openstack/bifrost
Code Issues Proposed changes
bifrost/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml
Markos Chandras beb4e60614 playbooks: Convert venv_python_path to proper role 
The venv_python_path tasks were in the roles directroy but we were
including it as a normal file with a list of tasks so it was not really
an Ansible role. This does not work well when we use the Bifrost roles
outside of bifrost since Ansible does not know where to find this file
for inclusion. Our best chance is to convert it to a simple role which
can be statically imported.

Change-Id: I82fdfe48f9f2eb631165ab630157bc378ddc631d
2018-10-17 11:04:47 +01:00

224 lines
9.5 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# TODO(TheJulia): The user and project domains are hardcoded in this.
# We should likely address that at some point, however I think a user
# should be the driver of that work.
- name: "Initialize default venv"
set_fact:
venv:
OS_IDENTITY_API_VERSION: "3"
- name: "Error if credentials are undefined."
fail:
msg: |
Credentials are missing or undefined, unable to proceed.
Please consult roled defaults/main.yml.
when: >
keystone is undefined or keystone.bootstrap is undefined or
keystone.bootstrap.username is undefined or
keystone.bootstrap.password is undefined or
keystone.bootstrap.project_name is undefined or
ironic_inspector.service_catalog.auth_url is undefined or
ironic_inspector.service_catalog.username is undefined or
ironic_inspector.service_catalog.password is undefined or
ironic_inspector.keystone is undefined or
ironic_inspector.keystone.default_username is undefined or
ironic_inspector.keystone.default_password is undefined
- import_role:
name: venv_python_path
- name: "Create service user for ironic-inspector"
os_user:
name: "{{ ironic_inspector.service_catalog.username }}"
password: "{{ ironic_inspector.service_catalog.password }}"
state: present
domain: "default"
default_project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "admin"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Associate ironic_inspector user to admin role"
os_user_role:
user: "{{ ironic_inspector.service_catalog.username }}"
role: admin
project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
auth:
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "admin"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Create keystone service record for ironic-inspector"
os_keystone_service:
state: present
name: ironic-inspector
service_type: baremetal-introspection
description: OpenStack Baremetal Introspection Service
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "admin"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Check ironic-inspector admin endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint list -f json --noindent --service baremetal-introspection --interface admin
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_inspector_admin_endpoint
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
- name: "Check ironic-inspector public endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint list -f json --noindent --service baremetal-introspection --interface public
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_inspector_public_endpoint
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
- name: "Check ironic-inspector internal endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint list -f json --noindent --service baremetal-introspection --interface internal
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_inspector_internal_endpoint
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
- name: "Create ironic-inspector admin endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal-introspection admin "{{ ironic_inspector.keystone.admin_url | default('http://127.0.0.1:5050/') }}"
no_log: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
when: test_ironic_inspector_admin_endpoint.rc != 0 or test_ironic_inspector_admin_endpoint.stdout == '[]'
- name: "Setting external ironic-inspector public URL"
set_fact:
ironic_inspector_public_url: "{{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') | replace('127.0.0.1', public_ip | default(hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'])) }}"
when: use_public_urls | default(false) | bool
# NOTE(TheJulia): This seems like something that should be
# to admin or internal interfaces. Perhaps we should attempt
# remove it after we have a working keystone integrated CI job.
- name: "Create ironic-inspector public endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal-introspection public "{{ ironic_inspector_public_url | default(ironic_inspector.keystone.public_url) | default('http://127.0.0.1:5050/') }}"
no_log: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
when: test_ironic_inspector_public_endpoint.rc != 0 or test_ironic_inspector_public_endpoint.stdout == '[]'
- name: "Setting internal ironic-inspector URL"
set_fact:
ironic_inspector_private_url: "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') | replace('127.0.0.1', private_ip) }}"
when: private_ip is defined and private_ip | length > 0
- name: "Create ironic-inspector internal endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal-introspection internal "{{ ironic_inspector_private_url | default(ironic_inspector.keystone.internal_url) | default('http://127.0.0.1:5050/') }}"
no_log: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
when: test_ironic_inspector_internal_endpoint.rc != 0 or test_ironic_inspector_internal_endpoint.stdout == '[]'
- name: "Create inspector_user user"
os_user:
name: "{{ ironic_inspector.keystone.default_username }}"
password: "{{ ironic_inspector.keystone.default_password }}"
default_project: "baremetal"
domain: "default"
auth:
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: admin
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Associate inspector_user with baremetal_admin"
os_user_role:
user: "{{ ironic_inspector.keystone.default_username }}"
role: "baremetal_admin"
project: baremetal
auth:
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: admin
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
View Git Blame Copy Permalink