summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/keystone/tasks
diff options
context:
space:
mode:
authorcarey.xu <carey.xuhan@huawei.com>2015-10-12 20:15:22 +0800
committercarey.xu <carey.xuhan@huawei.com>2015-10-13 11:37:11 +0800
commit85d42c56cafb1b7426677c85f5fa0874c0858568 (patch)
treeef51561e1bbd92104713b5f2cd24861e5e942a81 /deploy/adapters/ansible/roles/keystone/tasks
parent2cbacbc060805b446769def612253798f3b7fb03 (diff)
make internal vip and public vip into one group
JIRA: COMPASS-88 Change-Id: Ie40033b99d29e79c6a50b3073f4147109a02d7fa Signed-off-by: carey.xu <carey.xuhan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/keystone/tasks')
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml60
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml6
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/main.yml1
3 files changed, 48 insertions, 19 deletions
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
index 78ac970b..f69a83cb 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
@@ -1,18 +1,52 @@
---
- name: keystone-manage db-sync
- shell: su -s /bin/sh -c "keystone-manage db_sync"
- register: result
- run_once: True
- until: result.rc == 0
- retries: 5
- delay: 3
+ keystone_manage: action=dbsync
-- name: place keystone init script under /opt/
- template: src=keystone_init dest=/opt/keystone_init mode=0744
+- name: wait for keystone ready
+ wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
-- name: run keystone_init
- run_once: True
- shell: /opt/keystone_init && touch keystone_init_complete || keystone_init_failed
- args:
- creates: keystone_init_complete
+- name: cron job to purge expired tokens hourly
+ cron:
+ name: 'purge expired tokens'
+ special_time: hourly
+ job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'
+- name: add tenants
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ tenant: "{{ item.tenant }}"
+ tenant_description: "{{ item.tenant_description }}"
+ with_items: "{{ os_users }}"
+
+- name: add users
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ tenant: "{{ item.tenant }}"
+ password: "{{ item.password }}"
+ email: "{{ item.email }}"
+ with_items: "{{ os_users }}"
+
+- name: grant roles
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ role: "{{ item.role }}"
+ tenant: "{{ item.tenant }}"
+ with_items: "{{ os_users }}"
+
+- name: add endpoints
+ keystone_service:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ name: "{{ item.name }}"
+ type: "{{ item.type }}"
+ region: "{{ item.region}}"
+ description: "{{ item.description }}"
+ publicurl: "{{ item.publicurl }}"
+ internalurl: "{{ item.internalurl }}"
+ adminurl: "{{ item.adminurl }}"
+ with_items: "{{ os_services }}"
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
index 32d2b6be..e4488016 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -15,12 +15,6 @@
- name: delete sqlite database
shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed
-- name: cron job to purge expired tokens hourly
- shell: (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' >> {{ cron_path }}/keystone
-
-- name: modify keystone cron rights
- file: path={{ cron_path }}/keystone mode=0600
-
- name: keystone source files
template: src={{ item }} dest=/opt/{{ item }}
with_items:
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
index 3ff37342..aa3ff1d5 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
@@ -6,6 +6,7 @@
- keystone
- include: keystone_config.yml
+ when: inventory_hostname == groups['controller'][0]
tags:
- config
- keystone_config