.apache2_module: name: "{{ item.name }}" state: "{{ item.state }}" with_items: "{{ keystone_apache_modules }}" @@ -94,7 +94,7 @@ ## NOTE(andymccr): ## We need to enable a module for httpd on RedHat/CentOS using LoadModule inside conf files - name: Enable/disable proxy_uwsgi_module - lineinfile: + ansible.builtin.lineinfile: dest: "/etc/httpd/conf.modules.d/00-proxy.conf" line: "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so" state: "present" @@ -104,7 +104,7 @@ - Restart web server - name: Disable default apache site - file: + ansible.builtin.file: path: "{{ item }}" state: "absent" with_items: "{{ keystone_apache_default_sites }}" @@ -112,7 +112,7 @@ - Restart web server - name: Enabled keystone vhost - file: + ansible.builtin.file: src: "{{ keystone_apache_site_available }}" dest: "{{ keystone_apache_site_enabled }}" state: "link" @@ -123,14 +123,14 @@ - Restart web server - name: Ensure Apache ServerName - lineinfile: + ansible.builtin.lineinfile: dest: "{{ keystone_apache_conf }}" line: "ServerName {{ ansible_facts['hostname'] }}" notify: - Restart web server - name: Ensure Apache ServerTokens - lineinfile: + ansible.builtin.lineinfile: dest: "{{ keystone_apache_security_conf }}" regexp: "^ServerTokens" line: "ServerTokens {{ keystone_apache_servertokens }}" @@ -138,7 +138,7 @@ - Restart web server - name: Ensure Apache ServerSignature - lineinfile: + ansible.builtin.lineinfile: dest: "{{ keystone_apache_security_conf }}" regexp: "^ServerSignature" line: "ServerSignature {{ keystone_apache_serversignature }}" @@ -146,7 +146,7 @@ - Restart web server - name: Remove Listen from Apache config - lineinfile: + ansible.builtin.lineinfile: dest: "{{ keystone_apache_conf }}" regexp: "^(Listen.*)" backrefs: true diff --git a/tasks/keystone_credential.yml b/tasks/keystone_credential.yml index 02d221c8..3e8ac491 100644 --- a/tasks/keystone_credential.yml +++ b/tasks/keystone_credential.yml @@ -14,12 +14,12 @@ # limitations under the License. - name: Including keystone_credential_create tasks - include_tasks: keystone_credential_create.yml + ansible.builtin.include_tasks: keystone_credential_create.yml when: _keystone_is_first_play_host - name: Including keystone_credential_distribute tasks - include_tasks: keystone_credential_distribute.yml + ansible.builtin.include_tasks: keystone_credential_distribute.yml when: _keystone_is_first_play_host - name: Including keystone_credential_autorotate tasks - include_tasks: keystone_credential_autorotate.yml + ansible.builtin.include_tasks: keystone_credential_autorotate.yml diff --git a/tasks/keystone_credential_autorotate.yml b/tasks/keystone_credential_autorotate.yml index ff500ee7..436ec76f 100644 --- a/tasks/keystone_credential_autorotate.yml +++ b/tasks/keystone_credential_autorotate.yml @@ -19,7 +19,7 @@ # execution and while the script may be world read/executable its contains only # the necessary bits that are required to run the rotate and sync commands. - name: Drop credential key auto rotate script - template: + ansible.builtin.template: src: "keystone-credential-rotate.sh.j2" dest: "{{ keystone_credential_auto_rotation_script }}" owner: "{{ keystone_system_user_name }}" @@ -28,7 +28,7 @@ # This creates the auto rotation job on the first keystone host. - name: Create auto rotation job - cron: + ansible.builtin.cron: name: "Credential auto rotate job" special_time: "{{ keystone_credential_rotation }}" user: "{{ keystone_system_user_name }}" @@ -38,7 +38,7 @@ # This makes sure that no auto rotation jobs are on any other hosts. - name: Remove extra auto rotation job - cron: + ansible.builtin.cron: name: "Credential