d6d4dadac5
Endpoint for inspector should be assigned to service with name "baremetal-introspection". Change-Id: I4a368a8a05a97b11d8fab8cd65f05c1aa71e7df1
205 lines
8.4 KiB
YAML
205 lines
8.4 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
---
|
|
|
|
# TODO(TheJulia): The user and project domains are hardcoded in this.
|
|
# We should likely address that at some point, however I think a user
|
|
# should be the driver of that work.
|
|
|
|
- name: "Error if credentials are undefined."
|
|
fail:
|
|
msg: |
|
|
Credentials are missing or undefined, unable to proceed.
|
|
Please consult roled defaults/main.yml.
|
|
when: >
|
|
keystone is undefined or keystone.bootstrap is undefined or
|
|
keystone.bootstrap.username is undefined or
|
|
keystone.bootstrap.password is undefined or
|
|
keystone.bootstrap.project_name is undefined or
|
|
ironic_inspector.service_catalog.auth_url is undefined or
|
|
ironic_inspector.service_catalog.username is undefined or
|
|
ironic_inspector.service_catalog.password is undefined or
|
|
ironic_inspector.keystone is undefined or
|
|
ironic_inspector.keystone.default_username is undefined or
|
|
ironic_inspector.keystone.default_password is undefined
|
|
|
|
- name: "Create service user for ironic-inspector"
|
|
os_user:
|
|
name: "{{ ironic_inspector.service_catalog.username }}"
|
|
password: "{{ ironic_inspector.service_catalog.password }}"
|
|
state: present
|
|
domain: "default"
|
|
default_project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
|
|
auth:
|
|
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
username: "{{ keystone.bootstrap.username }}"
|
|
password: "{{ keystone.bootstrap.password }}"
|
|
project_name: "admin"
|
|
project_domain_id: "default"
|
|
user_domain_id: "default"
|
|
wait: yes
|
|
environment:
|
|
OS_IDENTITY_API_VERSION: "3"
|
|
no_log: true
|
|
|
|
- name: "Associate ironic_inspector user to admin role"
|
|
os_user_role:
|
|
user: "{{ ironic_inspector.service_catalog.username }}"
|
|
role: admin
|
|
project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
|
|
auth:
|
|
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
username: "{{ keystone.bootstrap.username }}"
|
|
password: "{{ keystone.bootstrap.password }}"
|
|
project_name: "admin"
|
|
project_domain_id: "default"
|
|
user_domain_id: "default"
|
|
wait: yes
|
|
environment:
|
|
OS_IDENTITY_API_VERSION: "3"
|
|
no_log: true
|
|
|
|
- name: "Create keystone service record for ironic-inspector"
|
|
os_keystone_service:
|
|
state: present
|
|
name: ironic-inspector
|
|
service_type: baremetal-introspection
|
|
description: OpenStack Baremetal Introspection Service
|
|
auth:
|
|
auth_url: "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
username: "{{ keystone.bootstrap.username }}"
|
|
password: "{{ keystone.bootstrap.password }}"
|
|
project_name: "admin"
|
|
project_domain_id: "default"
|
|
user_domain_id: "default"
|
|
wait: yes
|
|
environment:
|
|
OS_IDENTITY_API_VERSION: "3"
|
|
no_log: true
|
|
|
|
- name: "Check ironic-inspector admin endpoint exists"
|
|
command: |
|
|
openstack
|
|
--os-identity-api-version 3
|
|
--os-username "{{ keystone.bootstrap.username }}"
|
|
--os-password "{{ keystone.bootstrap.password }}"
|
|
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
--os-project-name admin
|
|
endpoint list -f json --noindent --service baremetal-introspection --interface admin
|
|
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
no_log: true
|
|
register: test_ironic_inspector_admin_endpoint
|
|
|
|
- name: "Check ironic-inspector public endpoint exists"
|
|
command: |
|
|
openstack
|
|
--os-identity-api-version 3
|
|
--os-username "{{ keystone.bootstrap.username }}"
|
|
--os-password "{{ keystone.bootstrap.password }}"
|
|
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
--os-project-name admin
|
|
endpoint list -f json --noindent --service baremetal-introspection --interface public
