bifrost/playbooks/roles/bifrost-ironic-install/tasks/keystone_setup_inspector.yml
Andrey Shestakov d6d4dadac5 Fix endpoint service name for inspector
Endpoint for inspector should be assigned to service with name
"baremetal-introspection".

Change-Id: I4a368a8a05a97b11d8fab8cd65f05c1aa71e7df1
2017-01-24 20:21:17 +00:00

205 lines
8.4 KiB
YAML

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
# TODO(TheJulia): The user and project domains are hardcoded in this.
# We should likely address that at some point, however I think a user
# should be the driver of that work.
- name: "Error if credentials are undefined."
fail:
msg: |
Credentials are missing or undefined, unable to proceed.
Please consult roled defaults/main.yml.
when: >
keystone is undefined or keystone.bootstrap is undefined or
keystone.bootstrap.username is undefined or
keystone.bootstrap.password is undefined or
keystone.bootstrap.project_name is undefined or
ironic_inspector.service_catalog.auth_url is undefined or
ironic_inspector.service_catalog.username is undefined or
ironic_inspector.service_catalog.password is undefined or
ironic_inspector.keystone is undefined or
ironic_inspector.keystone.default_username is undefined or
ironic_inspector.keystone.default_password is undefined
- name: "Create service user for ironic-inspector"
os_user:
name: "{{ ironic_inspector.service_catalog.username }}"
password: "{{ ironic_inspector.service_catalog.password }}"
state: present
domain: "default"
default_project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "admin"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment:
OS_IDENTITY_API_VERSION: "3"
no_log: true
- name: "Associate ironic_inspector user to admin role"
os_user_role:
user: "{{ ironic_inspector.service_catalog.username }}"
role: admin
project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
auth:
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "admin"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment:
OS_IDENTITY_API_VERSION: "3"
no_log: true
- name: "Create keystone service record for ironic-inspector"
os_keystone_service:
state: present
name: ironic-inspector
service_type: baremetal-introspection
description: OpenStack Baremetal Introspection Service
auth:
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: "admin"
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment:
OS_IDENTITY_API_VERSION: "3"
no_log: true
- name: "Check ironic-inspector admin endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint list -f json --noindent --service baremetal-introspection --interface admin
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_inspector_admin_endpoint
- name: "Check ironic-inspector public endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint list -f json --noindent --service baremetal-introspection --interface public
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_inspector_public_endpoint
- name: "Check ironic-inspector internal endpoint exists"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint list -f json --noindent --service baremetal-introspection --interface internal
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
no_log: true
register: test_ironic_inspector_internal_endpoint
- name: "Create ironic-inspector admin endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal-introspection admin "{{ ironic_inspector.keystone.admin_url | default('http://127.0.0.1:5050/') }}"
no_log: true
when: test_ironic_inspector_admin_endpoint.rc != 0 or test_ironic_inspector_admin_endpoint.stdout == '[]'
# NOTE(TheJulia): This seems like something that should be
# to admin or internal interfaces. Perhaps we should attempt
# remove it after we have a working keystone integrated CI job.
- name: "Create ironic-inspector public endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal-introspection public "{{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') }}"
no_log: true
when: test_ironic_inspector_public_endpoint.rc != 0 or test_ironic_inspector_public_endpoint.stdout == '[]'
- name: "Create ironic-inspector internal endpoint"
command: |
openstack
--os-identity-api-version 3
--os-username "{{ keystone.bootstrap.username }}"
--os-password "{{ keystone.bootstrap.password }}"
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
--os-project-name admin
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
baremetal-introspection internal "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') }}"
no_log: true
when: test_ironic_inspector_internal_endpoint.rc != 0 or test_ironic_inspector_internal_endpoint.stdout == '[]'
- name: "Create inspector_user user"
os_user:
name: "{{ ironic_inspector.keystone.default_username }}"
password: "{{ ironic_inspector.keystone.default_password }}"
default_project: "baremetal"
domain: "default"
auth:
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: admin
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment:
OS_IDENTITY_API_VERSION: "3"
no_log: true
- name: "Associate inspector_user with baremetal_admin"
os_user_role:
user: "{{ ironic_inspector.keystone.default_username }}"
role: "baremetal_admin"
project: baremetal
auth:
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
username: "{{ keystone.bootstrap.username }}"
password: "{{ keystone.bootstrap.password }}"
project_name: admin
project_domain_id: "default"
user_domain_id: "default"
wait: yes
environment:
OS_IDENTITY_API_VERSION: "3"
no_log: true