196 lines
6.7 KiB
YAML
196 lines
6.7 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
---
|
|
|
|
# TODO(TheJulia): The user and project domains are hardcoded in this.
|
|
# We should likely address that at some point, however I think a user
|
|
# should be the driver of that work.
|
|
|
|
- name: "Error if credentials are undefined."
|
|
fail:
|
|
msg: |
|
|
Credentials are missing or undefined, unable to proceed.
|
|
Please consult roled defaults/main.yml.
|
|
when: >
|
|
keystone is undefined or keystone.bootstrap is undefined or
|
|
keystone.bootstrap.username is undefined or
|
|
keystone.bootstrap.password is undefined or
|
|
keystone.bootstrap.project_name is undefined or
|
|
ironic.service_catalog.auth_url is undefined or
|
|
ironic.service_catalog.username is undefined or
|
|
ironic.service_catalog.password is undefined or
|
|
ironic.service_catalog.project_name is undefined or
|
|
ironic.keystone is undefined or
|
|
ironic.keystone.default_username is undefined or
|
|
ironic.keystone.default_password is undefined
|
|
|
|
- name: "Configure keystone auth"
|
|
set_fact:
|
|
keystone_auth:
|
|
auth_url: "{{ ironic.service_catalog.auth_url | default(keystone_api_url) }}"
|
|
username: "{{ keystone.bootstrap.username }}"
|
|
password: "{{ keystone.bootstrap.password }}"
|
|
project_name: "{{ keystone.bootstrap.project_name | default('admin') }}"
|
|
project_domain_id: "default"
|
|
user_domain_id: "default"
|
|
no_log: true
|
|
|
|
- name: "Ensure service project is present"
|
|
openstack.cloud.project:
|
|
name: "{{ ironic.service_catalog.project_name }}"
|
|
state: present
|
|
description: "Service Project"
|
|
domain_id: "default"
|
|
enabled: yes
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Create service user for ironic"
|
|
openstack.cloud.identity_user:
|
|
name: "{{ ironic.service_catalog.username }}"
|
|
password: "{{ ironic.service_catalog.password }}"
|
|
state: present
|
|
domain: "default"
|
|
default_project: "{{ ironic.service_catalog.project_name }}"
|
|
auth: "{{ keystone_auth }}"
|
|
update_password: always
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Associate ironic user to admin role"
|
|
openstack.cloud.role_assignment:
|
|
user: "{{ ironic.service_catalog.username }}"
|
|
role: "admin"
|
|
project: "{{ ironic.service_catalog.project_name }}"
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Create keystone service record for ironic"
|
|
openstack.cloud.catalog_service:
|
|
state: present
|
|
name: "ironic"
|
|
service_type: "baremetal"
|
|
description: OpenStack Baremetal Service
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
register: baremetal_catalog_service
|
|
no_log: true
|
|
|
|
- name: "Create ironic admin endpoint"
|
|
openstack.cloud.endpoint:
|
|
state: present
|
|
service: "{{ baremetal_catalog_service.id }}"
|
|
endpoint_interface: admin
|
|
url: "{{ ironic.keystone.admin_url | default(ironic_api_url) }}"
|
|
region: "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
no_log: true
|
|
environment: "{{ bifrost_venv_env }}"
|
|
|
|
- name: "Setting external Ironic public URL"
|
|
set_fact:
|
|
ironic_public_url: "{{ api_protocol }}://{{ public_ip }}:6385/"
|
|
when: public_ip is defined
|
|
|
|
- name: "Create ironic public endpoint"
|
|
openstack.cloud.endpoint:
|
|
state: present
|
|
service: "{{ baremetal_catalog_service.id }}"
|
|
endpoint_interface: public
|
|
url: "{{ ironic.keystone.public_url | default(ironic_public_url) | default(ironic_api_url) }}"
|
|
region: "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
no_log: true
|
|
environment: "{{ bifrost_venv_env }}"
|
|
|
|
- name: "Setting internal Ironic URL"
|
|
set_fact:
|
|
ironic_private_url: "{{ api_protocol }}://{{ private_ip }}:6385/"
|
|
when: private_ip is defined and private_ip | length > 0
|
|
|
|
- name: "Create ironic internal endpoint"
|
|
openstack.cloud.endpoint:
|
|
state: present
|
|
service: "{{ baremetal_catalog_service.id }}"
|
|
endpoint_interface: internal
|
|
url: "{{ ironic.keystone.internal_url | default(ironic_private_url) | default(ironic_api_url) }}"
|
|
region: "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
no_log: true
|
|
environment: "{{ bifrost_venv_env }}"
|
|
|
|
- name: "Create baremetal_admin role"
|
|
openstack.cloud.identity_role:
|
|
name: "baremetal_admin"
|
|
state: present
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Create baremetal_observer role"
|
|
openstack.cloud.identity_role:
|
|
name: "baremetal_observer"
|
|
state: present
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Create baremetal project"
|
|
os_project:
|
|
name: "baremetal"
|
|
state: present
|
|
description: "Baremetal Project"
|
|
domain_id: "default"
|
|
enabled: yes
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Create bifrost user"
|
|
openstack.cloud.identity_user:
|
|
name: "{{ ironic.keystone.default_username }}"
|
|
password: "{{ ironic.keystone.default_password }}"
|
|
default_project: "baremetal"
|
|
domain: "default"
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Associate bifrost user with baremetal_admin"
|
|
openstack.cloud.role_assignment:
|
|
user: "{{ ironic.keystone.default_username }}"
|
|
role: "baremetal_admin"
|
|
project: "baremetal"
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|