Merge "Allow to create cloud.yaml with many clouds"

playbooks/install.yaml

@@ -7,7 +7,22 @@
     - { role: bifrost-prep-for-install, when: skip_install is not defined }
     - bifrost-keystone-install
     - bifrost-ironic-install
-    - { role: bifrost-keystone-client-config, config_username: "{{ ironic.keystone.default_username }}", config_password: "{{ ironic.keystone.default_password }}", config_project_name: "baremetal", config_region_name: "{{ keystone.bootstrap.region_name }}", config_auth_url: "{{ keystone.bootstrap.public_url }}", user: "{{ ansible_env.SUDO_USER }}", when: enable_keystone is defined and enable_keystone | bool == true }
+    - role: bifrost-keystone-client-config
+      user: "{{ ansible_env.SUDO_USER }}"
+      clouds:
+        bifrost:
+          config_username: "{{ ironic.keystone.default_username }}"
+          config_password: "{{ ironic.keystone.default_password }}"
+          config_project_name: "baremetal"
+          config_region_name: "{{ keystone.bootstrap.region_name }}"
+          config_auth_url: "{{ keystone.bootstrap.public_url }}"
+        bifrost-admin:
+          config_username: "{{ keystone.bootstrap.username }}"
+          config_password: "{{ ironic.bootstrap.password }}"
+          config_project_name: "{{ keystone.bootstrap.project_name }}"
+          config_region_name: "{{ keystone.bootstrap.region_name }}"
+          config_auth_url: "{{ keystone.bootstrap.public_url }}"
+      when: enable_keystone is defined and enable_keystone | bool == true }
     - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_elements: "ironic-agent {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true }
     - { role: bifrost-create-dib-image, dib_imagename: "{{ deploy_image }}", dib_imagetype: "qcow2", dib_elements: "vm serial-console {{ dib_init_element|default('simple-init') }} {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool == true and transform_boot_image | bool == false }
   environment:

playbooks/roles/bifrost-keystone-client-config/README.md

@@ -12,24 +12,29 @@ None
 Role Variables
 --------------
 
-This role expects to be invoked with seven variables:
+This role expects to be invoked with two variables:
 
-- config_username
-- config_password
-- config_project_name
-- config_region_name
-- config_auth_url
 - user: Username of the user who will own the
          configuration file.
+- clouds: a dictionary with keys being names of the clouds to create in
+          clouds.yaml, and values are dictionaries of authentication
+          parameters for each cloud:
+    - config_username
+    - config_password
+    - config_project_name
+    - config_region_name
+    - config_auth_url
+    - config_project_domain_id (optional, defaults to 'default')
+    - config_user_domain_id (optional, defaults to 'default')
 
-Additionally, two optional variables exist, which when not defined
+Alternatively, for backward compatibility, the role can accept the above
-default to "default":
+`config_*` variables directly, but this is deprecated.
+In this case, a single cloud named 'bifrost' will be written.
 
-- config_project_domain_id
+The resulting clouds.yaml file will be created at
-- config_user_domain_id
-
-The resulting clouds.yaml file, will be created at
 ~{{user}}/.config/openstack/clouds.yaml.
+If several sets of cloud settings are written, they will be sorted by
+cloud name, in case-insensitive order.
 
 Notes
 -----
@@ -51,12 +56,20 @@ Example Playbook
   gather_facts: no
   roles:
     - role: bifrost-keystone-client-config
-      config_username: username
-      config_password: password
-      config_project_name: baremetal
-      config_region_name: RegionOne
-      config_auth_url: http://localhost:5000/v2.0/
       user: joe
+      clouds:
+        local-cloud-user:
+          config_username: username
+          config_password: password
+          config_project_name: baremetal
+          config_region_name: RegionOne
+          config_auth_url: http://localhost:5000
+        local-cloud-admin:
+          config_username: admin
+          config_password: verysecretpassword
+          config_project_name: admin
+          config_region_name: RegionOne
+          config_auth_url: http://localhost:5000
 
