diff options
author | carey.xu <carey.xuhan@huawei.com> | 2015-10-12 20:15:22 +0800 |
---|---|---|
committer | carey.xu <carey.xuhan@huawei.com> | 2015-10-13 11:37:11 +0800 |
commit | 85d42c56cafb1b7426677c85f5fa0874c0858568 (patch) | |
tree | ef51561e1bbd92104713b5f2cd24861e5e942a81 /deploy/adapters/ansible/roles/keystone/tasks | |
parent | 2cbacbc060805b446769def612253798f3b7fb03 (diff) |
make internal vip and public vip into one group
JIRA: COMPASS-88
Change-Id: Ie40033b99d29e79c6a50b3073f4147109a02d7fa
Signed-off-by: carey.xu <carey.xuhan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/keystone/tasks')
3 files changed, 48 insertions, 19 deletions
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml index 78ac970b..f69a83cb 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml @@ -1,18 +1,52 @@ --- - name: keystone-manage db-sync - shell: su -s /bin/sh -c "keystone-manage db_sync" - register: result - run_once: True - until: result.rc == 0 - retries: 5 - delay: 3 + keystone_manage: action=dbsync -- name: place keystone init script under /opt/ - template: src=keystone_init dest=/opt/keystone_init mode=0744 +- name: wait for keystone ready + wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }} -- name: run keystone_init - run_once: True - shell: /opt/keystone_init && touch keystone_init_complete || keystone_init_failed - args: - creates: keystone_init_complete +- name: cron job to purge expired tokens hourly + cron: + name: 'purge expired tokens' + special_time: hourly + job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' +- name: add tenants + keystone_user: + token: "{{ ADMIN_TOKEN }}" + endpoint: "http://{{ internal_ip }}:35357/v2.0" + tenant: "{{ item.tenant }}" + tenant_description: "{{ item.tenant_description }}" + with_items: "{{ os_users }}" + +- name: add users + keystone_user: + token: "{{ ADMIN_TOKEN }}" + endpoint: "http://{{ internal_ip }}:35357/v2.0" + user: "{{ item.user }}" + tenant: "{{ item.tenant }}" + password: "{{ item.password }}" + email: "{{ item.email }}" + with_items: "{{ os_users }}" + +- name: grant roles + keystone_user: + token: "{{ ADMIN_TOKEN }}" + endpoint: "http://{{ internal_ip }}:35357/v2.0" + user: "{{ item.user }}" + role: "{{ item.role }}" + tenant: "{{ item.tenant }}" + with_items: "{{ os_users }}" + +- name: add endpoints + keystone_service: + token: "{{ ADMIN_TOKEN }}" + endpoint: "http://{{ internal_ip }}:35357/v2.0" + name: "{{ item.name }}" + type: "{{ item.type }}" + region: "{{ item.region}}" + description: "{{ item.description }}" + publicurl: "{{ item.publicurl }}" + internalurl: "{{ item.internalurl }}" + adminurl: "{{ item.adminurl }}" + with_items: "{{ os_services }}" diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml index 32d2b6be..e4488016 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml @@ -15,12 +15,6 @@ - name: delete sqlite database shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed -- name: cron job to purge expired tokens hourly - shell: (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' >> {{ cron_path }}/keystone - -- name: modify keystone cron rights - file: path={{ cron_path }}/keystone mode=0600 - - name: keystone source files template: src={{ item }} dest=/opt/{{ item }} with_items: diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml index 3ff37342..aa3ff1d5 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml @@ -6,6 +6,7 @@ - keystone - include: keystone_config.yml + when: inventory_hostname == groups['controller'][0] tags: - config - keystone_config |