service_setup: Update services tasks

During distribution of service_setup.yml it appeared that some services have extra requirments and usecases. So this patch updated service_setup and brings it into accordance across the roles. Change-Id: I6ece609161f6252ce5a0ddb48d1e66247049d675
2019-07-29 14:57:27 +03:00 · 2019-07-29 14:57:27 +03:00 · 95c7620009
commit 95c7620009
parent c148d77e29
2 changed files with 39 additions and 29 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -145,12 +145,13 @@
    _service_in_ldap: "{{ cinder_service_in_ldap }}"
    _service_setup_host: "{{ cinder_service_setup_host }}"
    _service_setup_host_python_interpreter: "{{ cinder_service_setup_host_python_interpreter }}"
-    _service_user_name: "{{ cinder_service_user_name }}"
-    _service_user_password: "{{ cinder_service_password }}"
    _service_project_name: "{{ cinder_service_project_name }}"
-    _service_role_name: "{{ cinder_service_role_name }}"
    _service_endpoints: "{{ cinder_service_endpoints }}"
    _service_catalog: "{{ cinder_service_catalog }}"
+    _service_users:
+      - name: "{{ cinder_service_user_name }}"
+        password: "{{ cinder_service_password }}"
+        role: "{{ cinder_service_role_name }}"
  when:
    - "groups['cinder_api'] | length > 0"
    - "cinder_services['cinder-api']['group'] in group_names"
--- a/tasks/service_setup.yml
+++ b/tasks/service_setup.yml
@ -1,5 +1,5 @@
 ---
-# Copyright 2014, Rackspace US, Inc.
+# Copyright 2019, VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -39,10 +39,10 @@
        description: "{{ _project_description | default('') }}"
        domain_id: "default"
        endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
      register: add_service
      when:
-        - not _service_in_ldap | bool
+        - not (_service_in_ldap | default(False) | bool)
        - _project_name is defined
      until: add_service is success
      retries: 5
@ -56,7 +56,7 @@
        service_type: "{{ item.type }}"
        description: "{{ item.description | default('') }}"
        endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
      register: add_service
      with_items: "{{ _service_catalog }}"
      when: _service_catalog is defined
@ -64,56 +64,65 @@
      retries: 5
      delay: 10

-    - name: Add default role
+    - name: Add keystone roles
      os_keystone_role:
        cloud: default
        state: present
-        name: "{{ _role_name }}"
+        name: "{{ item.role }}"
        endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
      register: add_service
      when:
-        - not _service_in_ldap | bool
-        - _role_name is defined
+        - not (_service_in_ldap | default(False) | bool)
+        - _service_users is defined
+        - "'role' in item"
+        - (item.condition | default(True)) | bool
      until: add_service is success
+      with_items: "{{ _service_users }}"
      retries: 5
      delay: 10

-    - name: Add service user
+    - name: Add service users
      os_user:
        cloud: default
        state: present
-        name: "{{ _service_user_name }}"
-        password: "{{ _service_user_password }}"
+        name: "{{ item.name }}"
+        password: "{{ item.password }}"
        domain: default
-        default_project: "{{ _service_project_name }}"
+        default_project: "{{ item.project | default(_service_project_name) }}"
        endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
      register: add_service
      when:
-        - not _service_in_ldap | bool
-        - _service_user_name is defined
-        - _service_user_password is defined
+        - not (_service_in_ldap | default(False) | bool)
+        - _service_users is defined
+        - "'name' in item"
+        - "'password' in item"
+        - (item.condition | default(True)) | bool
      until: add_service is success
+      with_items: "{{ _service_users }}"
      retries: 5
      delay: 10
      no_log: True

-    - name: Add service user to admin role
+    - name: Add service users to the role
      os_user_role:
        cloud: default
        state: present
-        user: "{{ _service_user_name }}"
-        role: "{{ _service_role_name }}"
-        project: "{{ _service_project_name }}"
+        user: "{{ item.name }}"
+        role: "{{ item.role }}"
+        project: "{{ item.project | default(_service_project_name) }}"
        endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
      register: add_service
      when:
-        - not _service_in_ldap | bool
-        - _service_user_name is defined
-        - _service_role_name is defined
+        - not (_service_in_ldap | default(False) | bool)
+        - _service_users is defined
+        - "'name' in item"
+        - "'role' in item"
+        - (item.condition | default(True)) | bool
      until: add_service is success
+      with_items: "{{ _service_users }}"
      retries: 5
      delay: 10

@ -126,7 +135,7 @@
        url: "{{ item.url }}"
        region: "{{ _service_region | default('RegionOne') }}"
        endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
      register: add_service
      until: add_service is success
      retries: 5