|
|
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
no_log: true
|
|
register: test_ironic_inspector_public_endpoint
|
|
|
|
- name: "Check ironic-inspector internal endpoint exists"
|
|
command: |
|
|
openstack
|
|
--os-identity-api-version 3
|
|
--os-username "{{ keystone.bootstrap.username }}"
|
|
--os-password "{{ keystone.bootstrap.password }}"
|
|
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
--os-project-name admin
|
|
endpoint list -f json --noindent --service baremetal-introspection --interface internal
|
|
--region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
no_log: true
|
|
register: test_ironic_inspector_internal_endpoint
|
|
|
|
- name: "Create ironic-inspector admin endpoint"
|
|
command: |
|
|
openstack
|
|
--os-identity-api-version 3
|
|
--os-username "{{ keystone.bootstrap.username }}"
|
|
--os-password "{{ keystone.bootstrap.password }}"
|
|
--os-auth-url "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
--os-project-name admin
|
|
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
baremetal-introspection admin "{{ ironic_inspector.keystone.admin_url | default('http://127.0.0.1:5050/') }}"
|
|
no_log: true
|
|
when: test_ironic_inspector_admin_endpoint.rc != 0 or test_ironic_inspector_admin_endpoint.stdout == '[]'
|
|
|
|
# NOTE(TheJulia): This seems like something that should be
|
|
# to admin or internal interfaces. Perhaps we should attempt
|
|
# remove it after we have a working keystone integrated CI job.
|
|
- name: "Create ironic-inspector public endpoint"
|
|
command: |
|
|
openstack
|
|
--os-identity-api-version 3
|
|
--os-username "{{ keystone.bootstrap.username }}"
|
|
--os-password "{{ keystone.bootstrap.password }}"
|
|
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
--os-project-name admin
|
|
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
baremetal-introspection public "{{ ironic_inspector.keystone.public_url | default('http://127.0.0.1:5050/') }}"
|
|
no_log: true
|
|
when: test_ironic_inspector_public_endpoint.rc != 0 or test_ironic_inspector_public_endpoint.stdout == '[]'
|
|
|
|
- name: "Create ironic-inspector internal endpoint"
|
|
command: |
|
|
openstack
|
|
--os-identity-api-version 3
|
|
--os-username "{{ keystone.bootstrap.username }}"
|
|
--os-password "{{ keystone.bootstrap.password }}"
|
|
--os-auth-url "{{ ironic.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
--os-project-name admin
|
|
endpoint create --region "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
baremetal-introspection internal "{{ ironic_inspector.keystone.internal_url | default('http://127.0.0.1:5050/') }}"
|
|
no_log: true
|
|
when: test_ironic_inspector_internal_endpoint.rc != 0 or test_ironic_inspector_internal_endpoint.stdout == '[]'
|
|
|
|
- name: "Create inspector_user user"
|
|
os_user:
|
|
name: "{{ ironic_inspector.keystone.default_username }}"
|
|
password: "{{ ironic_inspector.keystone.default_password }}"
|
|
default_project: "baremetal"
|
|
domain: "default"
|
|
auth:
|
|
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
username: "{{ keystone.bootstrap.username }}"
|
|
password: "{{ keystone.bootstrap.password }}"
|
|
project_name: admin
|
|
project_domain_id: "default"
|
|
user_domain_id: "default"
|
|
wait: yes
|
|
environment:
|
|
OS_IDENTITY_API_VERSION: "3"
|
|
no_log: true
|
|
|
|
- name: "Associate inspector_user with baremetal_admin"
|
|
os_user_role:
|
|
user: "{{ ironic_inspector.keystone.default_username }}"
|
|
role: "baremetal_admin"
|
|
project: baremetal
|
|
auth:
|
|
auth_url: "{{ ironic_inspector.service_catalog.auth_url | default('http://127.0.0.1:5000/') }}"
|
|
username: "{{ keystone.bootstrap.username }}"
|
|
password: "{{ keystone.bootstrap.password }}"
|
|
project_name: admin
|
|
project_domain_id: "default"
|
|
user_domain_id: "default"
|
|
wait: yes
|
|
environment:
|
|
OS_IDENTITY_API_VERSION: "3"
|
|
no_log: true
|