summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/keystone
diff options
context:
space:
mode:
authorliyuenan <liyuenan@huawei.com>2016-12-19 11:06:36 +0800
committerliyuenan <liyuenan@huawei.com>2016-12-20 15:05:03 +0800
commit819912d0379f6cd2b2693c2968576f7514a117c5 (patch)
treee24d274484fa1ec8976c9f1bd44f5ee6e445724b /deploy/adapters/ansible/roles/keystone
parenteb5dbdac42b1b7b775fbc1dc513376425a6898ff (diff)
master only support newton
JIRA: COMPASS-513 Remove other roles and ppa, master only support newton. Change-Id: I47ddb16baa25902c3e05cc7f9d0d6430f5dc7e00 Signed-off-by: liyuenan <liyuenan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/keystone')
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml131
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml93
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml20
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/main.yml7
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v2.sh15
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh11
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh10
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/keystone.conf51
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j210
-rw-r--r--deploy/adapters/ansible/roles/keystone/vars/Debian.yml5
-rw-r--r--deploy/adapters/ansible/roles/keystone/vars/main.yml76
11 files changed, 325 insertions, 104 deletions
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
index e7e9297e..ea211470 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
@@ -7,55 +7,90 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
+- include_vars: "{{ ansible_os_family }}.yml"
+
- name: keystone-manage db-sync
- #keystone_manage: action=dbsync
shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone
+- name: Check if fernet keys already exist
+ stat:
+ path: "/etc/keystone/fernet-keys/0"
+ register: fernet_keys_0
+
+- name: Create fernet keys for Keystone
+ command:
+ keystone-manage fernet_setup
+ --keystone-user keystone
+ --keystone-group keystone
+ when: not fernet_keys_0.stat.exists
+ notify:
+ - restart keystone services
+
+- name: Rotate fernet keys for Keystone
+ command:
+ keystone-manage fernet_rotate
+ --keystone-user keystone
+ --keystone-group keystone
+ when: fernet_keys_0.stat.exists
+ notify:
+ - restart keystone services
+
+- name: Distribute the fernet key repository
+ shell: rsync -e 'ssh -o StrictHostKeyChecking=no' \
+ -avz \
+ --delete \
+ /etc/keystone/fernet-keys \
+ root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/
+ with_items: groups['controller'][1:]
+ notify:
+ - restart keystone services
+
+- name: Check if credential keys already exist
+ stat:
+ path: "/etc/keystone/credential-keys/0"
+ register: credential_keys_0
+
+- name: Create credential keys for Keystone
+ command:
+ keystone-manage credential_setup
+ --keystone-user keystone
+ --keystone-group keystone
+ when: not credential_keys_0.stat.exists
+ notify:
+ - restart keystone services
+
+- name: Rotate credential keys for Keystone
+ command:
+ keystone-manage credential_rotate
+ --keystone-user keystone
+ --keystone-group keystone
+ when: credential_keys_0.stat.exists
+ notify:
+ - restart keystone services
+
+- name: Distribute the credential key repository
+ shell: rsync -e 'ssh -o StrictHostKeyChecking=no' \
+ -avz \
+ --delete \
+ /etc/keystone/credential-keys \
+ root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/
+ with_items: groups['controller'][1:]
+ notify:
+ - restart keystone services
+
+- name: Bootstrap the Identity service
+ shell:
+ keystone-manage bootstrap \
+ --bootstrap-password {{ ADMIN_PASS }} \
+ --bootstrap-admin-url http://{{ internal_ip }}:35357/v3/ \
+ --bootstrap-internal-url http://{{ internal_ip }}:35357/v3/ \
+ --bootstrap-public-url http://{{ internal_ip }}:5000/v3/
+ --bootstrap-region-id RegionOne \
+ notify:
+ - restart keystone services
+
+- meta: flush_handlers
+
- name: wait for keystone ready
- wait_for: port=35357 delay=3 timeout=10 host={{ internal_ip }}
-
-- name: cron job to purge expired tokens hourly
- cron:
- name: 'purge expired tokens'
- special_time: hourly
- job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'
-
-- name: add tenants
- keystone_user:
- token: "{{ ADMIN_TOKEN }}"
- endpoint: "http://{{ internal_ip }}:35357/v2.0"
- tenant: "{{ item.tenant }}"
- tenant_description: "{{ item.tenant_description }}"
- with_items: "{{ os_users }}"
-
-- name: add users
- keystone_user:
- token: "{{ ADMIN_TOKEN }}"
- endpoint: "http://{{ internal_ip }}:35357/v2.0"
- user: "{{ item.user }}"
- tenant: "{{ item.tenant }}"
- password: "{{ item.password }}"
- email: "{{ item.email }}"
- with_items: "{{ os_users }}"
-
-- name: grant roles
- keystone_user:
- token: "{{ ADMIN_TOKEN }}"
- endpoint: "http://{{ internal_ip }}:35357/v2.0"
- user: "{{ item.user }}"
- role: "{{ item.role }}"
- tenant: "{{ item.tenant }}"
