Merge "Add default user role for Keystone & Horizon and tasks to create it"
This commit is contained in:
commit
4b5e0b1a4e
@ -91,6 +91,9 @@ horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
|
||||
## alternatively, you can set horizon to turn off ssl verification for Keystone
|
||||
horizon_ssl_no_verify: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
|
||||
|
||||
## The role which Horizon should use as a default for users
|
||||
horizon_default_role_name: _member_
|
||||
|
||||
## Launch instance
|
||||
horizon_launch_instance_legacy: True
|
||||
horizon_launch_instance_ng: False
|
||||
|
34
playbooks/roles/os_horizon/tasks/horizon_service_setup.yml
Normal file
34
playbooks/roles/os_horizon/tasks/horizon_service_setup.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
# Copyright 2015, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
# Add the default user role
|
||||
- name: Ensure default keystone user role
|
||||
keystone:
|
||||
command: "ensure_role"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
role_name: "{{ horizon_default_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
when: >
|
||||
keystone_auth_admin_token is defined
|
||||
and keystone_service_adminurl is defined
|
||||
and keystone_service_adminuri_insecure is defined
|
||||
register: add_member_role
|
||||
until: add_member_role|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- horizon-member-config
|
@ -28,6 +28,8 @@
|
||||
|
||||
- include: horizon_ssl_user_provided.yml
|
||||
|
||||
- include: horizon_service_setup.yml
|
||||
|
||||
- include: horizon_apache.yml
|
||||
|
||||
- name: Flush handlers
|
||||
|
@ -168,7 +168,8 @@ OPENSTACK_HOST = "{{ horizon_keystone_host }}"
|
||||
OPENSTACK_KEYSTONE_URL = "{{ horizon_keystone_endpoint }}"
|
||||
{% endif %}
|
||||
|
||||
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
|
||||
# The default role assigned to users
|
||||
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ horizon_default_role_name }}"
|
||||
|
||||
{% if keystone_sp is defined %}
|
||||
# Enables keystone web single-sign-on
|
||||
|
@ -80,6 +80,7 @@ keystone_database_pool_timeout: 30
|
||||
|
||||
## Role info
|
||||
keystone_role_name: admin
|
||||
keystone_default_role_name: _member_
|
||||
|
||||
## Admin info
|
||||
keystone_admin_port: 35357
|
||||
|
@ -128,6 +128,22 @@
|
||||
- keystone-api-setup
|
||||
- keystone-setup
|
||||
|
||||
# Add the default user role
|
||||
- name: Ensure default keystone user role
|
||||
keystone:
|
||||
command: "ensure_role"
|
||||
token: "{{ keystone_auth_admin_token }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
role_name: "{{ keystone_default_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_member_role
|
||||
until: add_member_role|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- keystone-api-setup
|
||||
- keystone-setup
|
||||
|
||||
# Create a service
|
||||
- name: Ensure Keystone Service
|
||||
keystone:
|
||||
|
@ -9,6 +9,7 @@ public_endpoint = {{ keystone_public_endpoint }}
|
||||
{% endif %}
|
||||
admin_endpoint = {{ keystone_service_adminuri }}
|
||||
fatal_deprecations = {{ keystone_fatal_deprecations }}
|
||||
member_role_name = {{ keystone_default_role_name }}
|
||||
|
||||
{% if keystone_ssl | bool and keystone_secure_proxy_ssl_header is defined %}
|
||||
secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }}
|
||||
|
Loading…
x
Reference in New Issue
Block a user