Remove dependency on the Keystone admin auth token

Now that auth token usage is deprecated, prefer the admin user and password for all horizon setup tasks run against keystone. Change-Id: I37187eaf11d3bd60c577acf7c97c7c2993d65566
2016-03-17 10:26:13 -04:00 · 2016-03-17 10:26:13 -04:00 · 788fbfd98d
commit 788fbfd98d
parent 1f52acc1c3
2 changed files with 11 additions and 6 deletions
--- a/README.rst
+++ b/README.rst
@ -52,8 +52,9 @@ Example Playbook
        rabbitmq_servers: 10.100.100.101
        rabbitmq_use_ssl: false
        rabbitmq_port: 5671
-        keystone_auth_admin_token: "SuperSecreteTestToken"
+        keystone_admin_user_name: admin
        keystone_auth_admin_password: "SuperSecretePassword"
+        keystone_admin_tenant_name: admin
        keystone_service_adminuri_insecure: false
        keystone_service_internaluri_insecure: false
        keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
--- a/tasks/horizon_service_setup.yml
+++ b/tasks/horizon_service_setup.yml
@ -18,14 +18,18 @@
 - name: Ensure default keystone user role
  keystone:
    command: "ensure_role"
-    token: "{{ keystone_auth_admin_token }}"
    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
    role_name: "{{ horizon_default_role_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-  when: >
-    keystone_auth_admin_token is defined
-    and keystone_service_adminurl is defined
-    and keystone_service_adminuri_insecure is defined
+  when:
+    - keystone_admin_user_name is defined
+    - keystone_auth_admin_password is defined
+    - keystone_admin_tenant_name is defined
+    - keystone_service_adminurl is defined
+    - keystone_service_adminuri_insecure is defined
  register: add_member_role
  until: add_member_role|success
  retries: 5