- with_items: "{{ os_users }}"
-
-- name: add endpoints
- keystone_service:
- token: "{{ ADMIN_TOKEN }}"
- endpoint: "http://{{ internal_ip }}:35357/v2.0"
- name: "{{ item.name }}"
- type: "{{ item.type }}"
- region: "{{ item.region}}"
- description: "{{ item.description }}"
- publicurl: "{{ item.publicurl }}"
- internalurl: "{{ item.internalurl }}"
- adminurl: "{{ item.adminurl }}"
- with_items: "{{ os_services }}"
+ wait_for: port=35357 delay=15 timeout=60 host={{ internal_ip }}
+
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
new file mode 100644
index 00000000..53077776
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
@@ -0,0 +1,93 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+- name: set keystone endpoint
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack endpoint set \
+ --interface public \
+ --url {{ item.publicurl }} \
+ $(openstack endpoint list | grep keystone | grep public | awk '{print $2}');
+ openstack endpoint set \
+ --interface internal \
+ --url {{ item.internalurl }} \
+ $(openstack endpoint list | grep keystone | grep internal | awk '{print $2}');
+ openstack endpoint set \
+ --interface admin \
+ --url {{ item.adminurl }} \
+ $(openstack endpoint list | grep keystone | grep admin | awk '{print $2}');
+ with_items: "{{ os_services[0:1] }}"
+
+- name: add service
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack service create \
+ --name "{{ item.name }}"
+ --description "{{ item.description }}" \
+ {{ item.type }}
+ with_items: "{{ os_services[1:] }}"
+
+- name: add project
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack project create --description "Service Project" service;
+ openstack project create --domain default --description "Demo Project" demo;
+
+- name: set admin user
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack user set \
+ --email "{{ item.email }}" \
+ --project "{{ item.tenant }}" \
+ --description "{{ item.tenant_description }}" \
+ --password "{{ item.password }}" \
+ {{ item.user }}
+ with_items: "{{ os_users }}"
+ when: item["user"] == "admin"
+
+- name: add user
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack user create \
+ --email "{{ item.email }}" \
+ --project "{{ item.tenant }}" \
+ --description "{{ item.tenant_description }}" \
+ --password "{{ item.password }}" \
+ {{ item.user }}
+ with_items: "{{ os_users[1:] }}"
+
+- name: add roles
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack role create {{ item.role }}
+ with_items: "{{ os_users }}"
+ when: item["user"] == "demo"
+
+- name: grant roles
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack role add \
+ --project "{{ item.tenant }}" \
+ --user "{{ item.user }}" \
+ {{ item.role }}
+ with_items: "{{ os_users }}"
+
+- name: add endpoints
+ shell:
+ . /opt/admin-openrc.sh;
+ openstack endpoint create \
+ --region {{ item.region }} \
+ {{ item.name }} public {{ item.publicurl }};
+ openstack endpoint create \
+ --region {{ item.region }} \
+ {{ item.name }} internal {{ item.internalurl }};
+ openstack endpoint create \
+ --region {{ item.region }} \
+ {{ item.name }} admin {{ item.adminurl }};
+ with_items: "{{ os_services[1:] }}"
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
index ea6926f4..757349c5 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -26,6 +26,16 @@
state=absent
when: ansible_os_family == "Debian"
+- name: disable boot auto start
+ file:
+ path={{ item }}
+ state=absent
+ with_items:
+ - /etc/init.d/keystone
+ - /etc/init/keystone.conf
+ - /lib/systemd/system/keystone.service
+ when: ansible_os_family == "Debian"
+
- name: generate keystone service list
lineinfile: dest=/opt/service create=yes line='{{ item }}'
with_items: services | union(services_noarch)
@@ -56,7 +66,7 @@
- name: update apache2 configs
template:
src: wsgi-keystone.conf.j2
- dest: '{{ apache_config_dir }}/sites-available/wsgi-keystone.conf'
+ dest: '{{ apache_config_dir }}/sites-available/keystone.conf'
when: ansible_os_family == 'Debian'
notify:
- restart keystone services
@@ -64,15 +74,15 @@
- name: update apache2 configs
template:
src: wsgi-keystone.conf.j2
- dest: '{{ apache_config_dir }}/wsgi-keystone.conf'
+ dest: '{{ apache_config_dir }}/keystone.conf'
when: ansible_os_family == 'RedHat'
notify:
- restart keystone services
- name: enable keystone server
file:
- src: "{{ apache_config_dir }}/sites-available/wsgi-keystone.conf"
- dest: "{{ apache_config_dir }}/sites-enabled/wsgi-keystone.conf"
+ src: "{{ apache_config_dir }}/sites-available/keystone.conf"
+ dest: "{{ apache_config_dir }}/sites-enabled/keystone.conf"
state: "link"
when: ansible_os_family == 'Debian'
notify:
@@ -82,7 +92,7 @@
template: src={{ item }} dest=/opt/{{ item }}
with_items:
- admin-openrc.sh
+ - admin-openrc-v2.sh
- demo-openrc.sh
- - admin-openrc-v3.sh
- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
index 21939fa7..ad619d40 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
