openstack/bifrost
Code Issues Proposed changes
bifrost/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup.yml
Markos Chandras beb4e60614 playbooks: Convert venv_python_path to proper role 
The venv_python_path tasks were in the roles directroy but we were
including it as a normal file with a list of tasks so it was not really
an Ansible role. This does not work well when we use the Bifrost roles
outside of bifrost since Ansible does not know where to find this file
for inclusion. Our best chance is to convert it to a simple role which
can be statically imported.

Change-Id: I82fdfe48f9f2eb631165ab630157bc378ddc631d
2018-10-17 11:04:47 +01:00

287 lines
12 KiB
YAML
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# TODO(TheJulia): The user and project domains are hardcoded in this.
# We should likely address that at some point, however I think a user
# should be the driver of that work.
- name: "Initialize default venv"
set_fact:
venv:
OS_IDENTITY_API_VERSION: "3"
- name: "Error if credentials are undefined."
fail:
msg: |
Credentials are missing or undefined, unable to proceed.
Please consult roled defaults/main.yml.
when: >
keystone is undefined or keystone.bootstrap is undefined or
keystone.bootstrap.username is undefined or
keystone.bootstrap.password is undefined or
keystone.bootstrap.project_name is undefined or
ironic.service_catalog.auth_url is undefined or
ironic.service_catalog.username is undefined or
ironic.service_catalog.password is undefined or
ironic.service_catalog.project_name is undefined or
ironic.keystone is undefined or
ironic.keystone.default_username is undefined or
ironic.keystone.default_password is undefined
- import_role:
name: venv_python_path
- name: "Ensure service project is present"
os_project:
name: "{{ ironic.service_catalog.project_name }}"
state: present
description: "Service Project"
domain_id: "default"
enabled: yes
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}/"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
environment: "{{ venv }}"
no_log: true
- name: "Create service user for ironic"
os_user:
name: "{{ ironic.service_catalog.username }}"
password: "{{ ironic.service_catalog.password }}"
state: present
domain: "default"
default_project: "{{ ironic.service_catalog.project_name }}"
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Associate ironic user to admin role"
os_user_role:
user: "{{ ironic.service_catalog.username }}"
role: "admin"
project: "{{ ironic.service_catalog.project_name }}"
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Create keystone service record for ironic"
os_keystone_service:
state: present
name: "ironic"
service_type: "baremetal"
description: OpenStack Baremetal Service
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Check ironic admin endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
endpoint list -f json --noindent --service baremetal --interface admin
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_admin_endpoint
ignore_errors: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
- name: "Check ironic public endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
endpoint list -f json --noindent --service baremetal --interface public
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_public_endpoint
ignore_errors: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
- name: "Check ironic internal endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
endpoint list -f json --noindent --service baremetal --interface internal
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_internal_endpoint
ignore_errors: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
- name: "Create ironic admin endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal admin "{{ ironic.keystone.admin_url | default('http://127.0.0.1:6385/') }}"
no_log: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
when: test_ironic_admin_endpoint.rc != 0 or test_ironic_admin_endpoint.stdout == '[]'
- name: "Setting external Ironic public URL"
set_fact:
ironic_public_url: "{{ ironic.keystone.public_url | default('http://127.0.0.1:6385/') | replace('127.0.0.1', public_ip | default(hostvars[inventory_hostname]['ansible_' + ans_network_interface]['ipv4']['address'])) }}"
when: use_public_urls | default(false) | bool
- name: "Create ironic public endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal public "{{ ironic_public_url | default(ironic.keystone.public_url) | default('http://127.0.0.1:6385/') }}"
no_log: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
when: test_ironic_public_endpoint.rc != 0 or test_ironic_public_endpoint.stdout == '[]'
- name: "Setting internal Ironic URL"
set_fact:
ironic_private_url: "{{ ironic.keystone.internal_url | default('http://127.0.0.1:6385/') | replace('127.0.0.1', private_ip) }}"
when: private_ip is defined and private_ip | length > 0
- name: "Create ironic internal endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name "{{ keystone.bootstrap.project_name | default('admin') }}"
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal internal "{{ ironic_private_url | default(ironic.keystone.internal_url) | default('http://127.0.0.1:6385/') }}"
no_log: true
environment: "{{ bifrost_venv_env if enable_venv else {} }}"
when: test_ironic_internal_endpoint.rc != 0 or test_ironic_internal_endpoint.stdout == '[]'
- name: "Create baremetal_admin role"
os_keystone_role:
name: "baremetal_admin"
state: present
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
environment: "{{ venv }}"
no_log: true
- name: "Create baremetal_observer role"
os_keystone_role:
name: "baremetal_observer"
state: present
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
environment: "{{ venv }}"
no_log: true
- name: "Create baremetal project"
os_project:
name: "baremetal"
state: present
description: "Baremetal Project"
domain_id: "default"
enabled: yes
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
environment: "{{ venv }}"
no_log: true
- name: "Create bifrost user"
os_user:
name: "{{ ironic.keystone.default_username }}"
password: "{{ ironic.keystone.default_password }}"
default_project: "baremetal"
domain: "default"
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
- name: "Associate bifrost user with baremetal_admin"
os_user_role:
user: "{{ ironic.keystone.default_username }}"
role: "baremetal_admin"
project: "baremetal"
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment: "{{ venv }}"
no_log: true
View Git Blame Copy Permalink