{"id":842,"sha1":"8e7057e287937adb9143ed1f88586489237a4e4b","playbook":{"id":4,"items":{"plays":32,"tasks":1505,"results":1497,"hosts":12,"files":487,"records":0},"arguments":{"version":null,"verbosity":0,"private_key_file":null,"remote_user":null,"connection":"openstack.osa.ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":true,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/dynamic_inventory.py","/home/zuul/src/opendev.org/openstack/openstack-ansible/inventory/inventory.ini","/etc/openstack_deploy/inventory.ini"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":4,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["setup-openstack.yml"]},"labels":[{"id":1,"name":"check:False"},{"id":2,"name":"tags:all"}],"started":"2025-12-08T13:57:07.871967Z","ended":"2025-12-08T14:21:54.049657Z","duration":"00:24:46.177690","name":null,"ansible_version":"2.18.6","client_version":"1.7.4","python_version":"3.12.11","server_version":"1.7.4","status":"failed","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml","controller":"aio1.openstack.local","user":"root"},"content":"---\n# Copyright 2014, Rackspace US, Inc.\n#\n# Licensed under the Apache License, Version 2.0 (the \"License\");\n# you may not use this file except in compliance with the License.\n# You may obtain a copy of the License at\n#\n#     http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing, software\n# distributed under the License is distributed on an \"AS IS\" BASIS,\n# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n# See the License for the specific language governing permissions and\n# limitations under the License.\n\n- name: Clean-up old vhost files\n  ansible.builtin.file:\n    path: \"{{ item }}\"\n    state: absent\n  loop: \"{{ keystone_deprecated_apache_configs }}\"\n\n- name: Including HTTPD role\n  ansible.builtin.import_role:\n    name: httpd\n  vars:\n    httpd_pki_dir: \"{{ keystone_pki_dir }}\"\n    httpd_pki_setup_host: \"{{ keystone_pki_setup_host }}\"\n    httpd_ssl_protocol: \"{{ keystone_ssl_protocol }}\"\n    httpd_ssl_cipher_suite_tls12: \"{{ keystone_ssl_cipher_suite_tls12 }}\"\n    httpd_ssl_cipher_suite_tls13: \"{{ keystone_ssl_cipher_suite_tls13 }}\"\n    httpd_pki_regen_cert: \"{{ keystone_pki_regen_cert }}\"\n    httpd_extra_packages: \"{{ keystone_sp_apache_mod_packages | selectattr('state', 'eq', 'present') | map(attribute='name') }}\"\n    httpd_extra_modules: \"{{ keystone_apache_modules }}\"\n    httpd_vhosts:\n      - name: openstack_keystone\n        address: \"{{ keystone_web_server_bind_address }}\"\n        port: \"{{ keystone_service_port }}\"\n        log_level: \"{{  keystone_apache_log_level }}\"\n        log_format: \"{{ keystone_apache_custom_log_format }}\"\n        server_name: \"{{ ansible_facts['hostname'] }}\"\n        headers:\n          - 'Header set X-Content-Type-Options \"nosniff\"'\n          - 'Header set X-XSS-Protection \"1; mode=block\"'\n          - >-\n            Header set Content-Security-Policy \"default-src 'self' https: wss:;\"\n          - >-\n            {% set scp_script_src = \"script-src 'sha256-oBahlBFQem+nMs1JwgcBB03Hy8nRh5e8qEGTOcxmAuM=';\" -%}\n            {{ (keystone_sp != {}) | ternary('Header set Content-Security-Policy \"' ~ scp_script_src ~ '\"', '') }}\n          - \"Header set X-Frame-Options {{ keystone_x_frame_options | default('DENY') }}\"\n        options: |-\n          {% set options = _keystone_httpd_base_options %}\n          {% if keystone_sp_apache_mod_auth_openidc %}\n          {%   set _ = options.extend(_keystone_httpd_openidc_options) %}\n          {% endif %}\n          {% if keystone_sp_apache_mod_shib %}\n          {%   set _ = options.extend(_keystone_httpd_shib_options) %}\n          {% endif %}\n          {% set _ = options.append('ProxyPass / uwsgi://127.0.0.1:' ~ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] ~ '/') %}\n          {{ options }}\n        locations: |-\n          {% set locations = [] %}\n          {% if keystone_sp_apache_mod_auth_openidc %}\n          {%   set _ = locations.extend(_keystone_httpd_openidc_locations) %}\n          {% endif %}\n          {% if keystone_sp_apache_mod_shib %}\n          {%   set _ = locations.extend(_keystone_httpd_shib_locations) %}\n          {% endif %}\n          {{ locations }}\n        directories: \"{{ (keystone_sp != {}) | ternary(_keystone_httpd_sp_directories, []) }}\"\n        ssl: \"{{ keystone_backend_ssl | ternary(_keystone_httpd_vhost_ssl, false) }}\"\n  tags:\n    - horizon-install\n    - horizon-config\n    - httpd\n","created":"2025-12-08T13:58:12.630147Z","updated":"2025-12-08T13:58:12.630163Z","path":"/home/zuul/src/opendev.org/openstack/openstack-ansible-os_keystone/tasks/keystone_apache.yml"}