auto rotate job" user: "{{ keystone_system_user_name }}" cron_file: keystone-credential-rotate diff --git a/tasks/keystone_credential_create.yml b/tasks/keystone_credential_create.yml index e29af619..563a61ed 100644 --- a/tasks/keystone_credential_create.yml +++ b/tasks/keystone_credential_create.yml @@ -14,12 +14,12 @@ # limitations under the License. - name: Check if credential keys already exist - stat: + ansible.builtin.stat: path: "{{ keystone_credential_key_repository }}/0" register: _credential_keys - name: Check for credential keys on all Keystone containers - find: + ansible.builtin.find: paths: "{{ keystone_credential_key_repository }}" patterns: "^[0-9]+$" use_regex: true @@ -29,7 +29,7 @@ with_items: "{{ groups['keystone_all'] }}" - name: Aggregate the collected file lists - set_fact: + ansible.builtin.set_fact: existing_credential_keys: >- {% set _var = [] -%} {% for result in credential_key_list.results -%} @@ -43,7 +43,7 @@ when: not credential_key_list is skipped - name: Collect the existing keys from containers - slurp: + ansible.builtin.slurp: src: "{{ item.file }}" delegate_to: "{{ item.host }}" with_items: "{{ existing_credential_keys }}" @@ -51,7 +51,7 @@ when: existing_credential_keys is defined - name: Ensure the target directory exists on the master Keystone container - file: + ansible.builtin.file: path: "{{ keystone_credential_key_repository }}" state: directory owner: "{{ keystone_system_user_name }}" @@ -60,7 +60,7 @@ when: not collected_existing_credential_keys is skipped - name: Drop the existing credential keys in the master Keystone container - copy: + ansible.builtin.copy: content: "{{ item.1 | b64decode }}" dest: "{{ keystone_credential_key_repository }}/{{ item.0 }}" owner: "{{ keystone_system_user_name }}" @@ -71,7 +71,7 @@ with_indexed_items: "{{ collected_existing_credential_keys.results | map(attribute='content') | list | unique }}" - name: Create credential keys for Keystone # noqa: no-changed-when - command: > + ansible.builtin.command: > {{ keystone_bin }}/keystone-manage credential_setup --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" @@ -86,7 +86,7 @@ when: create_credential_keys is skipped block: - name: Rotate credential keys for Keystone # noqa: no-changed-when - command: > + ansible.builtin.command: > {{ keystone_bin }}/keystone-manage credential_rotate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" @@ -96,7 +96,7 @@ # so in case it fails, we need to try perform the migraton and attempt rotation after that rescue: - name: Ensure newest key is used for credential in Keystone # noqa: no-changed-when - command: > + ansible.builtin.command: > {{ keystone_bin }}/keystone-manage credential_migrate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" @@ -104,7 +104,7 @@ become_user: "{{ keystone_system_user_name }}" - name: Rotate credential keys for Keystone # noqa: no-changed-when - command: > + ansible.builtin.command: > {{ keystone_bin }}/keystone-manage credential_rotate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" @@ -113,7 +113,7 @@ always: # Let's run migration at the end anyway, as we need it after successfull rotation. - name: Ensure newest key is used for credential in Keystone # noqa: no-changed-when - command: > + ansible.builtin.command: > {{ keystone_bin }}/keystone-manage credential_migrate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" diff --git a/tasks/keystone_db_sync.yml b/tasks/keystone_db_sync.yml index dbb1f6cb..470019bb 100644 --- a/tasks/keystone_db_sync.yml +++ b/tasks/keystone_db_sync.