diff --git a/playbooks/inventory/group_vars/hosts.yml b/playbooks/inventory/group_vars/hosts.yml index 9310492a5c..b664cfb012 100644 --- a/playbooks/inventory/group_vars/hosts.yml +++ b/playbooks/inventory/group_vars/hosts.yml @@ -83,6 +83,10 @@ dhcp_domain: openstacklocal #openstack_service_adminuri_proto: http #openstack_service_internaluri_proto: http +## LDAP enabled toggle +service_ldap_backend_enabled: "{{ keystone_ldap is defined }}" + + ## Aodh # DB info aodh_database_name: aodh @@ -91,6 +95,7 @@ aodh_db_type: mongodb aodh_db_ip: localhost aodh_db_port: 27017 aodh_connection_string: "{{ aodh_db_type }}://{{ aodh_database_user }}:{{ aodh_container_db_password }}@{{ aodh_db_ip }}:{{ aodh_db_port }}/{{ aodh_database_name }}" +aodh_service_in_ldap: "{{ service_ldap_backend_enabled }}" ## Ceilometer @@ -103,6 +108,7 @@ ceilometer_service_adminurl: "{{ ceilometer_service_adminuri }}/" ceilometer_service_region: "{{ service_region }}" ceilometer_rabbitmq_userid: ceilometer ceilometer_rabbitmq_vhost: /ceilometer +ceilometer_service_in_ldap: "{{ service_ldap_backend_enabled }}" ## Nova @@ -121,6 +127,7 @@ nova_keystone_auth_plugin: password nova_ceph_client: '{{ cinder_ceph_client }}' nova_ceph_client_uuid: '{{ cinder_ceph_client_uuid | default() }}' nova_dhcp_domain: "{{ dhcp_domain }}" +nova_service_in_ldap: "{{ service_ldap_backend_enabled }}" ## Neutron @@ -135,6 +142,7 @@ neutron_service_adminuri: "{{ neutron_service_adminuri_proto }}://{{ internal_lb neutron_service_adminurl: "{{ neutron_service_adminuri }}" neutron_service_region: "{{ service_region }}" neutron_dhcp_domain: "{{ dhcp_domain }}" +neutron_service_in_ldap: "{{ service_ldap_backend_enabled }}" ## Glance @@ -147,6 +155,7 @@ glance_service_project_domain_id: default glance_service_user_domain_id: default glance_service_adminurl: "{{ glance_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ glance_service_port }}" glance_service_region: "{{ service_region }}" +glance_service_in_ldap: "{{ service_ldap_backend_enabled }}" # Only specify this if you want to list the servers - by default LB host/port will be used #glance_api_servers: "{% for host in groups['glance_all'] %}{{ hostvars[host]['container_address'] }}:{{ glance_service_port }}{% if not loop.last %},{% endif %}{% endfor %}" @@ -177,6 +186,7 @@ keystone_service_adminurl: "{{ keystone_service_adminuri }}/v3" keystone_cache_backend_argument: "url:{% for host in groups['memcached'] %}{{ hostvars[host]['container_address'] }}{% if not loop.last %},{% endif %}{% endfor %}:{{ memcached_port }}" keystone_memcached_servers: "{% for host in groups['keystone_all'] %}{{ hostvars[host]['container_address'] }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}" +keystone_service_in_ldap: "{{ service_ldap_backend_enabled }}" ## Horizon @@ -187,6 +197,7 @@ horizon_enable_neutron_lbaas: "{% if neutron_plugin_base is defined and 'neutron ## Heat heat_service_region: "{{ service_region }}" +heat_service_in_ldap: "{{ service_ldap_backend_enabled }}" ## Cinder @@ -208,6 +219,17 @@ cinder_ceph_client: cinder # cinder_backend_lvm_inuse: True if current host has an lvm backend cinder_backend_lvm_inuse: '{{ (cinder_backends|default("")|to_json).find("cinder.volume.drivers.lvm.LVMVolumeDriver") != -1 }}' cinder_service_region: "{{ service_region }}" +cinder_service_in_ldap: "{{ service_ldap_backend_enabled }}" + + +## Swift +swift_system_user_name: swift +swift_system_group_name: swift +swift_system_shell: /bin/bash +swift_system_comment: swift system user +swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}" +swift_service_region: "{{ service_region }}" +swift_service_in_ldap: "{{ service_ldap_backend_enabled }}" ## OpenStack