openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/playbooks/roles/openstack_openrc/defaults/main.yml
Jesse Pretorius 4341b79b3a Enable all services to use Keystone 'insecurely' 
This patch introduces an insecure flag for the Keystone internal
 and admin endpoints:

* keystone_service_adminuri_insecure
* keystone_service_internaluri_insecure

Both values default to false. If you have setup SSL endpoints
for Keystone using an untrusted certificate then you should
set the appropriate flag to true in your user_variables.

This patch is used to enable testing and development with
Keystone SSL endpoints without having to make use of SSL
certificates signed by a trusted, public CA.

The patch introduces a new optional argument (insecure) to the
keystone, glance and neutron Ansible libraries. This is a
boolean value which, when true, enables these libraries to
access Keystone endpoints 'insecurely'. When these libraries
are used in plays, the appropriate value is set automatically
as per the above conditions.

Implements: blueprint keystone-federation
Change-Id: Ia07e7e201f901042dd06a86efe5c6f6725e9ce13
2015-07-10 14:06:25 +01:00

33 lines
1.2 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Endpoint types
openrc_cinder_endpoint_type: internalURL
openrc_nova_endpoint_type: internalURL
openrc_os_endpoint_type: internalURL
## Default credentials
openrc_os_username: admin
openrc_os_tenant_name: admin
openrc_os_auth_url: "http://127.0.0.1:5000"
## Deliberately allow access to SSL endpoints with bad certificates
openrc_insecure: "{{ (keystone_service_adminuri_insecure | bool or keystone_service_internaluri_insecure | bool) | default(false) }}"
## Create file
openrc_file_dest: "{{ ansible_env.HOME }}/openrc"
openrc_file_owner: "{{ ansible_user_id }}"
openrc_file_group: "{{ ansible_user_id }}"
View Git Blame Copy Permalink