ceph-ansible/roles/ceph-rgw/tasks/openstack-keystone.yml

---
- name: Install nss-tools on redhat
  ansible.builtin.package:
    name: nss-tools
    state: present
  register: result
  until: result is succeeded
  when: ansible_facts['pkg_mgr'] == 'yum' or ansible_facts['pkg_mgr'] == 'dnf'

- name: Install libnss3-tools on debian
  ansible.builtin.package:
    name: libnss3-tools
    state: present
  register: result
  until: result is succeeded
  when: ansible_facts['pkg_mgr'] == 'apt'

- name: Create nss directory for keystone certificates
  ansible.builtin.file:
    path: "{{ radosgw_nss_db_path }}"
    state: directory
    owner: root
    group: root
    mode: "0644"

- name: Create nss entries for keystone certificates
  ansible.builtin.shell: "{{ item }}"
  changed_when: false
  with_items:
    - "openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey | certutil -d {{ radosgw_nss_db_path }} -A -n ca -t 'TCu,Cu,Tuw'"
    - "openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey | certutil -A -d {{ radosgw_nss_db_path }} -n signing_cert -t 'P,P,P'"
  tags: skip_ansible_lint
Add support for Rados Gateway configuration with Keystone Signed-off-by: Sébastien Han <seb@redhat.com> 2015-06-04 01:01:23 +08:00			`---`
address Ansible linter errors This addresses all errors reported by the Ansible linter. Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com> 2024-02-14 18:14:02 +08:00			`- name: Install nss-tools on redhat`
			`ansible.builtin.package:`
Fixed packages for red hat 2016-10-07 16:36:19 +08:00			`name: nss-tools`
ceph-rgw: install libnss3-tools for keystone closes: #598 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-03-03 21:43:01 +08:00			`state: present`
retry on packages and repositories failures add register/until on all packaging related tasks to avoid non valid CI failure. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> 2018-12-19 21:55:01 +08:00			`register: result`
			`until: result is succeeded`
Use ansible_facts It has come to our attention that using ansible_* vars that are populated with INJECT_FACTS_AS_VARS=True is not very performant. In order to be able to support setting that to off, we need to update the references to use ansible_facts[<thing>] instead of ansible_<thing>. Related: ansible#73654 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1935406 Signed-off-by: Alex Schultz <aschultz@redhat.com> 2021-03-03 22:43:50 +08:00			`when: ansible_facts['pkg_mgr'] == 'yum' or ansible_facts['pkg_mgr'] == 'dnf'`
ceph-rgw: install libnss3-tools for keystone closes: #598 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-03-03 21:43:01 +08:00
address Ansible linter errors This addresses all errors reported by the Ansible linter. Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com> 2024-02-14 18:14:02 +08:00			`- name: Install libnss3-tools on debian`
			`ansible.builtin.package:`
ceph-rgw: install libnss3-tools for keystone closes: #598 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-03-03 21:43:01 +08:00			`name: libnss3-tools`
			`state: present`
retry on packages and repositories failures add register/until on all packaging related tasks to avoid non valid CI failure. Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> 2018-12-19 21:55:01 +08:00			`register: result`
			`until: result is succeeded`
Use ansible_facts It has come to our attention that using ansible_* vars that are populated with INJECT_FACTS_AS_VARS=True is not very performant. In order to be able to support setting that to off, we need to update the references to use ansible_facts[<thing>] instead of ansible_<thing>. Related: ansible#73654 Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1935406 Signed-off-by: Alex Schultz <aschultz@redhat.com> 2021-03-03 22:43:50 +08:00			`when: ansible_facts['pkg_mgr'] == 'apt'`
ceph-rgw: install libnss3-tools for keystone closes: #598 Signed-off-by: Sébastien Han <seb@redhat.com> 2016-03-03 21:43:01 +08:00
address Ansible linter errors This addresses all errors reported by the Ansible linter. Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com> 2024-02-14 18:14:02 +08:00			`- name: Create nss directory for keystone certificates`
			`ansible.builtin.file:`
Refactor rgw 2015-10-19 11:19:31 +08:00			`path: "{{ radosgw_nss_db_path }}"`
			`state: directory`
			`owner: root`
			`group: root`
address Ansible linter errors This addresses all errors reported by the Ansible linter. Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com> 2024-02-14 18:14:02 +08:00			`mode: "0644"`
Add support for Rados Gateway configuration with Keystone Signed-off-by: Sébastien Han <seb@redhat.com> 2015-06-04 01:01:23 +08:00
address Ansible linter errors This addresses all errors reported by the Ansible linter. Signed-off-by: Guillaume Abrioux <gabrioux@ibm.com> 2024-02-14 18:14:02 +08:00			`- name: Create nss entries for keystone certificates`
			`ansible.builtin.shell: "{{ item }}"`
lint: add changed_when to command Calling command should have changed_when false otherwise each time it runs it will show as 'changed' and this is irrelevant. Commands should not change things if nothing needs doing Signed-off-by: Sébastien Han <seb@redhat.com> 2018-10-30 22:51:32 +08:00			`changed_when: false`
Add support for Rados Gateway configuration with Keystone Signed-off-by: Sébastien Han <seb@redhat.com> 2015-06-04 01:01:23 +08:00			`with_items:`
lint: add changed_when to command Calling command should have changed_when false otherwise each time it runs it will show as 'changed' and this is irrelevant. Commands should not change things if nothing needs doing Signed-off-by: Sébastien Han <seb@redhat.com> 2018-10-30 22:51:32 +08:00			`- "openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey \| certutil -d {{ radosgw_nss_db_path }} -A -n ca -t 'TCu,Cu,Tuw'"`
Add support for Rados Gateway configuration with Keystone Signed-off-by: Sébastien Han <seb@redhat.com> 2015-06-04 01:01:23 +08:00			`- "openssl x509 -in /etc/keystone/ssl/certs/signing_cert.pem -pubkey \| certutil -A -d {{ radosgw_nss_db_path }} -n signing_cert -t 'P,P,P'"`
improve coding style Keywords requiring only one item shouldn't express it by creating a list with single item. Signed-off-by: Rishabh Dave <ridave@redhat.com> 2019-04-01 23:46:15 +08:00			`tags: skip_ansible_lint`