Generate a public environment file for accessing external APIs as admin

ansible/public-openrc.yml

@@ -0,0 +1,14 @@
+---
+# Generate an environment file for interacting with the public OpenStack APIs
+# as the admin user in the admin project.
+
+- name: Ensure a public OpenStack API environment file exists
+  hosts: config-mgmt
+  vars:
+    external_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}"
+    external_api_vip_address: "{{ external_net_name | net_vip_address }}"
+    external_api_keystone_port: 5000
+  roles:
+    - role: public-openrc
+      public_openrc_kolla_config_path: "{{ kolla_config_path }}"
+      public_openrc_auth_url: "{{ external_api_proto }}://{{ external_api_vip_address }}:{{ external_api_keystone_port }}"

ansible/roles/public-openrc/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# Path to kolla configuration directory.
+public_openrc_kolla_config_path:
+
+# URL of public keystone API to use for authentication.
+public_openrc_auth_url:

ansible/roles/public-openrc/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Read the admin OpenStack API environment file
+  slurp:
+    src: "{{ kolla_config_path }}/admin-openrc.sh"
+  register: admin_openrc
+
+- name: Ensure a public OpenStack API environment file exists
+  template:
+    src: public-openrc.sh.j2
+    dest: "{{ public_openrc_kolla_config_path }}/public-openrc.sh"

ansible/roles/public-openrc/templates/public-openrc.sh.j2

@@ -0,0 +1,11 @@
+# {{ ansible_managed }}
+
+{% for line in (admin_openrc.content | b64decode).splitlines() %}
+{% if "export OS_AUTH_URL" in line %}
+export OS_AUTH_URL={{ public_openrc_auth_url }}
+{% elif "export OS_INTERFACE" in line %}
+export OS_INTERFACE=public
+{% else %}
+{{ line }}
+{% endif %}
+{% endfor %}

doc/source/usage.rst

@@ -369,15 +369,22 @@ Interacting with the Control Plane
 ----------------------------------
 
 Kolla-ansible writes out an environment file that can be used to access the
-OpenStack services::
+OpenStack admin endpoints as the admin user::
 
     $ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/admin-openrc.sh
 
+Kayobe also generates an environment file that can be used to access the
+OpenStack public endpoints as the admin user which may be required if the
+admin endpoints are not available from the control host::
+
+    $ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/public-openrc.sh
+
 Performing Post-deployment Configuration
 ----------------------------------------
 
 To perform post deployment configuration of the overcloud services::
 
+    (kayobe-venv) $ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/admin-openrc.sh
     (kayobe-venv) $ kayobe overcloud post configure
 
 This will perform the following tasks:

kayobe/cli/commands.py

@@ -363,6 +363,10 @@ class OvercloudServiceDeploy(KollaAnsibleMixin, KayobeAnsibleMixin, Command):
         extra_vars = {"node_config_directory": parsed_args.kolla_config_path}
         self.run_kolla_ansible_overcloud(parsed_args, "post-deploy",
                                          extra_vars=extra_vars)
+        # Create an environment file for accessing the public API as the admin
+        # user.
+        playbooks = _build_playbook_list("public-openrc")
+        self.run_kayobe_playbooks(parsed_args, playbooks)
 
 
 class OvercloudContainerImagePull(KollaAnsibleMixin, Command):