diff --git a/playbooks/install.yaml b/playbooks/install.yaml index b4d707ca9..14f626295 100644 --- a/playbooks/install.yaml +++ b/playbooks/install.yaml @@ -7,7 +7,22 @@ - { role: bifrost-prep-for-install, when: skip_install is not defined } - bifrost-keystone-install - bifrost-ironic-install - - { role: bifrost-keystone-client-config, config_username: "{{ ironic.keystone.default_username }}", config_password: "{{ ironic.keystone.default_password }}", config_project_name: "baremetal", config_region_name: "{{ keystone.bootstrap.region_name }}", config_auth_url: "{{ keystone.bootstrap.public_url }}", user: "{{ ansible_env.SUDO_USER }}", when: enable_keystone is defined and enable_keystone | bool == true } + - role: bifrost-keystone-client-config + user: "{{ ansible_env.SUDO_USER }}" + clouds: + bifrost: + config_username: "{{ ironic.keystone.default_username }}" + config_password: "{{ ironic.keystone.default_password }}" + config_project_name: "baremetal" + config_region_name: "{{ keystone.bootstrap.region_name }}" + config_auth_url: "{{ keystone.bootstrap.public_url }}" + bifrost-admin: + config_username: "{{ keystone.bootstrap.username }}" + config_password: "{{ ironic.bootstrap.password }}" + config_project_name: "{{ keystone.bootstrap.project_name }}" + config_region_name: "{{ keystone.bootstrap.region_name }}" + config_auth_url: "{{ keystone.bootstrap.public_url }}" + when: enable_keystone is defined and enable_keystone | bool == true } - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_elements: "ironic-agent {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true } - { role: bifrost-create-dib-image, dib_imagename: "{{ deploy_image }}", dib_imagetype: "qcow2", dib_elements: "vm serial-console {{ dib_init_element|default('simple-init') }} {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool == true and transform_boot_image | bool == false } environment: diff --git a/playbooks/roles/bifrost-keystone-client-config/README.md b/playbooks/roles/bifrost-keystone-client-config/README.md index 5ef1033e7..350b7879b 100644 --- a/playbooks/roles/bifrost-keystone-client-config/README.md +++ b/playbooks/roles/bifrost-keystone-client-config/README.md @@ -12,24 +12,29 @@ None Role Variables -------------- -This role expects to be invoked with seven variables: +This role expects to be invoked with two variables: -- config_username -- config_password -- config_project_name -- config_region_name -- config_auth_url - user: Username of the user who will own the configuration file. +- clouds: a dictionary with keys being names of the clouds to create in + clouds.yaml, and values are dictionaries of authentication + parameters for each cloud: + - config_username + - config_password + - config_project_name + - config_region_name + - config_auth_url + - config_project_domain_id (optional, defaults to 'default') + - config_user_domain_id (optional, defaults to 'default') -Additionally, two optional variables exist, which when not defined -default to "default": +Alternatively, for backward compatibility, the role can accept the above +`config_*` variables directly, but this is deprecated. +In this case, a single cloud named 'bifrost' will be written. -- config_project_domain_id -- config_user_domain_id - -The resulting clouds.yaml file, will be created at +The resulting clouds.yaml file will be created at ~{{user}}/.config/openstack/clouds.yaml. +If several sets of cloud settings are written, they will be sorted by +cloud name, in case-insensitive order. Notes ----- @@ -51,12 +56,20 @@ Example Playbook gather_facts: no roles: - role: bifrost-keystone-client-config - config_username: username - config_password: password - config_project_name: baremetal - config_region_name: RegionOne - config_auth_url: http://localhost:5000/v2.0/ user: joe + clouds: + local-cloud-user: + config_username: username + config_password: password + config_project_name: baremetal + config_region_name: RegionOne + config_auth_url: http://localhost:5000 + local-cloud-admin: + config_username: admin + config_password: verysecretpassword + config_project_name: admin + config_region_name: RegionOne + config_auth_url: http://localhost:5000 License ------- diff --git a/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml b/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml index 74a77cad6..fc6795586 100644 --- a/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml +++ b/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml @@ -11,6 +11,25 @@ # See the License for the specific language governing permissions and # limitations under the License. --- +- name: redefine cloud settings vars for backward compat + set_fact: + clouds: + bifrost: + config_username: "{{ config_username }}" + config_password: "{{ config_password }}" + config_project_name: "{{ config_project_name }}" + config_region_name: "{{ config_region_name }}" + config_auth_url: "{{ config_auth_url}}" + config_project_domain_id: "{{ config_project_domain_id|default('default') }}" + config_user_domain_id: "{{ config_user_domain_id|default('default') }}" + when: + - "{{ clouds is undefined }}" + - "{{ config_username is defined }}" + - "{{ config_password is defined }}" + - "{{ config_project_name is defined }}" + - "{{ config_region_name is defined }}" + - "{{ config_auth_url is defined }}" + - name: "Ensure the ~/.config/openstack/ exists" file: name: "~{{ user | default('root') }}/.config/openstack" diff --git a/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 b/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 index 2b5f73931..8593c46a4 100644 --- a/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 +++ b/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 @@ -1,12 +1,14 @@ # WARNING: This file is managed by bifrost. clouds: - bifrost: - region_name: {{ config_region_name }} +{% for cloud in clouds | default({}) | dictsort %} + {{ cloud.0 }}: + region_name: {{ cloud.1.config_region_name }} auth: - username: {{ config_username }} - password: {{ config_password }} - project_name: {{ config_project_name }} - auth_url: {{ config_auth_url }} - project_domain_id: "{{ config_project_domain_id | default('default') }}" - user_domain_id: "{{ config_user_domain_id | default('default') }}" + username: {{ cloud.1.config_username }} + password: {{ cloud.1.config_password }} + project_name: {{ cloud.1.config_project_name }} + auth_url: {{ cloud.1.config_auth_url }} + project_domain_id: "{{ cloud.1.config_project_domain_id | default('default') }}" + user_domain_id: "{{ cloud.1.config_user_domain_id | default('default') }}" identity_api_version: "3" +{% endfor %} diff --git a/playbooks/test-bifrost.yaml b/playbooks/test-bifrost.yaml index 1dbd4a256..87a5bf309 100644 --- a/playbooks/test-bifrost.yaml +++ b/playbooks/test-bifrost.yaml @@ -78,7 +78,16 @@ # the ramdisk which causes ramdisk-image-create to believe it failed. - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_os_release: "jessie", dib_elements: "ironic-agent {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true } - { role: bifrost-create-dib-image, dib_imagetype: "qcow2", dib_imagename: "{{deploy_image}}", dib_os_element: "debian", dib_os_release: "jessie", dib_elements: "vm serial-console simple-init {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool == true and transform_boot_image | bool == false } - - { role: bifrost-keystone-client-config, config_username: "{{ ironic.keystone.default_username }}", config_password: "{{ ironic.keystone.default_password }}", config_project_name: "baremetal", config_region_name: "{{ keystone.bootstrap.region_name }}", config_auth_url: "{{ keystone.bootstrap.public_url }}", user: "{{ ansible_env.SUDO_USER }}", when: enable_keystone is defined and enable_keystone | bool == true } + - role: bifrost-keystone-client-config + user: "{{ ansible_env.SUDO_USER }}" + clouds: + bifrost: + config_username: "{{ ironic.keystone.default_username }}" + config_password: "{{ ironic.keystone.default_password }}" + config_project_name: "baremetal" + config_region_name: "{{ keystone.bootstrap.region_name }}" + config_auth_url: "{{ keystone.bootstrap.public_url }}" + when: "{{ enable_keystone is defined and enable_keystone | bool == true }}" environment: http_proxy: "{{ lookup('env','http_proxy') }}" https_proxy: "{{ lookup('env','https_proxy') }}" diff --git a/releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml b/releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml new file mode 100644 index 000000000..59ed1d825 --- /dev/null +++ b/releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml @@ -0,0 +1,21 @@ +--- +features: + - | + 'bifrost-keystone-client-config' role can now write 'clouds.yaml' file + with several clouds settings. It starts to accept a single compound + variable 'clouds' that should contain a dict of + ':'. + Previous way of passing 'config_*' vars to the role is supported for + backward compatibility but is deprecated. + + In addition to previous 'bifrost' cloud, the default 'install.yaml' + playbook now also writes 'bifrost-admin' cloud settings that contain + Keystone admin credentials so that when installed, the Keystone service + is fully usable right away (users/projects etc can be managed). + +deprecations: + - | + Passing 'config_*' variables defining credentials for 'bifrost' + cloud to 'bifrost-keystone-client-config' role is deprecated. + Instead a single compound variable named 'clouds' defining sets of + settings to be written to 'clouds.yaml' should be passed to that role.