Role os_keystone for OpenStack-Ansible
61848d3de2
In order to maintain current behavior when deploying ceilometer using the integrated release, default 'keystone_rabbitmq_telemetry_password' to 'keystone_rabbitmq_password'. 'keystone_rabbitmq_telemetry_*' vars may be provided by the user as overrides if a separate rabbitmq cluster is being used for telemetry. Also update the configured transport_urls to only include a comma between urls and re-add rabbit configuration information to the oslo_messaging_rabbit block. Change-Id: I310dd2397fdee97790be5e5488a6461b8699ecf4 |
||
|---|---|---|
| defaults | ||
| doc | ||
| files | ||
| handlers | ||
| library | ||
| meta | ||
| releasenotes | ||
| tasks | ||
| templates | ||
| tests | ||
| vars | ||
| .gitignore | ||
| .gitreview | ||
| CONTRIBUTING.rst | ||
| LICENSE | ||
| other-requirements.txt | ||
| README.rst | ||
| run_tests.sh | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
OpenStack-Ansible Keystone
Ansible role that installs and configures OpenStack Keystone. Keystone is installed behind the Apache webserver listening on port 5000 and port 35357 by default.
Default Variables
../../defaults/main.yml
Required Variables
This list is not exhaustive at present. See role internals for further details.
# hostname or IP of load balancer providing external network
# access to Keystone
external_lb_vip_address: 10.100.100.102
# hostname or IP of load balancer providing internal network
# access to Keystone
internal_lb_vip_address: 10.100.100.102
# password used by the keystone service to interact with Galera
keystone_container_mysql_password: "YourPassword"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"Example Playbook
- name: Installation and setup of Keystone
hosts: keystone_all
user: root
pre_tasks:
- name: Create DB for service
mysql_db:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
state: "present"
delegate_to: "{{ keystone_galera_address }}"
when: inventory_hostname == groups['keystone_all'][0]
- name: Grant access to the DB for the service
mysql_user:
login_user: "root"
login_password: "secrete"
login_host: "localhost"
name: "{{ keystone_galera_database }}"
password: "{{ keystone_container_mysql_password }}"
host: "{{ item }}"
state: "present"
priv: "{{ keystone_galera_database }}.*:ALL"
with_items:
- "localhost"
- "%"
delegate_to: "{{ keystone_galera_address }}"
when: inventory_hostname == groups['keystone_all'][0]
roles:
- { role: "os_keystone", tags: [ "os-keystone" ] }
vars:
external_lb_vip_address: 10.100.100.102
internal_lb_vip_address: 10.100.100.102
keystone_galera_address: 10.100.100.101
keystone_galera_database: keystone
keystone_venv_tag: "testing"
keystone_developer_mode: true
keystone_git_install_branch: master
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_rabbitmq_servers: 10.100.100.101
keystone_rabbitmq_use_ssl: true
galera_client_drop_config_file: falseTags
This role supports two tags: keystone-install and
keystone-config
The keystone-install tag can be used to install and
upgrade.
The keystone-config tag can be used to maintain
configuration of the service.