From 70400b4e712dcebb82b7cbdf4d1d727584eb2263 Mon Sep 17 00:00:00 2001 From: Michael Davies Date: Tue, 19 Jan 2016 08:24:25 +0000 Subject: [PATCH] Adding keystone registration and spliting roles --- defaults/main.yml | 25 +++++++++ tasks/ironic_service_add.yml | 99 ++++++++++++++++++++++++++++++++++ tasks/ironic_service_setup.yml | 30 +++++++++++ tasks/ironic_upstart_init.yml | 7 +-- tasks/main.yml | 16 +++++- 5 files changed, 171 insertions(+), 6 deletions(-) create mode 100644 tasks/ironic_service_add.yml create mode 100644 tasks/ironic_service_setup.yml diff --git a/defaults/main.yml b/defaults/main.yml index bfaa4389..de4eecb6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -45,6 +45,31 @@ ironic_service_names: - "{{ ironic_api_program_name }}" - "{{ ironic_conductor_program_name }}" +ironic_service_name: ironic +ironic_service_type: baremetal +ironic_service_proto: http +ironic_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(ironic_service_proto) }}" +ironic_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(ironic_service_proto) }}" +ironic_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(ironic_service_proto) }}" +ironic_service_port: 8774 +ironic_service_description: "Ironic Baremetal Service" +ironic_service_publicuri: "{{ ironic_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ ironic_service_port }}" +ironic_service_publicurl: "{{ ironic_service_publicuri }}/v2.1/%(tenant_id)s" +ironic_service_adminuri: "{{ ironic_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}" +ironic_service_adminurl: "{{ ironic_service_adminuri }}/v2.1/%(tenant_id)s" +ironic_service_internaluri: "{{ ironic_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ ironic_service_port }}" +ironic_service_internalurl: "{{ ironic_service_internaluri }}/v2.1/%(tenant_id)s" +ironic_program_name: ironic-api +ironic_service_region: RegionOne +ironic_service_project_name: "service" +ironic_service_project_domain_id: default +ironic_service_user_domain_id: default +ironic_service_user_name: "ironic" +ironic_service_role_name: "admin" + +ironic_service_in_ldap: False + + # Is this Ironic installation working standalone? ironic_standalone: False diff --git a/tasks/ironic_service_add.yml b/tasks/ironic_service_add.yml new file mode 100644 index 00000000..855302f2 --- /dev/null +++ b/tasks/ironic_service_add.yml @@ -0,0 +1,99 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Create a service +- name: Ensure ironic service + keystone: + command: "ensure_service" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + description: "{{ service_description }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + until: add_service|success + retries: 5 + delay: 2 + tags: + - ironic-api-setup + - ironic-service-add + - ironic-setup + +# Create an admin user +- name: Ensure ironic user + keystone: + command: "ensure_user" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + password: "{{ service_password }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not ironic_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + tags: + - ironic-api-setup + - ironic-service-add + - ironic-setup + +# Add a role to the user +- name: Ensure ironic user to admin role + keystone: + command: "ensure_user_role" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + user_name: "{{ service_user_name }}" + tenant_name: "{{ service_tenant_name }}" + role_name: "{{ role_name }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + register: add_service + when: not ironic_service_in_ldap | bool + until: add_service|success + retries: 5 + delay: 10 + tags: + - ironic-api-setup + - ironic-service-add + - ironic-setup + +# Create an endpoint +- name: Ensure ironic endpoint + keystone: + command: "ensure_endpoint" + token: "{{ keystone_auth_admin_token }}" + endpoint: "{{ keystone_service_adminurl }}" + region_name: "{{ service_region }}" + service_name: "{{ service_name }}" + service_type: "{{ service_type }}" + insecure: "{{ keystone_service_adminuri_insecure }}" + endpoint_list: + - url: "{{ service_publicurl }}" + interface: "public" + - url: "{{ service_internalurl }}" + interface: "internal" + - url: "{{ service_adminurl }}" + interface: "admin" + register: add_service + until: add_service|success + retries: 5 + delay: 10 + tags: + - ironic-api-setup + - ironic-service-add + - ironic-setup diff --git a/tasks/ironic_service_setup.yml b/tasks/ironic_service_setup.yml new file mode 100644 index 00000000..fe7930f4 --- /dev/null +++ b/tasks/ironic_service_setup.yml @@ -0,0 +1,30 @@ +--- +# Copyright 2014, Rackspace US, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- include: ironic_service_add.yml + vars: + service_user_name: "{{ ironic_service_user_name }}" + service_tenant_name: "{{ ironic_service_project_name }}" + service_name: "{{ ironic_service_name }}" + service_type: "{{ ironic_service_type }}" + service_region: "{{ ironic_service_region }}" + service_description: "{{ ironic_service_description }}" + service_password: "{{ ironic_service_password }}" + service_publicurl: "{{ ironic_service_publicurl }}" + service_internalurl: "{{ ironic_service_internalurl }}" + service_adminurl: "{{ ironic_service_adminurl }}" + role_name: "{{ ironic_service_role_name }}" + tags: + - ironic-api diff --git a/tasks/ironic_upstart_init.yml b/tasks/ironic_upstart_init.yml index db7f4647..5eb56ff7 100644 --- a/tasks/ironic_upstart_init.yml +++ b/tasks/ironic_upstart_init.yml @@ -20,8 +20,7 @@ system_user: "{{ ironic_system_user_name }}" system_group: "{{ ironic_system_group_name }}" service_home: "{{ ironic_system_home_folder }}" -# TODO(mrda): define groups -# when: inventory_hostname in groups['tbd'] + when: inventory_hostname in groups['ironic_api'] - include: ironic_upstart_common_init.yml vars: @@ -30,6 +29,4 @@ system_user: "{{ ironic_system_user_name }}" system_group: "{{ ironic_system_group_name }}" service_home: "{{ ironic_system_home_folder }}" -# TODO(mrda): define groups -# when: inventory_hostname in groups['tbd'] - + when: inventory_hostname in groups['ironic_conductor'] diff --git a/tasks/main.yml b/tasks/main.yml index e14ca294..1ad263a3 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -14,12 +14,26 @@ # limitations under the License. - include: ironic_pre_install.yml -# - include: ironic_get_source.yml - include: ironic_install.yml + - include: ironic_conductor_install.yml + when: > + inventory_hostname == groups['ironic_conductor'][0] + - include: python_ironicclient_install.yml + - include: ironic_post_install.yml + - include: ironic_conductor_post_install.yml + when: > + inventory_hostname == groups['ironic_conductor'][0] + - include: ironic_db_setup.yml + when: > + inventory_hostname == groups['ironic_conductor'][0] + - include: ironic_upstart_init.yml + - include: ironic_service_setup.yml + when: > + inventory_hostname == groups['ironic_api'][0]