--- # Copyright 2014, Rackspace US, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Note(odyssey4me): # This set of tasks specifically runs against the last keystone # node in the cluster to ensure that the modules have access to # the endpoints which were bootstrapped in keystone_service_bootstrap. # We set the python interpreter to the ansible runtime venv if # the delegation is to localhost so that we get access to the # appropriate python libraries in that venv. If the delegation # is to another host, we assume that it is accessible by the # system python instead. - name: Update the service delegate_to: "{{ keystone_service_setup_host }}" vars: ansible_python_interpreter: >- {{ (keystone_service_setup_host == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable']) }} block: - name: Wait for services to be up uri: url: "{{ item.url }}" validate_certs: "{{ item.validate_certs }}" method: "HEAD" status_code: 300 with_items: - url: "{{ keystone_service_adminuri }}" validate_certs: "{{ not keystone_service_adminuri_insecure }}" - url: "{{ keystone_service_internaluri }}" validate_certs: "{{ not keystone_service_internaluri_insecure }}" register: _wait_check until: _wait_check | success retries: 12 delay: 5 - name: Add service project os_project: cloud: default state: present name: "{{ keystone_service_tenant_name }}" description: "{{ keystone_service_description }}" domain_id: "default" endpoint_type: admin verify: "{{ not keystone_service_adminuri_insecure }}" register: add_service when: not keystone_service_in_ldap | bool until: add_service is success retries: 5 delay: 10 - name: Add default role os_keystone_role: cloud: default state: present name: "{{ keystone_default_role_name }}" endpoint_type: admin verify: "{{ not keystone_service_adminuri_insecure }}" register: add_service when: not keystone_service_in_ldap | bool until: add_service is success retries: 5 delay: 10 - name: Add service to the keystone service catalog os_keystone_service: cloud: default state: present name: "{{ keystone_service_name }}" service_type: "{{ keystone_service_type }}" description: "{{ keystone_service_description }}" endpoint_type: admin verify: "{{ not keystone_service_adminuri_insecure }}" register: add_service until: add_service is success retries: 5 delay: 10 - name: Add service user os_user: cloud: default state: present name: "{{ keystone_service_user_name }}" password: "{{ keystone_service_password }}" domain: default default_project: "{{ keystone_service_tenant_name }}" endpoint_type: admin verify: "{{ not keystone_service_adminuri_insecure }}" register: add_service when: not keystone_service_in_ldap | bool until: add_service is success retries: 5 delay: 10 no_log: True - name: Add service user to admin role os_user_role: cloud: default state: present user: "{{ keystone_service_user_name }}" role: "{{ keystone_role_name }}" project: "{{ keystone_service_tenant_name }}" endpoint_type: admin verify: "{{ not keystone_service_adminuri_insecure }}" register: add_service when: not keystone_service_in_ldap | bool until: add_service is success retries: 5 delay: 10 - name: Add endpoints to keystone endpoint catalog os_keystone_endpoint: cloud: default state: present service: "{{ keystone_service_name }}" endpoint_interface: "{{ item.interface }}" url: "{{ item.url }}" region: "{{ keystone_service_region }}" endpoint_type: admin verify: "{{ not keystone_service_adminuri_insecure }}" register: add_service until: add_service is success retries: 5 delay: 10 with_items: - interface: "public" url: "{{ keystone_service_publicuri }}" - interface: "internal" url: "{{ keystone_service_internaluri }}" - interface: "admin" url: "{{ keystone_service_adminuri }}"