c0b5e8c90a
Change-Id: Id88657f2abb4bd0741751a6cf035d93ad62bc310 Depends-On: I8fce922e2907584138a132f37887f227eabe9abe Partial-Bug: #1688320
164 lines
6.1 KiB
YAML
164 lines
6.1 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Wait for services to be up
|
|
uri:
|
|
url: "{{ item['url'] }}"
|
|
validate_certs: "{{ item['validate_certs'] }}"
|
|
method: "HEAD"
|
|
status_code: 300
|
|
with_items:
|
|
- url: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}"
|
|
validate_certs: "{{ not keystone_service_adminuri_insecure | bool }}"
|
|
- url: "{{ keystone_service_internaluri_proto }}://{{ ansible_host }}:{{ keystone_service_port }}"
|
|
validate_certs: "{{ not keystone_service_internaluri_insecure | bool }}"
|
|
register: _wait_check
|
|
until: _wait_check | success
|
|
retries: 12
|
|
delay: 5
|
|
|
|
- name: Bootstrap keystone admin and endpoint
|
|
command: |
|
|
{{ keystone_bin }}/keystone-manage bootstrap \
|
|
--bootstrap-username {{ keystone_admin_user_name }} \
|
|
--bootstrap-password {{ keystone_auth_admin_password }} \
|
|
--bootstrap-project-name {{ keystone_admin_tenant_name }} \
|
|
--bootstrap-role-name {{ keystone_role_name }} \
|
|
--bootstrap-service-name {{ keystone_service_name }} \
|
|
--bootstrap-region-id {{ keystone_service_region }} \
|
|
--bootstrap-admin-url {{ keystone_service_adminuri }} \
|
|
--bootstrap-public-url {{ keystone_service_publicuri }} \
|
|
--bootstrap-internal-url {{ keystone_service_internaluri }}
|
|
become: yes
|
|
become_user: "{{ keystone_system_user_name }}"
|
|
changed_when: false
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Create a service tenant
|
|
- name: Ensure service tenant
|
|
keystone:
|
|
command: "ensure_tenant"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3"
|
|
ignore_catalog: True
|
|
tenant_name: "{{ keystone_service_tenant_name }}"
|
|
description: "{{ keystone_service_description }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Add the default user role
|
|
- name: Ensure default keystone user role
|
|
keystone:
|
|
command: "ensure_role"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3"
|
|
ignore_catalog: True
|
|
role_name: "{{ keystone_default_role_name }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_member_role
|
|
when: not keystone_service_in_ldap | bool
|
|
until: add_member_role|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Create a service
|
|
- name: Ensure Keystone Service
|
|
keystone:
|
|
command: "ensure_service"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3"
|
|
ignore_catalog: True
|
|
service_name: "{{ keystone_service_name }}"
|
|
service_type: "{{ keystone_service_type }}"
|
|
description: "{{ keystone_service_description }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Create a service user
|
|
- name: Ensure Keystone user
|
|
keystone:
|
|
command: "ensure_user"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3"
|
|
ignore_catalog: True
|
|
user_name: "{{ keystone_service_user_name }}"
|
|
tenant_name: "{{ keystone_service_tenant_name }}"
|
|
password: "{{ keystone_service_password }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Add a role to the user
|
|
- name: Ensure Keystone user to Admin role
|
|
keystone:
|
|
command: "ensure_user_role"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3"
|
|
ignore_catalog: True
|
|
user_name: "{{ keystone_service_user_name }}"
|
|
tenant_name: "{{ keystone_service_tenant_name }}"
|
|
role_name: "{{ keystone_role_name }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Create an endpoint
|
|
- name: Update Keystone endpoint
|
|
keystone:
|
|
command: "ensure_endpoint"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3"
|
|
ignore_catalog: True
|
|
region_name: "{{ keystone_service_region }}"
|
|
service_name: "{{ keystone_service_name }}"
|
|
service_type: "{{ keystone_service_type }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
endpoint_list:
|
|
- url: "{{ keystone_service_publicuri }}"
|
|
interface: "public"
|
|
- url: "{{ keystone_service_internaluri }}"
|
|
interface: "internal"
|
|
- url: "{{ keystone_service_adminuri }}"
|
|
interface: "admin"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|