service_setup: Update services tasks

During distribution of service_setup.yml it appeared that some services
have extra requirments and usecases. So this patch updated service_setup
and brings it into accordance across the roles.

Change-Id: I6ece609161f6252ce5a0ddb48d1e66247049d675

tasks/main.yml

@@ -145,12 +145,13 @@
     _service_in_ldap: "{{ cinder_service_in_ldap }}"
     _service_setup_host: "{{ cinder_service_setup_host }}"
     _service_setup_host_python_interpreter: "{{ cinder_service_setup_host_python_interpreter }}"
-    _service_user_name: "{{ cinder_service_user_name }}"
-    _service_user_password: "{{ cinder_service_password }}"
     _service_project_name: "{{ cinder_service_project_name }}"
-    _service_role_name: "{{ cinder_service_role_name }}"
     _service_endpoints: "{{ cinder_service_endpoints }}"
     _service_catalog: "{{ cinder_service_catalog }}"
+    _service_users:
+      - name: "{{ cinder_service_user_name }}"
+        password: "{{ cinder_service_password }}"
+        role: "{{ cinder_service_role_name }}"
   when:
     - "groups['cinder_api'] | length > 0"
     - "cinder_services['cinder-api']['group'] in group_names"

tasks/service_setup.yml

@@ -1,5 +1,5 @@
 ---
-# Copyright 2014, Rackspace US, Inc.
+# Copyright 2019, VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,10 +39,10 @@
         description: "{{ _project_description | default('') }}"
         domain_id: "default"
         endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
       register: add_service
       when:
-        - not _service_in_ldap | bool
+        - not (_service_in_ldap | default(False) | bool)
         - _project_name is defined
       until: add_service is success
       retries: 5
@@ -56,7 +56,7 @@
         service_type: "{{ item.type }}"
         description: "{{ item.description | default('') }}"
         endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
       register: add_service
       with_items: "{{ _service_catalog }}"
       when: _service_catalog is defined
@@ -64,56 +64,65 @@
       retries: 5
       delay: 10
 
-    - name: Add default role
+    - name: Add keystone roles
       os_keystone_role:
         cloud: default
         state: present
-        name: "{{ _role_name }}"
+        name: "{{ item.role }}"
         endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
       register: add_service
       when:
-        - not _service_in_ldap | bool
+        - not (_service_in_ldap | default(False) | bool)
-        - _role_name is defined
+        - _service_users is defined
+        - "'role' in item"
+        - (item.condition | default(True)) | bool
       until: add_service is success
+      with_items: "{{ _service_users }}"
       retries: 5
       delay: 10
 
-    - name: Add service user
+    - name: Add service users
       os_user:
         cloud: default
         state: present
-        name: "{{ _service_user_name }}"
+        name: "{{ item.name }}"
-        password: "{{ _service_user_password }}"
+        password: "{{ item.password }}"
         domain: default
-        default_project: "{{ _service_project_name }}"
+        default_project: "{{ item.project | default(_service_project_name) }}"
         endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
       register: add_service
       when:
-        - not _service_in_ldap | bool
+        - not (_service_in_ldap | default(False) | bool)
-        - _service_user_name is defined
+        - _service_users is defined
-        - _service_user_password is defined
+        - "'name' in item"
+        - "'password' in item"
+        - (item.condition | default(True)) | bool
       until: add_service is success
+      with_items: "{{ _service_users }}"
       retries: 5
       delay: 10
       no_log: True
 
-    - name: Add service user to admin role
+    - name: Add service users to the role
       os_user_role:
         cloud: default
         state: present
-        user: "{{ _service_user_name }}"
+        user: "{{ item.name }}"
-        role: "{{ _service_role_name }}"
+        role: "{{ item.role }}"
-        project: "{{ _service_project_name }}"
+        project: "{{ item.project | default(_service_project_name) }}"
         endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
       register: add_service
       when:
-        - not _service_in_ldap | bool
+        - not (_service_in_ldap | default(False) | bool)
-        - _service_user_name is defined
+        - _service_users is defined
-        - _service_role_name is defined
+        - "'name' in item"
+        - "'role' in item"
+        - (item.condition | default(True)) | bool
       until: add_service is success
+      with_items: "{{ _service_users }}"
       retries: 5
       delay: 10
 
@@ -126,7 +135,7 @@
         url: "{{ item.url }}"
         region: "{{ _service_region | default('RegionOne') }}"
         endpoint_type: admin
-        validate_certs: "{{ (not _service_adminuri_insecure | default('True')) | bool }}"
+        validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
       register: add_service
       until: add_service is success
       retries: 5