Openrc @@ -226,13 +248,6 @@ tempest_pip_instructions: > --trusted-host pypi.python.org --trusted-host {{ openstack_repo_url | netloc_no_port }} -## Swift -swift_system_user_name: swift -swift_system_group_name: swift -swift_system_shell: /bin/bash -swift_system_comment: swift system user -swift_system_home_folder: "/var/lib/{{ swift_system_user_name }}" -swift_service_region: "{{ service_region }}" ## HAProxy haproxy_bind_on_non_local: "{% if groups.haproxy_hosts[1] is defined and internal_lb_vip_address != external_lb_vip_address %}True{% else %}False{% endif %}" diff --git a/playbooks/roles/os_aodh/defaults/main.yml b/playbooks/roles/os_aodh/defaults/main.yml index c2f6284ca1..d21295e768 100644 --- a/playbooks/roles/os_aodh/defaults/main.yml +++ b/playbooks/roles/os_aodh/defaults/main.yml @@ -80,6 +80,8 @@ aodh_service_internalurl: "{{ aodh_service_internaluri }}" aodh_service_adminuri: "{{ aodh_service_proto }}://{{ internal_lb_vip_address }}:{{ aodh_service_port }}" aodh_service_adminurl: "{{ aodh_service_adminuri }}" +aodh_service_in_ldap: false + # Common apt packages aodh_apt_packages: - rpcbind diff --git a/playbooks/roles/os_aodh/tasks/aodh_service_add.yml b/playbooks/roles/os_aodh/tasks/aodh_service_add.yml index 31761a4c98..7e24205d6e 100644 --- a/playbooks/roles/os_aodh/tasks/aodh_service_add.yml +++ b/playbooks/roles/os_aodh/tasks/aodh_service_add.yml @@ -39,6 +39,7 @@ role_name: "{{ role_name }}" password: "{{ aodh_service_password }}" register: add_service + when: not aodh_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -55,6 +56,7 @@ tenant_name: "{{ aodh_service_project_name }}" role_name: "{{ aodh_role_name }}" register: add_admin_role + when: not aodh_service_in_ldap | bool until: add_admin_role|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_ceilometer/defaults/main.yml b/playbooks/roles/os_ceilometer/defaults/main.yml index 239c26b2a1..232ba9d305 100644 --- a/playbooks/roles/os_ceilometer/defaults/main.yml +++ b/playbooks/roles/os_ceilometer/defaults/main.yml @@ -80,6 +80,8 @@ ceilometer_service_internalurl: "{{ ceilometer_service_internaluri }}" ceilometer_service_adminuri: "{{ ceilometer_service_proto }}://{{ internal_lb_vip_address }}:{{ ceilometer_service_port }}" ceilometer_service_adminurl: "{{ ceilometer_service_adminuri }}" + +ceilometer_service_in_ldap: false ## Ceilometer config # If the following variables are unset in user_variables, the value set will be half the number of available VCPUs # ceilometer_api_workers: 1 diff --git a/playbooks/roles/os_ceilometer/tasks/ceilometer_service_add.yml b/playbooks/roles/os_ceilometer/tasks/ceilometer_service_add.yml index 6b97bfc6b9..74ce7bbf3a 100644 --- a/playbooks/roles/os_ceilometer/tasks/ceilometer_service_add.yml +++ b/playbooks/roles/os_ceilometer/tasks/ceilometer_service_add.yml @@ -39,6 +39,7 @@ role_name: "{{ role_name }}" password: "{{ ceilometer_service_password }}" register: add_service + when: not ceilometer_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -55,6 +56,7 @@ tenant_name: "{{ ceilometer_service_project_name }}" role_name: "{{ ceilometer_role_name }}" register: add_admin_role + when: not ceilometer_service_in_ldap | bool until: add_admin_role|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_cinder/defaults/main.yml b/playbooks/roles/os_cinder/defaults/main.yml index b686284d7f..dbb5acc1e6 100644 --- a/playbooks/roles/os_cinder/defaults/main.yml +++ b/playbooks/roles/os_cinder/defaults/main.yml @@ -210,6 +210,8 @@ cinder_quota_backup_gigabytes: 1000 cinder_glance_host: 127.0.0.1 cinder_glance_service_port: 9292 +cinder_service_in_ldap: false + # Common apt packages cinder_apt_packages: - dmeventd diff --git