 License
 -------

playbooks/roles/bifrost-keystone-client-config/tasks/main.yml

@@ -11,6 +11,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+- name: redefine cloud settings vars for backward compat
+  set_fact:
+    clouds:
+      bifrost:
+        config_username: "{{ config_username }}"
+        config_password: "{{ config_password }}"
+        config_project_name: "{{ config_project_name }}"
+        config_region_name: "{{ config_region_name }}"
+        config_auth_url: "{{ config_auth_url}}"
+        config_project_domain_id: "{{ config_project_domain_id|default('default') }}"
+        config_user_domain_id: "{{ config_user_domain_id|default('default') }}"
+  when:
+    - "{{ clouds is undefined }}"
+    - "{{ config_username is defined }}"
+    - "{{ config_password is defined }}"
+    - "{{ config_project_name is defined }}"
+    - "{{ config_region_name is defined }}"
+    - "{{ config_auth_url is defined }}"
+
 - name: "Ensure the ~/.config/openstack/ exists"
   file:
     name: "~{{ user | default('root') }}/.config/openstack"

playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2

@@ -1,12 +1,14 @@
 # WARNING: This file is managed by bifrost.
 clouds:
-  bifrost:
+{% for cloud in clouds | default({}) | dictsort %}
-    region_name: {{ config_region_name }}
+  {{ cloud.0 }}:
+    region_name: {{ cloud.1.config_region_name }}
     auth:
-      username: {{ config_username }}
+      username: {{ cloud.1.config_username }}
-      password: {{ config_password }}
+      password: {{ cloud.1.config_password }}
-      project_name: {{ config_project_name }}
+      project_name: {{ cloud.1.config_project_name }}
-      auth_url: {{ config_auth_url }}
+      auth_url: {{ cloud.1.config_auth_url }}
-      project_domain_id: "{{ config_project_domain_id | default('default') }}"
+      project_domain_id: "{{ cloud.1.config_project_domain_id | default('default') }}"
-      user_domain_id: "{{ config_user_domain_id | default('default') }}"
+      user_domain_id: "{{ cloud.1.config_user_domain_id | default('default') }}"
     identity_api_version: "3"
+{% endfor %}

playbooks/test-bifrost.yaml

@@ -78,7 +78,16 @@
     # the ramdisk which causes ramdisk-image-create to believe it failed.
     - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_os_release: "jessie", dib_elements: "ironic-agent {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true }
     - { role: bifrost-create-dib-image, dib_imagetype: "qcow2", dib_imagename: "{{deploy_image}}", dib_os_element: "debian", dib_os_release: "jessie", dib_elements: "vm serial-console simple-init {{ extra_dib_elements|default('') }}", when: create_image_via_dib | bool == true and transform_boot_image | bool == false }
-    - { role: bifrost-keystone-client-config, config_username: "{{ ironic.keystone.default_username }}", config_password: "{{ ironic.keystone.default_password }}", config_project_name: "baremetal", config_region_name: "{{ keystone.bootstrap.region_name }}", config_auth_url: "{{ keystone.bootstrap.public_url }}", user: "{{ ansible_env.SUDO_USER }}", when: enable_keystone is defined and enable_keystone | bool == true }
+    - role: bifrost-keystone-client-config
+      user: "{{ ansible_env.SUDO_USER }}"
+      clouds:
+        bifrost:
+          config_username: "{{ ironic.keystone.default_username }}"
+          config_password: "{{ ironic.keystone.default_password }}"
+          config_project_name: "baremetal"
+          config_region_name: "{{ keystone.bootstrap.region_name }}"
+          config_auth_url: "{{ keystone.bootstrap.public_url }}"
+      when: "{{ enable_keystone is defined and enable_keystone | bool == true }}"
   environment:
     http_proxy: "{{ lookup('env','http_proxy') }}"
     https_proxy: "{{ lookup('env','https_proxy') }}"

releasenotes/notes/more-clouds-7c0fccf5701918d7.yaml

@@ -0,0 +1,21 @@
+---
+features:
+  - |
+    'bifrost-keystone-client-config' role can now write 'clouds.yaml' file
+    with several clouds settings. It starts to accept a single compound
+    variable 'clouds' that should contain a dict of
+    '<cloud-name>:<dict-of-cloud-settings>'.
+    Previous way of passing 'config_*' vars to the role is supported for
+    backward compatibility but is deprecated.
+
+    In addition to previous 'bifrost' cloud, the default 'install.yaml'
+    playbook now also writes 'bifrost-admin' cloud settings that contain
+    Keystone admin credentials so that when installed, the Keystone service
+    is fully usable right away (users/projects etc can be managed).
+
+deprecations:
+  - |
+    Passing 'config_*' variables defining credentials for 'bifrost'
+    cloud to 'bifrost-keystone-client-config' role is deprecated.
+    Instead a single compound variable named 'clouds' defining sets of
+    settings to be written to 'clouds.yaml' should be passed to that role.