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Check current state of Keystone DB - command: "{{ keystone_bin }}/keystone-manage db_sync --check" + ansible.builtin.command: "{{ keystone_bin }}/keystone-manage db_sync --check" become: true become_user: "{{ keystone_system_user_name }}" register: keystone_db_sync_check @@ -23,7 +23,7 @@ run_once: true - name: Set the db sync local facts - ini_file: + community.general.ini_file: dest: "/etc/ansible/facts.d/openstack_ansible.fact" section: keystone option: "{{ item.name }}" @@ -36,7 +36,7 @@ state: "{{ (keystone_db_sync_check.rc | int in [2, 3, 4]) | bool }}" - name: Refresh local facts - setup: + ansible.builtin.setup: filter: ansible_local gather_subset: "!all" tags: @@ -45,14 +45,14 @@ # When keystone is initially built, the service does not yet exist on the # host this task is executed on. Detect the presence of the services. - name: Test if keystone service exists - service: # noqa: args[module] + ansible.builtin.service: # noqa: args[module] name: "{{ item }}" check_mode: true register: keystone_service_exists with_items: "{{ keystone_services.keys() | list }}" - name: Ensure keystone service is stopped - service: + ansible.builtin.service: name: "{{ item.name }}" state: stopped register: _stop @@ -67,7 +67,7 @@ - Restart uWSGI - name: Perform a Keystone DB sync expand - command: "{{ keystone_bin }}/keystone-manage db_sync --expand" + ansible.builtin.command: "{{ keystone_bin }}/keystone-manage db_sync --expand" changed_when: false become: true become_user: "{{ keystone_system_user_name }}" @@ -77,7 +77,7 @@ notify: flush cache - name: Perform a Keystone DB sync contract - command: "{{ keystone_bin }}/keystone-manage db_sync --contract" + ansible.builtin.command: "{{ keystone_bin }}/keystone-manage db_sync --contract" changed_when: false become: true become_user: "{{ keystone_system_user_name }}" diff --git a/tasks/keystone_federation_sp_shib_setup.yml b/tasks/keystone_federation_sp_shib_setup.yml index b370f8cd..a83383ab 100644 --- a/tasks/keystone_federation_sp_shib_setup.yml +++ b/tasks/keystone_federation_sp_shib_setup.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Drop Shibboleth Config - template: + ansible.builtin.template: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ keystone_system_user_name }}" @@ -27,7 +27,7 @@ - Restart Shibd - name: Copy Shibboleth SP key-pair (if provided) - copy: + ansible.builtin.copy: content: "{{ item.content }}" dest: "{{ item.dest }}" mode: "{{ item.mode | default('0640') }}" @@ -42,7 +42,7 @@ - Restart Shibd - name: Generate the Shibboleth SP key-pair - command: "shib-keygen -h {{ external_lb_vip_address }} -y {{ keystone_sp.cert_duration_years }}" + ansible.builtin.command: "shib-keygen -h {{ external_lb_vip_address }} -y {{ keystone_sp.cert_duration_years }}" args: creates: "/etc/shibboleth/sp-cert.pem" when: _keystone_is_first_play_host @@ -51,27 +51,27 @@ - Restart Shibd - name: Store sp cert - slurp: + ansible.builtin.slurp: src: "/etc/shibboleth/sp-cert.pem" register: _keystone_sp_cert changed_when: false when: _keystone_is_first_play_host - name: Store sp key - slurp: + ansible.builtin.slurp: src: "/etc/shibboleth/sp-key.pem" register: _keystone_sp_key changed_when: false when: _keystone_is_first_play_host - name: Register a fact for the cert and key - set_fact: + ansible.builtin.set_fact: keystone_sp_cert_fact: "{{ _keystone_sp_cert.content }}" keystone_sp_key_fact: "{{ _keystone_sp_key.content }}" when: _keystone_is_first_play_host - name: Distribute sp key - copy: + ansible.builtin.copy: dest: "/etc/shibboleth/sp-key.pem" content: "{{ hostvars[groups['keystone_all'][0]]['keystone_sp_key_fact'] | b64decode }}" owner: "{{ keystone_system_user_name }}" @@ -83,7 +83,7 @@ - Restart Shibd - name: Distribute sp cert - copy: + ansible.builtin.copy: dest: "/etc/shibboleth/sp-cert.pem" content: "{{ hostvars[groups['keystone_all'][0]]['keystone_sp_cert_fact'] | b64decode }}" owner: "{{ keystone_system_user_name }}" @@ -95,7 +95,7 @@ - Restart Shibd - name: Set appropriate file ownership on the Shibboleth SP key-pair - file: + ansible.builtin.file: path: "{{ item }}" owner: "_shibd" group: "_shibd" diff --git a/tasks/keystone_fernet.yml b/tasks/keystone_fernet.yml index a1169c27..39c4748c 100644 --- a/tasks/keystone_fernet.yml +++ b/tasks/keystone_fernet.yml @@ -14,12 +14,12 @@ # limitations under the License. - name: Including keystone_fernet_keys_create tasks - include_tasks: keystone_fernet_keys_create.yml + ansible.builtin.include_tasks: keystone_fernet_keys_create.yml when: _keystone_is_first_play_host - name: Including keystone_fernet_keys_distribute tasks - include_tasks: keystone_fernet_keys_distribute.yml + ansible.builtin.include_tasks: keystone_fernet_keys_distribute.yml when: _keystone_is_first_play_host - name: Including keystone_fernet_keys_autorotate tasks - include_tasks: keystone_fernet_keys_autorotate.yml + ansible.builtin.include_tasks: keystone_fernet_keys_autorotate.yml diff --git a/tasks/keystone_fernet_keys_autorotate.yml b/tasks/keystone_fernet_keys_autorotate.yml index dc789c96..ae20ba65 100644 --- a/tasks/keystone_fernet_keys_autorotate.yml +++ b/tasks/keystone_fernet_keys_autorotate.yml @@ -19,7 +19,7 @@ # execution and while the script may be world read/executable its contains only # the necessary bits that are required to run the rotate and sync commands. - name: Drop fernet key auto rotate script - template: + ansible.builtin.template: src: "keystone-fernet-rotate.sh.j2" dest: "{{ keystone_fernet_auto_rotation_script }}" owner: "{{ keystone_system_user_name }}" @@ -28,7 +28,7 @@ # This creates the auto rotation job on the first keystone host. - name: Create auto rotation job - cron: + ansible.builtin.cron: name: "Fernet auto rotate job" special_time: "{{ keystone_fernet_rotation }}" user: "{{ keystone_system_user_name }}" @@ -38,7 +38,7 @@ # This makes sure that no auto rotation jobs are on any other hosts. - name: Remove extra auto rotation job - cron: + ansible.builtin.cron: name: "Fernet auto rotate job" user: "{{ keystone_system_user_name }}" cron_file: keystone-fernet-rotate diff --git a/tasks/keystone_fernet_keys_create.yml b/tasks/keystone_fernet_keys_create.yml index 4fa00498..bc1b726e 100644 --- a/tasks/keystone_fernet_keys_create.yml +++ b/tasks/keystone_fernet_keys_create.yml @@ -14,12 +14,12 @@ # limitations under the License. - name: Check if fernet keys already exist - stat: + ansible.builtin.stat: path: "{{ keystone_fernet_tokens_key_repository }}/0" register: _fernet_keys - name: Check for fernet keys on all Keystone containers - find: + ansible.builtin.find: paths: "{{ keystone_fernet_tokens_key_repository }}" when: not _fernet_keys.stat.exists register: _fernet_key_list @@ -27,7 +27,7 @@ with_items: "{{ groups['keystone_all'] }}" - name: Identify hosts with existing fernet keys - set_fact: + ansible.builtin.set_fact: existing_fernet_hosts: >- {% set _var = [] -%} {% for result in _fernet_key_list.results -%} @@ -39,7 +39,7 @@ when: not _fernet_key_list is skipped - name: Copy the fernet key repository to the primary - command: > + ansible.builtin.command: > rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' -avz --delete @@ -56,7 +56,7 @@ - skip_ansible_lint - name: Create fernet keys for Keystone # noqa: no-changed-when - command: > + ansible.builtin.command: > {{ keystone_bin }}/keystone-manage fernet_setup --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" @@ -67,7 +67,7 @@ - _fernet_keys_shared is skipped - name: Rotate fernet keys for Keystone # noqa: no-changed-when - command: > + ansible.builtin.command: > {{ keystone_bin }}/keystone-manage fernet_rotate --keystone-user "{{ keystone_system_user_name }}" --keystone-group "{{ keystone_system_group_name }}" diff --git a/tasks/keystone_idp_setup.yml b/tasks/keystone_idp_setup.yml index 9eaee736..e63ef061 100644 --- a/tasks/keystone_idp_setup.yml +++ b/tasks/keystone_idp_setup.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Generate IdP metadata - shell: | + ansible.builtin.shell: | {{ keystone_bin }}/keystone-manage saml_idp_metadata > {{ keystone_idp.idp_metadata_path }} become: true become_user: "{{ keystone_system_user_name }}" diff --git a/tasks/keystone_install.yml b/tasks/keystone_install.yml index 905adce2..d149a65e 100644 --- a/tasks/keystone_install.yml +++ b/tasks/keystone_install.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Create keystone dir - file: + ansible.builtin.file: path: "{{ item.path }}" state: directory owner: "{{ item.owner | default(keystone_system_user_name) }}" @@ -27,7 +27,7 @@ - ansible_facts['pkg_mgr'] == 'dnf' - name: Create system links - file: + ansible.builtin.file: src: "{{ item.src }}" dest: "{{ item.dest }}" state: "link" @@ -37,7 +37,7 @@ - ansible_facts['pkg_mgr'] == 'dnf' - name: Add shibboleth repo - yum_repository: + ansible.builtin.yum_repository: name: "shibboleth" description: "shibboleth Repo" baseurl: "{{ keystone_centos_shibboleth_mirror }}" @@ -48,7 +48,7 @@ - keystone_sp != {} - name: Install distro packages - package: + ansible.builtin.package: name: "{{ keystone_package_list }}" state: "{{ keystone_package_state }}" update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}" @@ -62,13 +62,13 @@ - Restart uWSGI - name: Install/remove apache mod packages for federated authentication - package: + ansible.builtin.package: name: "{{ item.name }}" state: "{{ item.state }}" with_items: "{{ keystone_sp_apache_mod_packages }}" - name: Install the python venv - import_role: + ansible.builtin.import_role: name: "python_venv_build" vars: venv_python_executable: "{{ keystone_venv_python_executable }}" @@ -100,7 +100,7 @@ when: keystone_install_method == 'distro' block: - name: Record the osa version deployed - ini_file: + community.general.ini_file: dest: "/etc/ansible/facts.d/openstack_ansible.fact" section: keystone option: venv_tag @@ -111,7 +111,7 @@ # for keystone user $HOME: # https://bugs.launchpad.net/cloud-archive/+bug/2060235 - name: Ensure SSH keys has right permissions - file: + ansible.builtin.file: path: "{{ keystone_system_user_home }}/.ssh/id_rsa" mode: "0600" when: @@ -119,7 +119,7 @@ - ansible_facts['distribution'] | lower == 'ubuntu' - name: Initialise the upgrade facts - ini_file: + community.general.ini_file: dest: "/etc/ansible/facts.d/openstack_ansible.fact" section: keystone option: "{{ item.name }}" @@ -140,7 +140,7 @@ ('need_db_contract' not in ansible_local['openstack_ansible']['keystone']) - name: Create WSGI symlinks - file: + ansible.builtin.file: src: "{{ keystone_bin }}/keystone-wsgi-public" dest: "/var/www/cgi-bin/keystone/main" state: link diff --git a/tasks/keystone_key_setup.yml b/tasks/keystone_key_setup.yml index 0e25a252..3ac45fbf 100644 --- a/tasks/keystone_key_setup.yml +++ b/tasks/keystone_key_setup.