{"id":424,"sha1":"9fb1a1c42abf75f5fec08b741aece5bbcbe624d5","playbook":{"id":4,"items":{"plays":107,"tasks":2438,"results":2413,"hosts":13,"files":511,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-14T10:21:40.790759Z","ended":"2025-12-14T11:05:36.775743Z","duration":"00:43:55.984984","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.13.5","server_version":"1.7.4","status":"completed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n- name: Fail if our required secrets are not present\n  ansible.builtin.fail:\n    msg: \"Please set the {{ item }} variable prior to applying this role.\"\n  when: (item is undefined) or (item is none)\n  with_items: \"{{ keystone_required_secrets }}\"\n  tags:\n    - always\n\n- name: Fail if service was deployed using a different installation method\n  ansible.builtin.fail:\n    msg: \"Switching installation methods for OpenStack services is not supported\"\n  when:\n    - ansible_local is defined\n    - ansible_local.openstack_ansible is defined\n    - ansible_local.openstack_ansible.keystone is defined\n    - ansible_local.openstack_ansible.keystone.install_method is defined\n    - ansible_local.openstack_ansible.keystone.install_method != keystone_install_method\n\n- name: Gather variables for each operating system\n  ansible.builtin.include_vars: \"{{ lookup('first_found', params) }}\"\n  vars:\n    params:\n      files:\n        - \"{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml\"\n        - \"{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml\"\n        - \"{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml\"\n        - \"{{ ansible_facts['distribution'] | lower }}.yml\"\n        - \"{{ ansible_facts['os_family'] | lower }}.yml\"\n      paths:\n        - \"{{ role_path }}/vars\"\n  tags:\n    - always\n\n- name: Gather variables for installation method\n  ansible.builtin.include_vars: \"{{ keystone_install_method }}_install.yml\"\n  tags:\n    - always\n\n- name: Including osa.db_setup role\n  ansible.builtin.include_role:\n    name: openstack.osa.db_setup\n    apply:\n      tags:\n        - common-db\n        - keystone-config\n  when:\n    - \"_keystone_is_first_play_host\"\n  vars:\n    _oslodb_setup_host: \"{{ keystone_db_setup_host }}\"\n    _oslodb_ansible_python_interpreter: \"{{ keystone_db_setup_python_interpreter }}\"\n    _oslodb_setup_endpoint: \"{{ keystone_galera_address }}\"\n    _oslodb_setup_port: \"{{ keystone_galera_port }}\"\n    _oslodb_databases:\n      - name: \"{{ keystone_galera_database }}\"\n        users:\n          - username: \"{{ keystone_galera_user }}\"\n            password: \"{{ keystone_container_mysql_password }}\"\n  tags:\n    - always\n\n- name: Including osa.mq_setup role\n  ansible.builtin.include_role:\n    name: openstack.osa.mq_setup\n    apply:\n      tags:\n        - common-mq\n        - keystone-config\n  when:\n    - \"_keystone_is_first_play_host\"\n  vars:\n    _oslomsg_rpc_configure: \"{{ keystone_oslomsg_rpc_configure }}\"\n    _oslomsg_rpc_setup_host: \"{{ keystone_oslomsg_rpc_setup_host }}\"\n    _oslomsg_rpc_userid: \"{{ keystone_oslomsg_rpc_userid }}\"\n    _oslomsg_rpc_password: \"{{ keystone_oslomsg_rpc_password }}\"\n    _oslomsg_rpc_vhost: \"{{ keystone_oslomsg_rpc_vhost }}\"\n    _oslomsg_rpc_transport: \"{{ keystone_oslomsg_rpc_transport }}\"\n    _oslomsg_rpc_policies: \"{{ keystone_oslomsg_rpc_policies }}\"\n    _oslomsg_notify_configure: \"{{ keystone_oslomsg_notify_configure }}\"\n    _oslomsg_notify_setup_host: \"{{ keystone_oslomsg_notify_setup_host }}\"\n    _oslomsg_notify_userid: \"{{ keystone_oslomsg_notify_userid }}\"\n    _oslomsg_notify_password: \"{{ keystone_oslomsg_notify_password }}\"\n    _oslomsg_notify_vhost: \"{{ keystone_oslomsg_notify_vhost }}\"\n    _oslomsg_notify_transport: \"{{ keystone_oslomsg_notify_transport }}\"\n    _oslomsg_notify_policies: \"{{ keystone_oslomsg_notify_policies }}\"\n  tags:\n    - always\n\n- name: Including keystone_federation_sp_shib_setup tasks\n  ansible.builtin.include_tasks:\n    file: keystone_federation_sp_shib_setup.yml\n    apply:\n      tags:\n        - keystone-config\n  when:\n    - keystone_sp_apache_mod_shib\n    - not (keystone_use_uwsgi | bool)\n  tags:\n    - keystone-config\n\n- name: Including keystone_apache tasks\n  ansible.builtin.include_tasks:\n    file: \"keystone_apache.yml\"\n    apply:\n      tags:\n        - keystone-config\n  when:\n    - not (keystone_use_uwsgi | bool)\n  tags:\n    - keystone-config\n\n- name: Importing keystone_install tasks\n  ansible.builtin.import_tasks: keystone_install.yml\n  tags:\n    - keystone-install\n\n- name: Refresh local facts\n  ansible.builtin.setup:\n    filter: ansible_local\n    gather_subset: \"!all\"\n  tags:\n    - keystone-config\n\n- name: Importing keystone_post_install tasks\n  ansible.builtin.import_tasks: keystone_post_install.yml\n  tags:\n    - keystone-config\n    - post-install\n\n- name: Including keystone_fernet tasks\n  ansible.builtin.include_tasks:\n    file: keystone_fernet.yml\n    apply:\n      tags:\n        - keystone-config\n  when:\n    - \"'fernet' in keystone_token_provider\"\n    - keystone_service_setup | bool\n  tags:\n    - keystone-config\n\n- name: Including keystone_db_sync tasks\n  ansible.builtin.include_tasks:\n    file: keystone_db_sync.yml\n    apply:\n      tags:\n        - keystone-config\n  when:\n    - \"keystone_database_enabled | bool\"\n  tags:\n    - keystone-config\n\n- name: Including keystone_credential tasks\n  ansible.builtin.include_tasks:\n    file: keystone_credential.yml\n    apply:\n      tags:\n        - keystone-config\n  when: keystone_service_setup | bool\n  tags:\n    - keystone-config\n\n- name: Create and install SSL certificates\n  ansible.builtin.include_role:\n    name: pki\n    tasks_from: main_certs.yml\n  vars:\n    pki_setup_host: \"{{ keystone_pki_setup_host }}\"\n    pki_dir: \"{{ keystone_pki_dir }}\"\n    pki_create_ca: \"{{ keystone_pki_create_ca }}\"\n    pki_authorities: \"{{ keystone_pki_ca_certificates }}\"\n    pki_regen_ca: \"{{ keystone_pki_regen_ca }}\"\n    pki_install_certificates: \"{{ keystone_pki_install_certificates }}\"\n  when:\n    - keystone_idp['certfile'] is defined\n  tags:\n    - keystone-config\n\n- name: Import uwsgi role\n  ansible.builtin.import_role:\n    name: uwsgi\n  vars:\n    uwsgi_services: \"{{ uwsgi_keystone_services }}\"\n    uwsgi_install_method: \"{{ keystone_install_method }}\"\n  tags:\n    - keystone-config\n    - uwsgi\n\n- name: Flush handlers\n  ansible.builtin.meta: flush_handlers\n\n- name: Including keystone_service_bootstrap tasks\n  ansible.builtin.include_tasks: keystone_service_bootstrap.yml\n  args:\n    apply:\n      tags:\n        - keystone-config\n  when:\n    - \"_keystone_is_last_play_host\"\n    - \"keystone_service_setup | bool\"\n  tags:\n    - always\n\n# Note(odyssey4me):\n# This set of tasks specifically runs against the last keystone\n# node in the cluster to ensure that the modules have access to\n# the endpoints which were bootstrapped in keystone_service_bootstrap.