From a3c076d5a154fea3dc560d305fe4151dd1a93570 Mon Sep 17 00:00:00 2001 From: Jesse Pretorius Date: Tue, 22 Mar 2016 21:19:19 +0000 Subject: [PATCH] Remove dependency on the Keystone admin auth token Now that auth token usage is deprecated, prefer the admin user and password for all service setup tasks run against keystone. Change-Id: I177bdff0e789f43f192253dce886d0e5bf10a4b5 --- tasks/ironic_service_add.yml | 99 ------------------------------- tasks/ironic_service_setup.yml | 103 ++++++++++++++++++++++++++++----- 2 files changed, 90 insertions(+), 112 deletions(-) delete mode 100644 tasks/ironic_service_add.yml diff --git a/tasks/ironic_service_add.yml b/tasks/ironic_service_add.yml deleted file mode 100644 index 855302f2..00000000 --- a/tasks/ironic_service_add.yml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Copyright 2014, Rackspace US, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Create a service -- name: Ensure ironic service - keystone: - command: "ensure_service" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - service_name: "{{ service_name }}" - service_type: "{{ service_type }}" - description: "{{ service_description }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - until: add_service|success - retries: 5 - delay: 2 - tags: - - ironic-api-setup - - ironic-service-add - - ironic-setup - -# Create an admin user -- name: Ensure ironic user - keystone: - command: "ensure_user" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - user_name: "{{ service_user_name }}" - tenant_name: "{{ service_tenant_name }}" - password: "{{ service_password }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - when: not ironic_service_in_ldap | bool - until: add_service|success - retries: 5 - delay: 10 - tags: - - ironic-api-setup - - ironic-service-add - - ironic-setup - -# Add a role to the user -- name: Ensure ironic user to admin role - keystone: - command: "ensure_user_role" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - user_name: "{{ service_user_name }}" - tenant_name: "{{ service_tenant_name }}" - role_name: "{{ role_name }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - register: add_service - when: not ironic_service_in_ldap | bool - until: add_service|success - retries: 5 - delay: 10 - tags: - - ironic-api-setup - - ironic-service-add - - ironic-setup - -# Create an endpoint -- name: Ensure ironic endpoint - keystone: - command: "ensure_endpoint" - token: "{{ keystone_auth_admin_token }}" - endpoint: "{{ keystone_service_adminurl }}" - region_name: "{{ service_region }}" - service_name: "{{ service_name }}" - service_type: "{{ service_type }}" - insecure: "{{ keystone_service_adminuri_insecure }}" - endpoint_list: - - url: "{{ service_publicurl }}" - interface: "public" - - url: "{{ service_internalurl }}" - interface: "internal" - - url: "{{ service_adminurl }}" - interface: "admin" - register: add_service - until: add_service|success - retries: 5 - delay: 10 - tags: - - ironic-api-setup - - ironic-service-add - - ironic-setup diff --git a/tasks/ironic_service_setup.yml b/tasks/ironic_service_setup.yml index fe7930f4..0ded7903 100644 --- a/tasks/ironic_service_setup.yml +++ b/tasks/ironic_service_setup.yml @@ -1,5 +1,5 @@ --- -# Copyright 2014, Rackspace US, Inc. +# Copyright 2016, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,18 +13,95 @@ # See the License for the specific language governing permissions and # limitations under the License. -- include: ironic_service_add.yml - vars: - service_user_name: "{{ ironic_service_user_name }}" - service_tenant_name: "{{ ironic_service_project_name }}" +# Create a service +- name: Ensure ironic service + keystone: + command: "ensure_service" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" service_name: "{{ ironic_service_name }}" service_type: "{{ ironic_service_type }}" - service_region: "{{ ironic_service_region }}" - service_description: "{{ ironic_service_description }}" - service_password: "{{ ironic_service_password }}" - service_publicurl: "{{ ironic_service_publicurl }}" - service_internalurl: "{{ ironic_service_internalurl }}" - service_adminurl: "{{ ironic_service_adminurl }}" - role_name: "{{ ironic_service_role_name }}" + description: "{{ ironic_service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 tags: - - ironic-api + - ironic-api-setup + - ironic-service-add + - ironic-setup + +# Create an admin user +- name: Ensure ironic user + keystone: + command: "ensure_user" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ ironic_service_user_name }}" + project_name: "{{ ironic_service_project_name }}" + password: "{{ ironic_service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not ironic_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + tags: + - ironic-api-setup + - ironic-service-add + - ironic-setup + +# Add a role to the user +- name: Ensure ironic user to admin role + keystone: + command: "ensure_user_role" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ ironic_service_user_name }}" + project_name: "{{ ironic_service_project_name }}" + role_name: "{{ ironic_service_role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not ironic_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + tags: + - ironic-api-setup + - ironic-service-add + - ironic-setup + +# Create an endpoint +- name: Ensure ironic endpoint + keystone: + command: "ensure_endpoint" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ ironic_service_region }}" + service_name: "{{ ironic_service_name }}" + service_type: "{{ ironic_service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ ironic_service_publicurl }}" + interface: "public" + - url: "{{ ironic_service_internalurl }}" + interface: "internal" + - url: "{{ ironic_service_adminurl }}" + interface: "admin" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - ironic-api-setup + - ironic-service-add + - ironic-setup