a/playbooks/roles/os_cinder/tasks/cinder_service_add.yml b/playbooks/roles/os_cinder/tasks/cinder_service_add.yml index a538c4a316..a5375ebee6 100644 --- a/playbooks/roles/os_cinder/tasks/cinder_service_add.yml +++ b/playbooks/roles/os_cinder/tasks/cinder_service_add.yml @@ -43,6 +43,7 @@ password: "{{ service_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not cinder_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -62,6 +63,7 @@ role_name: "{{ role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not cinder_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_glance/defaults/main.yml b/playbooks/roles/os_glance/defaults/main.yml index ceffaacc57..659d1f165a 100644 --- a/playbooks/roles/os_glance/defaults/main.yml +++ b/playbooks/roles/os_glance/defaults/main.yml @@ -165,6 +165,8 @@ glance_rbd_store_pool: images glance_rbd_store_user: '{{ glance_ceph_client }}' glance_rbd_store_chunk_size: 8 +glance_service_in_ldap: false + # Common apt packages glance_apt_packages: - rpcbind diff --git a/playbooks/roles/os_glance/tasks/glance_service_setup.yml b/playbooks/roles/os_glance/tasks/glance_service_setup.yml index a154d8af9c..e061d72101 100644 --- a/playbooks/roles/os_glance/tasks/glance_service_setup.yml +++ b/playbooks/roles/os_glance/tasks/glance_service_setup.yml @@ -43,6 +43,7 @@ password: "{{ glance_service_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not glance_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -62,6 +63,7 @@ role_name: "{{ glance_role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not glance_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_heat/defaults/main.yml b/playbooks/roles/os_heat/defaults/main.yml index 6c60098af1..f5be695f48 100644 --- a/playbooks/roles/os_heat/defaults/main.yml +++ b/playbooks/roles/os_heat/defaults/main.yml @@ -150,6 +150,8 @@ heat_watch_server_url: "{{ heat_watch_server_uri }}" # heat_engine_workers: 4 # heat_api_workers: 4 +heat_service_in_ldap: false + ## Plugin dirs heat_plugin_dirs: - /usr/lib/heat diff --git a/playbooks/roles/os_heat/tasks/heat_service_add.yml b/playbooks/roles/os_heat/tasks/heat_service_add.yml index 3eb6692e9f..dfe1266ce9 100644 --- a/playbooks/roles/os_heat/tasks/heat_service_add.yml +++ b/playbooks/roles/os_heat/tasks/heat_service_add.yml @@ -43,6 +43,7 @@ password: "{{ service_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not heat_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -62,6 +63,7 @@ role_name: "{{ role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not heat_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_keystone/defaults/main.yml b/playbooks/roles/os_keystone/defaults/main.yml index ef1f8904df..204b9ae90a 100644 --- a/playbooks/roles/os_keystone/defaults/main.yml +++ b/playbooks/roles/os_keystone/defaults/main.yml @@ -322,6 +322,8 @@ keystone_recreate_keys: False # - name: 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn' # id: upn +keystone_service_in_ldap: false + # Keystone Federation SP Packages keystone_sp_apt_packages: - libapache2-mod-shib2 diff --git a/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml b/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml index d4faa89ad5..c7e19f6d10 100644 --- a/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml +++ b/playbooks/roles/os_keystone/tasks/keystone_service_setup.yml @@ -87,6 +87,7 @@ password: "{{ keystone_auth_admin_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not keystone_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -121,6 +122,7 @@ role_name: "{{ keystone_role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not keystone_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -137,6 +139,7 @@ role_name: "{{ keystone_default_role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_member_role + when: not keystone_service_in_ldap | bool until: add_member_role|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_neutron/defaults/main.yml b/playbooks/roles/os_neutron/defaults/main.yml index 1f6f8a607e..e0dc1498ac 100644 --- a/playbooks/roles/os_neutron/defaults/main.yml +++ b/playbooks/roles/os_neutron/defaults/main.yml @@ -288,6 +288,8 @@ neutron_rpc_conn_pool_size: 30 neutron_rpc_response_timeout: 60 neutron_rpc_workers: 1 +neutron_service_in_ldap: false + ## Policy vars # Provide a list of access controls to update the default policy.json with. These changes will be merged # with the access controls in the default policy.json. E.g. diff --git a/playbooks/roles/os_neutron/tasks/neutron_service_add.yml b/playbooks/roles/os_neutron/tasks/neutron_service_add.yml index 7430c2fd11..1173774481 100644 --- a/playbooks/roles/os_neutron/tasks/neutron_service_add.yml +++ b/playbooks/roles/os_neutron/tasks/neutron_service_add.yml @@ -43,6 +43,7 @@ password: "{{ service_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not neutron_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -62,6 +63,7 @@ role_name: "{{ role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not neutron_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_nova/defaults/main.yml b/playbooks/roles/os_nova/defaults/main.yml index 44313d8193..2bce931e67 100644 --- a/playbooks/roles/os_nova/defaults/main.yml +++ b/playbooks/roles/os_nova/defaults/main.yml @@ -235,6 +235,8 @@ nova_ceph_client_uuid: 517a4663-3927-44bc-9ea7-4a90e1cd4c66 # "compute:create": "" # "compute:create:attach_network": "" +nova_service_in_ldap: false + ## libvirtd config options nova_libvirtd_listen_tls: 1 nova_libvirtd_listen_tcp: 0 diff --git a/playbooks/roles/os_nova/tasks/nova_service_add.yml b/playbooks/roles/os_nova/tasks/nova_service_add.yml index 13478fdcfb..60603fcffc 100644 --- a/playbooks/roles/os_nova/tasks/nova_service_add.yml +++ b/playbooks/roles/os_nova/tasks/nova_service_add.yml @@ -43,6 +43,7 @@ password: "{{ service_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not nova_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -62,6 +63,7 @@ role_name: "{{ role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not nova_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 diff --git a/playbooks/roles/os_swift/defaults/main.yml b/playbooks/roles/os_swift/defaults/main.yml index 04795ea389..8b386ec16f 100644 --- a/playbooks/roles/os_swift/defaults/main.yml +++ b/playbooks/roles/os_swift/defaults/main.yml @@ -159,6 +159,8 @@ swift_proxy_server_program_config_options: /etc/swift/proxy-server/proxy-server. swift_storage_address: 127.0.0.1 swift_replication_address: 127.0.0.1 +swift_service_in_ldap: false + # Basic swift configuration for the cluster swift: {} diff --git a/playbooks/roles/os_swift/tasks/swift_service_setup.yml b/playbooks/roles/os_swift/tasks/swift_service_setup.yml index 829447ea7c..7024ed6781 100644 --- a/playbooks/roles/os_swift/tasks/swift_service_setup.yml +++ b/playbooks/roles/os_swift/tasks/swift_service_setup.yml @@ -43,6 +43,7 @@ password: "{{ swift_service_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not swift_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -62,6 +63,7 @@ role_name: "{{ swift_service_role_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not swift_service_in_ldap | bool until: add_service|success retries: 5 delay: 10 @@ -96,6 +98,7 @@ password: "{{ swift_dispersion_password }}" insecure: "{{ keystone_service_adminuri_insecure }}" register: add_service + when: not swift_service_in_ldap | bool until: add_service|success retries: 5 delay: 10