summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/keystone
diff options
context:
space:
mode:
authorliyuenan <liyuenan@huawei.com>2017-01-18 18:05:27 +0800
committerliyuenan <liyuenan@huawei.com>2017-01-25 12:37:20 +0800
commit7173757a6190f4528d36053d82467c74dbf16b3f (patch)
treebfed2b845188bf51891f6397b3fbd3afbd566fea /deploy/adapters/ansible/roles/keystone
parentd001a27936a5d55cda2d8ca0849f30a8bd1c0b3d (diff)
Ansible Module substitute for Shell Commands
JIRA: COMPASS-520 After update ansible version to v3, keystone_user module only support v2 API. So we use Shell Commands now, but it will failed with high probability. Those Shell Commands should be instead by ansible modules to manage Identity users, projects or some other work like crate networks. Change-Id: I63d38b4a811a9c063ac4404da72787f594411b53 Signed-off-by: liyuenan <liyuenan@huawei.com>
Diffstat (limited to 'deploy/adapters/ansible/roles/keystone')
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml198
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml16
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/main.yml4
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j212
-rw-r--r--deploy/adapters/ansible/roles/keystone/vars/main.yml30
5 files changed, 138 insertions, 122 deletions
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
index 2f5aefeb..10228952 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
@@ -7,122 +7,114 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
-- name: set keystone endpoint
- shell:
- . /opt/admin-openrc.sh;
- openstack endpoint set \
- --interface public \
- --url {{ item.publicurl }} \
- $(openstack endpoint list | grep keystone | grep public \
- | awk '{print $2}');
- openstack endpoint set \
- --interface internal \
- --url {{ item.internalurl }} \
- $(openstack endpoint list | grep keystone | grep internal \
- | awk '{print $2}');
- openstack endpoint set \
- --interface admin \
- --url {{ item.adminurl }} \
- $(openstack endpoint list | grep keystone | grep admin \
- | awk '{print $2}');
+- name: set admin url for keystone endpoint
+ keystone_endpoint:
+ cloud: opnfv
+ endpoint_type: admin
+ name: "{{ item.name }}"
+ service_type: "{{ item.type }}"
+ state: present
+ interface: admin
+ region: "{{ item.region}}"
+ url: "{{ item.adminurl }}"
+ with_items: "{{ os_services[0:1] }}"
+
+- name: set internal url for keystone endpointl
+ keystone_endpoint:
+ cloud: opnfv
+ endpoint_type: admin
+ name: "{{ item.name }}"
+ service_type: "{{ item.type }}"
+ state: present
+ interface: internal
+ region: "{{ item.region}}"
+ url: "{{ item.internalurl }}"
+ with_items: "{{ os_services[0:1] }}"
+
+- name: set public url for keystone endpoint
+ keystone_endpoint:
+ cloud: opnfv
+ endpoint_type: admin
+ name: "{{ item.name }}"
+ service_type: "{{ item.type }}"
+ state: present
+ interface: public
+ region: "{{ item.region}}"
+ url: "{{ item.publicurl }}"
with_items: "{{ os_services[0:1] }}"
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
- name: add service
- shell:
- . /opt/admin-openrc.sh;
- openstack service create \
- --name "{{ item.name }}"
- --description "{{ item.description }}" \
- {{ item.type }}
- with_items: "{{ os_services[1:] }}"
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
+ os_keystone_service:
+ cloud: opnfv
+ name: "{{ item.name }}"
+ description: "{{ item.description }}"
+ service_type: "{{ item.type }}"
+ with_items: "{{ os_services }}"
- name: add project
- shell:
- . /opt/admin-openrc.sh;
- openstack project create --description "Service Project" service;
- openstack project create --domain default --description "Demo Project" demo;
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
-
-- name: set admin user
- shell:
- . /opt/admin-openrc.sh;
- openstack user set \
- --email "{{ item.email }}" \
- --project "{{ item.tenant }}" \
- --description "{{ item.tenant_description }}" \
- --password "{{ item.password }}" \
- {{ item.user }}
+ os_project:
+ cloud: opnfv
+ domain_id: default
+ name: "{{ item.tenant }}"
+ description: "{{ item.tenant_description }}"
with_items: "{{ os_users }}"
- when: item["user"] == "admin"
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
- name: add user
- shell:
- . /opt/admin-openrc.sh;
- openstack user create \
- --email "{{ item.email }}" \
- --project "{{ item.tenant }}" \
- --description "{{ item.tenant_description }}" \
- --password "{{ item.password }}" \
- {{ item.user }}
- with_items: "{{ os_users[1:] }}"
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
+ os_user:
+ cloud: opnfv
+ domain: default
+ name: "{{ item.user }}"
+ password: "{{ item.password }}"
+ default_project: "{{ item.tenant }}"
+ email: "{{ item.email }}"
+ with_items: "{{ os_users }}"
- name: add roles
- shell:
- . /opt/admin-openrc.sh;
- openstack role create {{ item.role }}
+ os_keystone_role:
+ cloud: opnfv
+ name: "{{ item.role }}"
with_items: "{{ os_users }}"
- when: item["user"] == "demo"
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
- name: grant roles
- shell:
- . /opt/admin-openrc.sh;
- openstack role add \