\n- name: Wait for services to be up\n  delegate_to: \"{{ keystone_service_setup_host }}\"\n  ansible.builtin.uri:\n    url: \"{{ item.url }}\"\n    validate_certs: \"{{ item.validate_certs }}\"\n    method: \"HEAD\"\n    status_code: 300\n  with_items:\n    - url: \"{{ keystone_service_adminuri }}\"\n      validate_certs: \"{{ not keystone_service_adminuri_insecure }}\"\n    - url: \"{{ keystone_service_internaluri }}\"\n      validate_certs: \"{{ not keystone_service_internaluri_insecure }}\"\n  register: _wait_check\n  when:\n    - \"_keystone_is_last_play_host\"\n  until: _wait_check is success\n  retries: 12\n  delay: 5\n\n- name: Including osa.service_setup role\n  ansible.builtin.include_role:\n    name: openstack.osa.service_setup\n    apply:\n      tags:\n        - keystone-config\n        - common-service\n  vars:\n    _service_adminuri_insecure: \"{{ keystone_service_adminuri_insecure }}\"\n    _service_in_ldap: \"{{ keystone_service_in_ldap }}\"\n    _service_setup_host: \"{{ keystone_service_setup_host }}\"\n    _service_setup_host_python_interpreter: \"{{ keystone_service_setup_host_python_interpreter }}\"\n    _project_name: \"{{ keystone_service_tenant_name }}\"\n    _project_description: \"{{ keystone_service_project_description }}\"\n    _service_region: \"{{ keystone_service_region }}\"\n    _service_catalog:\n      - name: \"{{ keystone_service_name }}\"\n        type: \"{{ keystone_service_type }}\"\n        description: \"{{ keystone_service_description }}\"\n    _service_endpoints:\n      - interface: \"public\"\n        url: \"{{ keystone_service_publicuri }}\"\n        service: \"{{ keystone_service_name }}\"\n      - interface: \"internal\"\n        url: \"{{ keystone_service_internaluri }}\"\n        service: \"{{ keystone_service_name }}\"\n      - interface: \"admin\"\n        url: \"{{ keystone_service_adminuri }}\"\n        service: \"{{ keystone_service_name }}\"\n  when:\n    - \"_keystone_is_last_play_host\"\n    - \"keystone_service_setup | bool\"\n  tags:\n    - always\n\n- name: Including keystone_ldap_setup tasks\n  ansible.builtin.include_tasks:\n    file: keystone_ldap_setup.yml\n    apply:\n      tags:\n        - keystone-config\n  when:\n    - keystone_service_setup | bool\n    - keystone_ldap != {}\n  tags:\n    - keystone-config\n\n- name: Flush handlers\n  ansible.builtin.meta: flush_handlers\n\n- name: Including keystone_idp_setup tasks\n  ansible.builtin.include_tasks: keystone_idp_setup.yml\n  args:\n    apply:\n      tags:\n        - keystone-config\n  when:\n    - keystone_idp != {}\n    - _keystone_is_last_play_host\n  tags:\n    - always\n\n- name: Diagnose common problems with keystone deployments\n  ansible.builtin.command: \"{{ keystone_bin }}/keystone-manage doctor\"\n  become: true\n  become_user: \"{{ keystone_system_user_name }}\"\n  register: keystone_doctor\n  failed_when: not debug and keystone_doctor.rc != 0\n  changed_when: false\n  run_once: true\n  when:\n    - \"_keystone_is_last_play_host\"\n  tags:\n    - keystone-config\n","created":"2025-12-14T10:21:41.960214Z","updated":"2025-12-14T10:21:41.960225Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_keystone/tasks/main.yml"}