Role os_keystone for OpenStack-Ansible
a08d7b1ce8
https://review.openstack.org/#/c/255599/ implemented a keystone-manage bootstrap command as an alternative to using an admin token when bootstrapping the keystone service. Admin tokens have been deprecated as of Mitaka and will be removed in Ocata. The use of this command replaces tasks to create the admin user, its password, role, and project and the keystone service endpoints. The keystone_auth_admin_token variable has been removed and its use in any tasks against the keystone library have been replaced with login credentials for the admin user. The functional test has been updated to use the current head of stable/mitaka and master for keystone and requirements respectively. The policy and api-paste files have also been updated from the head of keystone stable/mitaka. This change will require updates to make use of the same SHAs in the integrated openstack-ansible repo and in a majority of the OpenStack service roles' tests. Change-Id: I720fab85efe11a7512a124e44a73cf67b5f686b5 |
||
|---|---|---|
| defaults | ||
| doc | ||
| files | ||
| handlers | ||
| library | ||
| meta | ||
| tasks | ||
| templates | ||
| tests | ||
| vars | ||
| .gitignore | ||
| .gitreview | ||
| CONTRIBUTING.rst | ||
| LICENSE | ||
| other-requirements.txt | ||
| README.rst | ||
| run_tests.sh | ||
| setup.cfg | ||
| setup.py | ||
| test-requirements.txt | ||
| tox.ini | ||
OpenStack-Ansible Keystone
Ansible role that installs and configures OpenStack Keystone. Keystone is installed behind the Apache webserver listening on port 5000 and port 35357 by default.
Default Variables
../../defaults/main.yml
Required Variables
This list is not exhaustive at present. See role internals for further details.
# hostname or IP of load balancer providing external network
# access to Keystone
external_lb_vip_address: 10.100.100.102
# hostname or IP of load balancer providing internal network
# access to Keystone
internal_lb_vip_address: 10.100.100.102
# password used by the keystone service to interact with Galera
keystone_container_mysql_password: "YourPassword"
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"Example Playbook
- name: Installation and setup of Keystone
hosts: keystone_all
user: root
roles:
- { role: "os_keystone", tags: [ "os-keystone" ] }
vars:
external_lb_vip_address: 10.100.100.102
internal_lb_vip_address: 10.100.100.102
keystone_galera_address: 10.100.100.101
keystone_galera_database: keystone
keystone_venv_tag: "testing"
keystone_developer_mode: true
keystone_git_install_branch: a55128044f763f5cfe2fdc57c738eaca97636448
keystone_auth_admin_password: "SuperSecretePassword"
keystone_service_password: "secrete"
keystone_rabbitmq_password: "secrete"
keystone_container_mysql_password: "SuperSecrete"
keystone_rabbitmq_port: 5671
keystone_rabbitmq_userid: keystone
keystone_rabbitmq_vhost: /keystone
keystone_rabbitmq_servers: 10.100.100.101
keystone_rabbitmq_use_ssl: true
galera_client_drop_config_file: false