Merge "Template system scoped admin-openrc and clouds.yml files"

ansible/post-deploy.yml

@@ -32,6 +32,15 @@
         group: "{{ ansible_facts.user_gid }}"
         mode: 0600
 
+    - name: Template out admin-openrc-system.sh
+      become: true
+      template:
+        src: "roles/common/templates/admin-openrc-system.sh.j2"
+        dest: "{{ node_config }}/admin-openrc-system.sh"
+        owner: "{{ ansible_facts.user_uid }}"
+        group: "{{ ansible_facts.user_gid }}"
+        mode: 0600
+
     - name: Template out public-openrc.sh
       become: true
       template:

ansible/roles/common/templates/admin-openrc-system.sh.j2

@@ -0,0 +1,23 @@
+# {{ ansible_managed }}
+
+# Clear any old environment that may conflict.
+for key in $( set | awk '{FS="="}  /^OS_/ {print $1}' ); do unset $key ; done
+export OS_USER_DOMAIN_NAME='Default'
+export OS_SYSTEM_SCOPE=all
+export OS_USERNAME='{{ keystone_admin_user }}'
+export OS_PASSWORD='{{ keystone_admin_password }}'
+export OS_AUTH_URL='{{ keystone_internal_url }}'
+export OS_INTERFACE='internal'
+export OS_ENDPOINT_TYPE='internalURL'
+{% if enable_manila | bool %}
+export OS_MANILA_ENDPOINT_TYPE='internalURL'
+{% endif %}
+{% if enable_mistral | bool %}
+export OS_MISTRAL_ENDPOINT_TYPE='internalURL'
+{% endif %}
+export OS_IDENTITY_API_VERSION='3'
+export OS_REGION_NAME='{{ openstack_region_name }}'
+export OS_AUTH_PLUGIN='password'
+{% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
+export OS_CACERT='{{ kolla_admin_openrc_cacert }}'
+{% endif %}

ansible/roles/common/templates/clouds.yaml.j2

@@ -10,6 +10,17 @@ clouds:
     region_name: {{ openstack_region_name }}
 {% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
     cacert: {{ kolla_admin_openrc_cacert }}
+{% endif %}
+  kolla-admin-system:
+    auth:
+      auth_url: {{ keystone_public_url }}
+      user_domain_name: Default
+      system_scope: all
+      username: {{ keystone_admin_user }}
+      password: {{ keystone_admin_password }}
+    region_name: {{ openstack_region_name }}
+{% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
+    cacert: {{ kolla_admin_openrc_cacert }}
 {% endif %}
   kolla-admin-internal:
     auth:
@@ -23,4 +34,16 @@ clouds:
     region_name: {{ openstack_region_name }}
 {% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
     cacert: {{ kolla_admin_openrc_cacert }}
+{% endif %}
+  kolla-admin-system-internal:
+    auth:
+      auth_url: {{ keystone_internal_url }}
+      user_domain_name: Default
+      system_scope: all
+      username: {{ keystone_admin_user }}
+      password: {{ keystone_admin_password }}
+    interface: internal
+    region_name: {{ openstack_region_name }}
+{% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
+    cacert: {{ kolla_admin_openrc_cacert }}
 {% endif %}

tests/check-config.sh

@@ -23,6 +23,7 @@ function check_config {
                 -not -path /etc/kolla \
                 -not -path /etc/kolla/clouds.yaml \
                 -not -regex .*-openrc.sh \
+                -not -regex .*-openrc-system.sh \
                 -not -name globals.yml \
                 -not -name header \
                 -not -name inventory \

tests/test-ironic.sh

@@ -9,14 +9,16 @@ export PYTHONUNBUFFERED=1
 
 function test_ironic_logged {
     # Assumes init-runonce has been executed.
-    . /etc/kolla/admin-openrc.sh
+    KOLLA_CONFIG_PATH=${KOLLA_CONFIG_PATH:-/etc/kolla}
+    export OS_CLIENT_CONFIG_FILE=${KOLLA_CONFIG_PATH}/clouds.yaml
+    export OS_CLOUD=kolla-admin-internal
     . ~/openstackclient-venv/bin/activate
 
     echo "Enabling DHCP on the external (\"public\") subnet"
     openstack subnet set --dhcp public1-subnet
 
     # Smoke test ironic API.
-    openstack baremetal driver list
+    openstack --os-cloud kolla-admin-system-internal baremetal driver list
     openstack baremetal node list
     openstack baremetal port list
     # Ironic Inspector API