From e09bec2c8307d831872907c6424c1aec9e735211 Mon Sep 17 00:00:00 2001 From: Pavlo Shchelokovskyy Date: Mon, 30 Jan 2017 13:13:42 +0200 Subject: [PATCH] Allow to create cloud.yaml with many clouds This patch makes the bifrost-keystone-client-config role a bit more generic to allow creating more that a single cloud configuration setting. The role is changed to accept a dict with possibly many clouds configurations, and the template for clouds.yaml is changed accordingly. This new functionality is used right away to add the keystone admin user to the created clouds.yaml file to make the installed keystone usable for admin-level operations (listing and editig users, projects, roles and role assignments) - the name of the 'cloud' created is 'bifrost-admin'. Change-Id: Icb274de989966645cd0f3874f8dff9d9f37d871b --- playbooks/install.yaml | 17 ++++++- .../bifrost-keystone-client-config/README.md | 47 ++++++++++++------- .../tasks/main.yml | 19 ++++++++ .../templates/clouds.yaml.j2 | 18 +++---- playbooks/test-bifrost.yaml | 11 ++++- .../notes/more-clouds-7c0fccf5701918d7.yaml | 21 +++++++++ 6 files changed, 106 insertions(+), 27 deletions(-) create mode 100644 releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml diff --git a/playbooks/install.yaml b/playbooks/install.yaml index b4d707ca9..14f626295 100644 --- a/playbooks/install.yaml +++ b/playbooks/install.yaml @@ -7,7 +7,22 @@ - { role: bifrost-prep-for-install, when: skip_install is not defined } - bifrost-keystone-install - bifrost-ironic-install - - { role: bifrost-keystone-client-config, config_username: "{{ ironic.keystone.default_username }}", config_password: "{{ ironic.keystone.default_password }}", config_project_name: "baremetal", config_region_name: "{{ keystone.bootstrap.region_name }}", config_auth_url: "{{ keystone.bootstrap.public_url }}", user: "{{ ansible_env.SUDO_USER }}", when: enable_keystone is defined and enable_keystone | bool == true } + - role: bifrost-keystone-client-config + user: "{{ ansible_env.SUDO_USER }}" + clouds: + bifrost: + config_username: "{{ ironic.keystone.default_username }}" + config_password: "{{ ironic.keystone.default_password }}" + config_project_name: "baremetal" + config_region_name: "{{ keystone.bootstrap.region_name }}" + config_auth_url: "{{ keystone.bootstrap.public_url }}" + bifrost-admin: + config_username: "{{ keystone.bootstrap.username }}" + config_password: "{{ ironic.bootstrap.password }}" + config_project_name: "{{ keystone.bootstrap.project_name }}" + config_region_name: "{{ keystone.bootstrap.region_name }}" + config_auth_url: "{{ keystone.bootstrap.public_url }}" + when: enable_keystone is defined and enable_keystone | bool == true } - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_elements: "ironic-agent {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true } - { role: bifrost-create-dib-image, dib_imagename: "{{ deploy_image }}", dib_imagetype: "qcow2", dib_elements: "vm serial-console {{ dib_init_element|default('simple-init') }} {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool == true and transform_boot_image | bool == false } environment: diff --git a/playbooks/roles/bifrost-keystone-client-config/README.md b/playbooks/roles/bifrost-keystone-client-config/README.md index 5ef1033e7..350b7879b 100644 --- a/playbooks/roles/bifrost-keystone-client-config/README.md +++ b/playbooks/roles/bifrost-keystone-client-config/README.md @@ -12,24 +12,29 @@ None Role Variables -------------- -This role expects to be invoked with seven variables: +This role expects to be invoked with two variables: -- config_username -- config_password -- config_project_name -- config_region_name -- config_auth_url - user: Username of the user who will own the configuration file. +- clouds: a dictionary with keys being names of the clouds to create in + clouds.yaml, and values are dictionaries of authentication + parameters for each cloud: + - config_username + - config_password + - config_project_name + - config_region_name + - config_auth_url + - config_project_domain_id (optional, defaults to 'default') + - config_user_domain_id (optional, defaults to 'default') -Additionally, two optional variables exist, which when not defined -default to "default": +Alternatively, for backward compatibility, the role can accept the above +`config_*` variables directly, but this is deprecated. +In this case, a single cloud named 'bifrost' will be written. -- config_project_domain_id -- config_user_domain_id - -The resulting clouds.yaml file, will be created at +The resulting clouds.yaml file will be created at ~{{user}}/.config/openstack/clouds.yaml. +If several sets of cloud settings are written, they will be sorted by +cloud name, in case-insensitive order. Notes ----- @@ -51,12 +56,20 @@ Example Playbook gather_facts: no roles: - role: bifrost-keystone-client-config - config_username: username - config_password: password - config_project_name: baremetal - config_region_name: RegionOne - config_auth_url: http://localhost:5000/v2.0/ user: joe + clouds: + local-cloud-user: + config_username: username + config_password: password + config_project_name: baremetal + config_region_name: RegionOne + config_auth_url: http://localhost:5000 + local-cloud-admin: + config_username: admin + config_password: verysecretpassword + config_project_name: admin + config_region_name: RegionOne + config_auth_url: http://localhost:5000 License ------- diff --git a/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml b/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml index 74a77cad6..fc6795586 100644 --- a/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml +++ b/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml @@ -11,6 +11,25 @@ # See the License for the specific language governing permissions and # limitations under the License. --- +- name: redefine cloud settings vars for backward compat + set_fact: + clouds: + bifrost: + config_username: "{{ config_username }}" + config_password: "{{ config_password }}" + config_project_name: "{{ config_project_name }}" + config_region_name: "{{ config_region_name }}" + config_auth_url: "{{ config_auth_url}}" + config_project_domain_id: "{{ config_project_domain_id|default('default') }}" + config_user_domain_id: "{{ config_user_domain_id|default('default') }}" + when: + - "{{ clouds is undefined }}" + - "{{ config_username is defined }}" + - "{{ config_password is defined }}" + - "{{ config_project_name is defined }}" + - "{{ config_region_name is defined }}" + - "{{ config_auth_url is defined }}" + - name: "Ensure the ~/.config/openstack/ exists" file: name: "~{{ user | default('root') }}/.config/openstack" diff --git a/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 b/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 index 2b5f73931..8593c46a4 100644 --- a/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 +++ b/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2 @@ -1,12 +1,14 @@ # WARNING: This file is managed by bifrost. clouds: - bifrost: - region_name: {{ config_region_name }} +{% for cloud in clouds | default({}) | dictsort %} + {{ cloud.0 }}: + region_name: {{ cloud.1.config_region_name }} auth: - username: {{ config_username }} - password: {{ config_password }} - project_name: {{ config_project_name }} - auth_url: {{ config_auth_url }} - project_domain_id: "{{ config_project_domain_id | default('default') }}" - user_domain_id: "{{ config_user_domain_id | default('default') }}" + username: {{ cloud.1.config_username }} + password: {{ cloud.1.config_password }} + project_name: {{ cloud.1.config_project_name }} + auth_url: {{ cloud.1.config_auth_url }} + project_domain_id: "{{ cloud.1.config_project_domain_id | default('default') }}" + user_domain_id: "{{ cloud.1.config_user_domain_id | default('default') }}" identity_api_version: "3" +{% endfor %} diff --git a/playbooks/test-bifrost.yaml b/playbooks/test-bifrost.yaml index 1dbd4a256..87a5bf309 100644 --- a/playbooks/test-bifrost.yaml +++ b/playbooks/test-bifrost.yaml @@ -78,7 +78,16 @@ # the ramdisk which causes ramdisk-image-create to believe it failed. - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_os_release: "jessie", dib_elements: "ironic-agent {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true } - { role: bifrost-create-dib-image, dib_imagetype: "qcow2", dib_imagename: "{{deploy_image}}", dib_os_element: "debian", dib_os_release: "jessie", dib_elements: "vm serial-console simple-init {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool == true and transform_boot_image | bool == false } - - { role: bifrost-keystone-client-config, config_username: "{{ ironic.keystone.default_username }}", config_password: "{{ ironic.keystone.default_password }}", config_project_name: "baremetal", config_region_name: "{{ keystone.bootstrap.region_name }}", config_auth_url: "{{ keystone.bootstrap.public_url }}", user: "{{ ansible_env.SUDO_USER }}", when: enable_keystone is defined and enable_keystone | bool == true } + - role: bifrost-keystone-client-config + user: "{{ ansible_env.SUDO_USER }}" + clouds: + bifrost: + config_username: "{{ ironic.keystone.default_username }}" + config_password: "{{ ironic.keystone.default_password }}" + config_project_name: "baremetal" + config_region_name: "{{ keystone.bootstrap.region_name }}" + config_auth_url: "{{ keystone.bootstrap.public_url }}" + when: "{{ enable_keystone is defined and enable_keystone | bool == true }}" environment: http_proxy: "{{ lookup('env','http_proxy') }}" https_proxy: "{{ lookup('env','https_proxy') }}" diff --git a/releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml b/releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml new file mode 100644 index 000000000..59ed1d825 --- /dev/null +++ b/releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml @@ -0,0 +1,21 @@ +--- +features: + - | + 'bifrost-keystone-client-config' role can now write 'clouds.yaml' file + with several clouds settings. It starts to accept a single compound + variable 'clouds' that should contain a dict of + ':'. + Previous way of passing 'config_*' vars to the role is supported for + backward compatibility but is deprecated. + + In addition to previous 'bifrost' cloud, the default 'install.yaml' + playbook now also writes 'bifrost-admin' cloud settings that contain + Keystone admin credentials so that when installed, the Keystone service + is fully usable right away (users/projects etc can be managed). + +deprecations: + - | + Passing 'config_*' variables defining credentials for 'bifrost' + cloud to 'bifrost-keystone-client-config' role is deprecated. + Instead a single compound variable named 'clouds' defining sets of + settings to be written to 'clouds.yaml' should be passed to that role.