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Ensure .ssh directory is present - file: + ansible.builtin.file: state: directory path: "{{ keystone_system_user_home }}/.ssh" owner: "{{ keystone_system_user_name }}" @@ -22,7 +22,7 @@ mode: "0755" - name: Create ssh keys for synchronising fernet keys - include_role: + ansible.builtin.include_role: name: openstack.osa.ssh_keypairs args: apply: diff --git a/tasks/keystone_ldap_setup.yml b/tasks/keystone_ldap_setup.yml index b180e388..504421de 100644 --- a/tasks/keystone_ldap_setup.yml +++ b/tasks/keystone_ldap_setup.yml @@ -33,7 +33,7 @@ ansible_python_interpreter: "{{ keystone_service_setup_host_python_interpreter }}" - name: Create Keystone LDAP domain configs - template: + ansible.builtin.template: src: keystone.domain.conf.j2 dest: "{{ keystone_ldap_domain_config_dir }}/keystone.{{ item.key }}.conf" owner: "root" @@ -49,7 +49,7 @@ # keystone.Default.conf and this will cause errors when adding LDAP-backed # domains. - name: Remove Keystone Default domain configuration file if not needed - file: + ansible.builtin.file: path: "{{ keystone_ldap_domain_config_dir }}/keystone.Default.conf" state: absent when: keystone_ldap.Default is not defined diff --git a/tasks/keystone_post_install.yml b/tasks/keystone_post_install.yml index 31e71de6..50ddcd21 100644 --- a/tasks/keystone_post_install.yml +++ b/tasks/keystone_post_install.yml @@ -17,7 +17,7 @@ # the key rotation script will not be able to copy the # keys to the other nodes when they rotate. - name: Enable SSHD on all keystone hosts - systemd: + ansible.builtin.systemd: name: "{{ keystone_sshd }}" state: started enabled: true @@ -54,7 +54,7 @@ - keystone-policy-override - name: Remove legacy policy.yaml file - file: + ansible.builtin.file: path: "/etc/keystone/policy.yaml" state: absent when: @@ -66,13 +66,13 @@ # because we only want to copy the original files once. and we # don't want to need multiple tasks. - name: Preserve original configuration file(s) - command: "cp {{ item.target_f }} {{ item.target_f }}.original" + ansible.builtin.command: "cp {{ item.target_f }} {{ item.target_f }}.original" args: creates: "{{ item.target_f }}.original" with_items: "{{ keystone_core_files }}" - name: Fetch override files - fetch: + ansible.builtin.fetch: src: "{{ item.target_f }}" dest: "{{ item.tmp_f }}" flat: true @@ -95,7 +95,7 @@ - Restart web server - name: Cleanup fetched temp files - file: + ansible.builtin.file: path: "{{ item.tmp_f }}" state: absent changed_when: false @@ -104,7 +104,7 @@ with_items: "{{ keystone_core_files }}" - name: Copy sso callback file - copy: + ansible.builtin.copy: src: "{{ keystone_sso_callback_file_path }}" dest: "/etc/keystone/sso_callback_template.html" mode: "0644" diff --git a/tasks/keystone_service_bootstrap.yml b/tasks/keystone_service_bootstrap.yml index c0576c08..a0902335 100644 --- a/tasks/keystone_service_bootstrap.yml +++ b/tasks/keystone_service_bootstrap.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Wait for service to be up - uri: + ansible.builtin.uri: url: "{{ keystone_service_internaluri }}" method: "HEAD" status_code: 300 @@ -24,7 +24,7 @@ delay: 5 - name: Bootstrap keystone admin and endpoint - command: | + ansible.builtin.command: | {{ keystone_bin }}/keystone-manage bootstrap \ --bootstrap-username {{ keystone_admin_user_name }} \ --bootstrap-password {{ keystone_auth_admin_password }} \ diff --git a/tasks/main.yml b/tasks/main.yml index 66fc7c80..95e6d200 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Fail if our required secrets are not present - fail: + ansible.builtin.fail: msg: "Please set the {{ item }} variable prior to applying this role." when: (item is undefined) or (item is none) with_items: "{{ keystone_required_secrets }}" @@ -22,7 +22,7 @@ - always - name: Fail if service was deployed using a different installation method - fail: + ansible.builtin.fail: msg: "Switching installation methods for OpenStack services is not supported" when: - ansible_local is defined @@ -32,7 +32,7 @@ - ansible_local.openstack_ansible.keystone.install_method != keystone_install_method - name: Gather variables for each operating system - include_vars: "{{ lookup('first_found', params) }}" + ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" vars: params: files: @@ -47,12 +47,12 @@ - always - name: Gather variables for installation method - include_vars: "{{ keystone_install_method }}_install.yml" + ansible.builtin.include_vars: "{{ keystone_install_method }}_install.yml" tags: - always - name: Fact for apache module shibboleth to be installed - set_fact: + ansible.builtin.set_fact: keystone_sp_apache_mod_shib: >- {{ (keystone_sp != {} and (keystone_sp.apache_mod is undefined or ( @@ -63,7 +63,7 @@ - always - name: Fact for apache module mod_auth_openidc to be installed - set_fact: + ansible.builtin.set_fact: keystone_sp_apache_mod_auth_openidc: "{{ (keystone_sp != {} and keystone_sp.apache_mod is defined and keystone_sp.apache_mod == 'mod_auth_openidc') @@ -72,7 +72,7 @@ - always - name: Including osa.db_setup role - include_role: + ansible.builtin.include_role: name: openstack.osa.db_setup apply: tags: @@ -94,7 +94,7 @@ - always - name: Including osa.mq_setup role - include_role: + ansible.builtin.include_role: name: openstack.osa.mq_setup apply: tags: @@ -121,25 +121,25 @@ - always - name: Importing keystone_install tasks - import_tasks: keystone_install.yml + ansible.builtin.import_tasks: keystone_install.yml tags: - keystone-install - name: Refresh local facts - setup: + ansible.builtin.setup: filter: ansible_local gather_subset: "!all" tags: - keystone-config - name: Importing keystone_post_install tasks - import_tasks: keystone_post_install.yml + ansible.builtin.import_tasks: keystone_post_install.yml tags: - keystone-config - post-install - name: Importing keystone_fernet tasks - import_tasks: keystone_fernet.yml + ansible.builtin.import_tasks: keystone_fernet.yml when: - "'fernet' in keystone_token_provider" - keystone_service_setup | bool @@ -147,20 +147,20 @@ - keystone-config - name: Importing keystone_db_sync tasks - import_tasks: keystone_db_sync.yml + ansible.builtin.import_tasks: keystone_db_sync.yml when: - "keystone_database_enabled | bool" tags: - keystone-config - name: Importing keystone_credential tasks - import_tasks: keystone_credential.yml + ansible.builtin.import_tasks: keystone_credential.yml when: keystone_service_setup | bool tags: - keystone-config - name: Importing keystone_federation_sp_shib_setup tasks - import_tasks: keystone_federation_sp_shib_setup.yml + ansible.builtin.import_tasks: keystone_federation_sp_shib_setup.yml when: - keystone_sp_apache_mod_shib - not (keystone_use_uwsgi | bool) @@ -168,7 +168,7 @@ - keystone-config - name: Create and install SSL certificates - include_role: + ansible.builtin.include_role: name: pki tasks_from: main_certs.yml vars: @@ -187,14 +187,14 @@ - keystone-config - name: Importing keystone_apache tasks - import_tasks: "keystone_apache.yml" + ansible.builtin.import_tasks: "keystone_apache.yml" when: - not (keystone_use_uwsgi | bool) tags: - keystone-config - name: Import uwsgi role - import_role: + ansible.builtin.import_role: name: uwsgi vars: uwsgi_services: "{{ uwsgi_keystone_services }}" @@ -204,10 +204,10 @@ - uwsgi - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers - name: Including keystone_service_bootstrap tasks - include_tasks: keystone_service_bootstrap.yml + ansible.builtin.include_tasks: keystone_service_bootstrap.yml args: apply: tags: @@ -224,7 +224,7 @@ # the endpoints which were bootstrapped in keystone_service_bootstrap. - name: Wait for services to be up delegate_to: "{{ keystone_service_setup_host }}" - uri: + ansible.builtin.uri: url: "{{ item.url }}" validate_certs: "{{ item.validate_certs }}" method: "HEAD" @@ -242,7 +242,7 @@ delay: 5 - name: Including osa.service_setup role - include_role: + ansible.builtin.include_role: name: openstack.osa.service_setup apply: tags: @@ -277,7 +277,7 @@ - always - name: Including keystone_ldap_setup tasks - import_tasks: keystone_ldap_setup.yml + ansible.builtin.import_tasks: keystone_ldap_setup.yml when: - keystone_service_setup | bool - keystone_ldap != {} @@ -285,10 +285,10 @@ - keystone-config - name: Flush handlers - meta: flush_handlers + ansible.builtin.meta: flush_handlers - name: Including keystone_idp_setup tasks - include_tasks: keystone_idp_setup.yml + ansible.builtin.include_tasks: keystone_idp_setup.yml args: apply: tags: @@ -300,7 +300,7 @@ - always - name: Diagnose common problems with keystone deployments - command: "{{ keystone_bin }}/keystone-manage doctor" + ansible.builtin.command: "{{ keystone_bin }}/keystone-manage doctor" become: true become_user: "{{ keystone_system_user_name }}" register: keystone_doctor diff --git a/tasks/main_keystone_federation_sp_idp_setup.yml b/tasks/main_keystone_federation_sp_idp_setup.yml index 4922016c..3648d6b5 100644 --- a/tasks/main_keystone_federation_sp_idp_setup.yml +++ b/tasks/main_keystone_federation_sp_idp_setup.yml @@ -1,6 +1,6 @@ --- - name: Including keystone_federation_sp_idp_setup tasks - include_tasks: keystone_federation_sp_idp_setup.yml + ansible.builtin.include_tasks: keystone_federation_sp_idp_setup.yml with_items: "{{ keystone_sp.trusted_idp_list }}" loop_control: loop_var: trusted_idp diff --git a/tasks/main_pre.yml b/tasks/main_pre.yml index 54c76df1..7d225507 100644 --- a/tasks/main_pre.yml +++ b/tasks/main_pre.yml @@ -14,7 +14,7 @@ # limitations under the License. - name: Gather variables for each operating system - include_vars: "{{ lookup('first_found', params) }}" + ansible.builtin.include_vars: "{{ lookup('first_found', params) }}" vars: params: files: @@ -29,14 +29,14 @@ - always - name: Create system groups - group: + ansible.builtin.group: name: "{{ item }}" state: "present" system: "yes" with_items: "{{ [keystone_system_group_name] + keystone_system_additional_groups }}" - name: Create the keystone system user - user: + ansible.builtin.user: name: "{{ keystone_system_user_name }}" group: "{{ keystone_system_group_name }}" groups: "{{ keystone_system_additional_groups | join(',') }}" @@ -47,7 +47,7 @@ home: "{{ keystone_system_user_home }}" - name: Create keystone dir - file: + ansible.builtin.file: path: "{{ item.path | default(omit) }}" src: "{{ item.src | default(omit) }}" dest: "{{ item.dest | default(omit) }}" @@ -80,7 +80,7 @@ group: root - name: Install distro packages - package: + ansible.builtin.package: name: "{{ keystone_distro_packages }}" state: "{{ keystone_package_state }}" update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}" @@ -93,7 +93,7 @@ - Restart ssh - name: Adjust sshd configuration in container - lineinfile: + ansible.builtin.lineinfile: dest: "/etc/ssh/sshd_config" regexp: "{{ item.regexp }}" line: "{{ item.line }}" @@ -103,6 +103,6 @@ - Restart ssh - name: Importing keystone_key_setup tasks - import_tasks: keystone_key_setup.yml + ansible.builtin.import_tasks: keystone_key_setup.yml tags: - keystone-install