@@ -20,4 +20,11 @@
- keystone_config
- keystone
+- include: keystone_create.yml
+ when: inventory_hostname == groups['controller'][0]
+ tags:
+ - config
+ - keystone_create
+ - keystone
+
- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v2.sh b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v2.sh
new file mode 100644
index 00000000..6ba620ff
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc-v2.sh
@@ -0,0 +1,15 @@
+##############################################################################
+# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+# Verify the Identity Service installation
+export OS_PASSWORD={{ ADMIN_PASS }}
+export OS_TENANT_NAME=admin
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+export OS_USERNAME=admin
+export OS_VOLUME_API_VERSION=2
+
diff --git a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh
index 6ba620ff..94d5850f 100644
--- a/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh
+++ b/deploy/adapters/ansible/roles/keystone/templates/admin-openrc.sh
@@ -7,9 +7,12 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
# Verify the Identity Service installation
-export OS_PASSWORD={{ ADMIN_PASS }}
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
export OS_TENANT_NAME=admin
-export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
+export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
-export OS_VOLUME_API_VERSION=2
-
+export OS_PASSWORD={{ ADMIN_PASS }}
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v3
+export OS_IDENTITY_API_VERSION=3
+export OS_IMAGE_API_VERSION=2
diff --git a/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh b/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh
index 5807e868..920f42ed 100644
--- a/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh
+++ b/deploy/adapters/ansible/roles/keystone/templates/demo-openrc.sh
@@ -6,8 +6,12 @@
# which accompanies this distribution, and is available at
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_TENANT_NAME=demo
+export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD={{ DEMO_PASS }}
-export OS_TENANT_NAME=demo
-export OS_AUTH_URL=http://{{ internal_vip.ip }}:35357/v2.0
-
+export OS_AUTH_URL=http://{{ internal_vip.ip }}:5000/v3
+export OS_IDENTITY_API_VERSION=3
+export OS_IMAGE_API_VERSION=2
diff --git a/deploy/adapters/ansible/roles/keystone/templates/keystone.conf b/deploy/adapters/ansible/roles/keystone/templates/keystone.conf
index 649fc32c..919be344 100644
--- a/deploy/adapters/ansible/roles/keystone/templates/keystone.conf
+++ b/deploy/adapters/ansible/roles/keystone/templates/keystone.conf
@@ -7,51 +7,52 @@
{% set memcached_servers = memcached_servers|join(',') %}
{% set rabbitmq_servers = rabbitmq_servers|join(',') %}
[DEFAULT]
-admin_token={{ ADMIN_TOKEN }}
debug={{ DEBUG }}
log_dir = /var/log/keystone
[cache]
-backend=keystone.cache.memcache_pool
-memcache_servers={{ memcached_servers}}
+backend = keystone.cache.memcache_pool
+memcache_servers = {{ memcached_servers}}
enabled=true
[revoke]
-driver=sql
-expiration_buffer=3600
-caching=true
+driver = sql
+expiration_buffer = 3600
+caching = true
[database]
connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone?charset=utf8
-idle_timeout=30
-min_pool_size=5
-max_pool_size=120
-pool_timeout=30
+idle_timeout = 30
+min_pool_size = 5
+max_pool_size = 120
+pool_timeout = 30
+[fernet_tokens]
+key_repository = /etc/keystone/fernet-keys/
[identity]
-default_domain_id=default
-driver=sql
+default_domain_id = default
+driver = sql
[assignment]
-driver=sql
+driver = sql
[resource]
-driver=sql
-caching=true
-cache_time=3600
-
+driver = sql
+caching = true
+cache_time = 3600
+
[token]
-enforce_token_bind=permissive
-expiration=43200
-provider=uuid
-driver=sql
-caching=true
-cache_time=3600
+enforce_token_bind = permissive
+expiration = 43200
+provider = fernet
+driver = sql
+caching = true
+cache_time = 3600
[eventlet_server]
-public_bind_host= {{ identity_host }}
-admin_bind_host= {{ identity_host }}
+public_bind_host = {{ identity_host }}
+admin_bind_host = {{ identity_host }}
[oslo_messaging_rabbit]
rabbit_userid = {{ RABBIT_USER }}
diff --git a/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
index 64d864af..55c89839 100644
--- a/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/deploy/adapters/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -1,6 +1,10 @@
- {% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+{% set work_threads = (ansible_processor_vcpus + 1) // 2 %}
+{% if work_threads > 10 %}
+{% set work_threads = 10 %}
+{% endif %}
+
<VirtualHost {{ internal_ip }}:5000>
- WSGIDaemonProcess keystone-public processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIDaemonProcess keystone-public processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
@@ -23,7 +27,7 @@
</VirtualHost>
<VirtualHost {{ internal_ip }}:35357>