- --project "{{ item.tenant }}" \
- --user "{{ item.user }}" \
- {{ item.role }}
+ os_user_role:
+ cloud: opnfv
+ user: "{{ item.user }}"
+ role: "{{ item.role }}"
+ project: "{{ item.tenant }}"
with_items: "{{ os_users }}"
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
-- name: add endpoints
- shell:
- . /opt/admin-openrc.sh;
- openstack endpoint create \
- --region {{ item.region }} \
- {{ item.name }} public {{ item.publicurl }};
- openstack endpoint create \
- --region {{ item.region }} \
- {{ item.name }} internal {{ item.internalurl }};
- openstack endpoint create \
- --region {{ item.region }} \
- {{ item.name }} admin {{ item.adminurl }};
+- name: create admin url for service's endpoint
+ keystone_endpoint:
+ cloud: opnfv
+ endpoint_type: admin
+ name: "{{ item.name }}"
+ service_type: "{{ item.type }}"
+ state: present
+ interface: admin
+ region: "{{ item.region}}"
+ url: "{{ item.adminurl }}"
+ with_items: "{{ os_services[1:] }}"
+
+- name: create internal url for service's endpoint
+ keystone_endpoint:
+ cloud: opnfv
+ endpoint_type: admin
+ name: "{{ item.name }}"
+ service_type: "{{ item.type }}"
+ state: present
+ interface: internal
+ region: "{{ item.region}}"
+ url: "{{ item.internalurl }}"
+ with_items: "{{ os_services[1:] }}"
+
+- name: create public url for service'e endpoint
+ keystone_endpoint:
+ cloud: opnfv
+ endpoint_type: admin
+ name: "{{ item.name }}"
+ service_type: "{{ item.type }}"
+ state: present
+ interface: public
+ region: "{{ item.region}}"
+ url: "{{ item.publicurl }}"
with_items: "{{ os_services[1:] }}"
- register: result
- until: result.rc == 0
- retries: 10
- delay: 5
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
index 0d3161ed..a390ffca 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -88,11 +88,23 @@
notify:
- restart keystone services
+- name: install shade
+ pip: name=shade state=present
+
+- name: create path for os-client-config
+ file:
+ path: /etc/openstack
+ state: directory
+ mode: 0755
+
+- name: copy os-client-config
+ template:
+ src: clouds.yml.j2
+ dest: /etc/openstack/clouds.yml
+
- name: keystone source files
template: src={{ item }} dest=/opt/{{ item }}
with_items:
- admin-openrc.sh
- admin-openrc-v2.sh
- demo-openrc.sh
-
-- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
index ad619d40..29b6cd61 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
@@ -20,11 +20,11 @@
- keystone_config
- keystone
+- meta: flush_handlers
+
- include: keystone_create.yml
when: inventory_hostname == groups['controller'][0]
tags:
- config
- keystone_create
- keystone
-
-- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2
new file mode 100644
index 00000000..b387f7b8
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2
@@ -0,0 +1,12 @@
+---
+clouds:
+ opnfv:
+ auth:
+ username: 'admin'
+ password: {{ ADMIN_PASS }}
+ project_name: 'admin'
+ auth_url: 'http://{{ internal_vip.ip }}:35357/v3'
+ project_domain_name: default
+ user_domain_name: default
+ identity_api_version: 3
+ region_name: RegionOne
diff --git a/deploy/adapters/ansible/roles/keystone/vars/main.yml b/deploy/adapters/ansible/roles/keystone/vars/main.yml
index 65ae4090..2e5f57ca 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/main.yml
@@ -32,9 +32,9 @@ os_services:
type: compute
region: RegionOne
description: "OpenStack Compute"
- publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
- internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
- adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
+ publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s"
- name: neutron
type: network
@@ -64,25 +64,25 @@ os_services:
type: volume
region: RegionOne
description: "OpenStack Block Storage"
- publicurl: "http://{{ public_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
- internalurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
- adminurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
+ publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
- name: cinderv2
type: volumev2
region: RegionOne
description: "OpenStack Block Storage v2"
- publicurl: "http://{{ public_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
- internalurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
- adminurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
+ publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
- name: heat
type: orchestration
region: RegionOne
description: "OpenStack Orchestration"
- publicurl: "http://{{ public_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
- internalurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
- adminurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
+ publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
- name: heat-cfn
type: cloudformation
@@ -104,9 +104,9 @@ os_services:
# type: object-store
# region: RegionOne
# description: "OpenStack Object Storage"
-# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
-# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
-# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
+# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
os_users:
- user: admin