# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. --- # TODO(TheJulia): The user and project domains are hardcoded in this. # We should likely address that at some point, however I think a user # should be the driver of that work. - name: "Error if credentials are undefined." fail: msg: | Credentials are missing or undefined, unable to proceed. Please consult roled defaults/main.yml. when: > keystone is undefined or keystone.bootstrap is undefined or keystone.bootstrap.username is undefined or keystone.bootstrap.password is undefined or keystone.bootstrap.project_name is undefined or ironic_inspector.service_catalog.auth_url is undefined or ironic_inspector.service_catalog.username is undefined or ironic_inspector.service_catalog.password is undefined or ironic_inspector.keystone is undefined or ironic_inspector.keystone.default_username is undefined or ironic_inspector.keystone.default_password is undefined - name: "Create service user for ironic-inspector" os_user: name: "{{ ironic_inspector.service_catalog.username }}" password: "{{ ironic_inspector.service_catalog.password }}" state: present domain: "default" default_project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}" auth: auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" username: "{{ keystone.bootstrap.username }}" password: "{{ keystone.bootstrap.password }}" project_name: "admin" project_domain_id: "default" user_domain_id: "default" wait: yes environment: OS_IDENTITY_API_VERSION: "3" no_log: true - name: "Associate ironic_inspector user to admin role" os_user_role: user: "{{ ironic_inspector.service_catalog.username }}" role: admin project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}" auth: auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" username: "{{ keystone.bootstrap.username }}" password: "{{ keystone.bootstrap.password }}" project_name: "admin" project_domain_id: "default" user_domain_id: "default" wait: yes environment: OS_IDENTITY_API_VERSION: "3" no_log: true - name: "Create keystone service record for ironic-inspector" os_keystone_service: state: present name: ironic-inspector service_type: baremetal-introspection description: OpenStack Baremetal Introspection Service auth: auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" username: "{{ keystone.bootstrap.username }}" password: "{{ keystone.bootstrap.password }}" project_name: "admin" project_domain_id: "default" user_domain_id: "default" wait: yes environment: OS_IDENTITY_API_VERSION: "3" no_log: true - name: "Check ironic-inspector admin endpoint exists" command: | openstack --os-identity-api-version 3 --os-username "{{ keystone.bootstrap.username }}" --os-password "{{ keystone.bootstrap.password }}" --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name admin endpoint list -f json --noindent --service baremetal-introspection --interface admin --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" no_log: true register: test_ironic_inspector_admin_endpoint - name: "Check ironic-inspector public endpoint exists" command: | openstack --os-identity-api-version 3 --os-username "{{ keystone.bootstrap.username }}" --os-password "{{ keystone.bootstrap.password }}" --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name admin endpoint list -f json --noindent --service baremetal-introspection --interface public --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" no_log: true register: test_ironic_inspector_public_endpoint - name: "Check ironic-inspector internal endpoint exists" command: | openstack --os-identity-api-version 3 --os-username "{{ keystone.bootstrap.username }}" --os-password "{{ keystone.bootstrap.password }}" --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name admin endpoint list -f json --noindent --service baremetal-introspection --interface internal --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" no_log: true register: test_ironic_inspector_internal_endpoint - name: "Create ironic-inspector admin endpoint" command: | openstack --os-identity-api-version 3 --os-username "{{ keystone.bootstrap.username }}" --os-password "{{ keystone.bootstrap.password }}" --os-auth-url "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name admin endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" baremetal-introspection admin "{{ ironic_inspector.keystone.admin_url | default('http://127.0.0.1:5050/') }}" no_log: true when: test_ironic_inspector_admin_endpoint.rc != 0 or test_ironic_inspector_admin_endpoint.stdout == '[]' # NOTE(TheJulia): This seems like something that should be # to admin or internal interfaces. Perhaps we should attempt # remove it after we have a working keystone integrated CI job. - name: "Create ironic-inspector public endpoint" command: | openstack --os-identity-api-version 3 --os-username "{{ keystone.bootstrap.username }}" --os-password "{{ keystone.bootstrap.password }}" --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name admin endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" baremetal-introspection public "{{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') }}" no_log: true when: test_ironic_inspector_public_endpoint.rc != 0 or test_ironic_inspector_public_endpoint.stdout == '[]' - name: "Create ironic-inspector internal endpoint" command: | openstack --os-identity-api-version 3 --os-username "{{ keystone.bootstrap.username }}" --os-password "{{ keystone.bootstrap.password }}" --os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" --os-project-name admin endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}" baremetal-introspection internal "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') }}" no_log: true when: test_ironic_inspector_internal_endpoint.rc != 0 or test_ironic_inspector_internal_endpoint.stdout == '[]' - name: "Create inspector_user user" os_user: name: "{{ ironic_inspector.keystone.default_username }}" password: "{{ ironic_inspector.keystone.default_password }}" default_project: "baremetal" domain: "default" auth: auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" username: "{{ keystone.bootstrap.username }}" password: "{{ keystone.bootstrap.password }}" project_name: admin project_domain_id: "default" user_domain_id: "default" wait: yes environment: OS_IDENTITY_API_VERSION: "3" no_log: true - name: "Associate inspector_user with baremetal_admin" os_user_role: user: "{{ ironic_inspector.keystone.default_username }}" role: "baremetal_admin" project: baremetal auth: auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}" username: "{{ keystone.bootstrap.username }}" password: "{{ keystone.bootstrap.password }}" project_name: admin project_domain_id: "default" user_domain_id: "default" wait: yes environment: OS_IDENTITY_API_VERSION: "3" no_log: true