- WSGIDaemonProcess keystone-admin processes={{ work_threads }} threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
+ WSGIDaemonProcess keystone-admin processes=4 threads={{ work_threads }} user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
diff --git a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
index b8d8e7c2..89bfbe0a 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/Debian.yml
@@ -11,8 +11,11 @@
cron_path: "/var/spool/cron/crontabs"
packages:
- - keystone
+ - apache2
+ - libapache2-mod-wsgi
+ - python-keystone
- python-openstackclient
+ - keystone
services:
- apache2
diff --git a/deploy/adapters/ansible/roles/keystone/vars/main.yml b/deploy/adapters/ansible/roles/keystone/vars/main.yml
index 655cd98d..ecaf7b51 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/main.yml
@@ -9,6 +9,7 @@
---
packages_noarch:
- python-keystoneclient
+ - python3-keystoneclient
services_noarch: []
os_services:
@@ -16,9 +17,9 @@ os_services:
type: identity
region: RegionOne
description: "OpenStack Identity"
- publicurl: "http://{{ public_vip.ip }}:5000/v2.0"
- internalurl: "http://{{ internal_vip.ip }}:5000/v2.0"
- adminurl: "http://{{ internal_vip.ip }}:35357/v2.0"
+ publicurl: "http://{{ public_vip.ip }}:5000/v3"
+ internalurl: "http://{{ internal_vip.ip }}:5000/v3"
+ adminurl: "http://{{ internal_vip.ip }}:35357/v3"
- name: glance
type: image
@@ -32,9 +33,9 @@ os_services:
type: compute
region: RegionOne
description: "OpenStack Compute"
- publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s"
- internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
- adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+ publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
+ internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
+ adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
- name: neutron
type: network
@@ -52,29 +53,37 @@ os_services:
internalurl: "http://{{ internal_vip.ip }}:8777"
adminurl: "http://{{ internal_vip.ip }}:8777"
+ - name: aodh
+ type: alarming
+ region: RegionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8042"
+ internalurl: "http://{{ internal_vip.ip }}:8042"
+ adminurl: "http://{{ internal_vip.ip }}:8042"
+
- name: cinder
type: volume
region: RegionOne
description: "OpenStack Block Storage"
- publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
- internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
- adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+ publicurl: "http://{{ public_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
- name: cinderv2
type: volumev2
region: RegionOne
description: "OpenStack Block Storage v2"
- publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s"
- internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
- adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+ publicurl: "http://{{ public_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
- name: heat
type: orchestration
region: RegionOne
description: "OpenStack Orchestration"
- publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s"
- internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
- adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+ publicurl: "http://{{ public_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
+ internalurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
+ adminurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
- name: heat-cfn
type: cloudformation
@@ -84,6 +93,22 @@ os_services:
internalurl: "http://{{ internal_vip.ip }}:8000/v1"
adminurl: "http://{{ internal_vip.ip }}:8000/v1"
+ - name: congress
+ type: policy
+ region: RegionOne
+ description: "OpenStack Policy Service"
+ publicurl: "http://{{ public_vip.ip }}:1789"
+ internalurl: "http://{{ internal_vip.ip }}:1789"
+ adminurl: "http://{{ internal_vip.ip }}:1789"
+
+# - name: swift
+# type: object-store
+# region: RegionOne
+# description: "OpenStack Object Storage"
+# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
+# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
+# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
+
os_users:
- user: admin
password: "{{ ADMIN_PASS }}"
@@ -134,6 +159,13 @@ os_users:
tenant: service
tenant_description: "Service Tenant"
+ - user: aodh
+ password: "{{ AODH_PASS }}"
+ email: aodh@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
- user: heat
password: "{{ HEAT_PASS }}"
email: heat@admin.com
@@ -141,9 +173,23 @@ os_users:
tenant: service
tenant_description: "Service Tenant"
+ - user: congress
+ password: "{{ CONGRESS_PASS }}"
+ email: congress@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
- user: demo
password: "{{ DEMO_PASS }}"
email: heat@demo.com
role: heat_stack_user
tenant: demo
tenant_description: "Demo Tenant"
+
+# - user: swift
+# password: "{{ CINDER_PASS }}"
+# email: swift@admin.com
+# role: admin
+# tenant: service
+# tenant_description: "Service Tenant"