Merge "Add default user role for Keystone & Horizon and tasks to create it"

This commit is contained in:
Jenkins 2015-08-22 01:56:34 +00:00 committed by Gerrit Code Review
commit 4b5e0b1a4e
7 changed files with 59 additions and 1 deletions

View File

@ -91,6 +91,9 @@ horizon_keystone_endpoint: "{{ keystone_service_internalurl }}"
## alternatively, you can set horizon to turn off ssl verification for Keystone
horizon_ssl_no_verify: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
## The role which Horizon should use as a default for users
horizon_default_role_name: _member_
## Launch instance
horizon_launch_instance_legacy: True
horizon_launch_instance_ng: False

View File

@ -0,0 +1,34 @@
---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Add the default user role
- name: Ensure default keystone user role
keystone:
command: "ensure_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
role_name: "{{ horizon_default_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
when: >
keystone_auth_admin_token is defined
and keystone_service_adminurl is defined
and keystone_service_adminuri_insecure is defined
register: add_member_role
until: add_member_role|success
retries: 5
delay: 10
tags:
- horizon-member-config

View File

@ -28,6 +28,8 @@
- include: horizon_ssl_user_provided.yml
- include: horizon_service_setup.yml
- include: horizon_apache.yml
- name: Flush handlers

View File

@ -168,7 +168,8 @@ OPENSTACK_HOST = "{{ horizon_keystone_host }}"
OPENSTACK_KEYSTONE_URL = "{{ horizon_keystone_endpoint }}"
{% endif %}
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
# The default role assigned to users
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ horizon_default_role_name }}"
{% if keystone_sp is defined %}
# Enables keystone web single-sign-on

View File

@ -80,6 +80,7 @@ keystone_database_pool_timeout: 30
## Role info
keystone_role_name: admin
keystone_default_role_name: _member_
## Admin info
keystone_admin_port: 35357

View File

@ -128,6 +128,22 @@
- keystone-api-setup
- keystone-setup
# Add the default user role
- name: Ensure default keystone user role
keystone:
command: "ensure_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
role_name: "{{ keystone_default_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_member_role
until: add_member_role|success
retries: 5
delay: 10
tags:
- keystone-api-setup
- keystone-setup
# Create a service
- name: Ensure Keystone Service
keystone:

View File

@ -9,6 +9,7 @@ public_endpoint = {{ keystone_public_endpoint }}
{% endif %}
admin_endpoint = {{ keystone_service_adminuri }}
fatal_deprecations = {{ keystone_fatal_deprecations }}
member_role_name = {{ keystone_default_role_name }}
{% if keystone_ssl | bool and keystone_secure_proxy_ssl_header is defined %}
secure_proxy_ssl_header = {{ keystone_secure_proxy_ssl_header }}