diff options
Diffstat (limited to 'deploy/adapters/ansible/roles/keystone/tasks')
4 files changed, 0 insertions, 357 deletions
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml deleted file mode 100644 index ac3ff8fe..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml +++ /dev/null @@ -1,97 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: keystone-manage db-sync - shell: su -s /bin/sh -c 'keystone-manage db_sync' keystone - -- name: Check if fernet keys already exist - stat: - path: "/etc/keystone/fernet-keys/0" - register: fernet_keys_0 - -- name: Create fernet keys for Keystone - command: - keystone-manage fernet_setup - --keystone-user keystone - --keystone-group keystone - when: not fernet_keys_0.stat.exists - notify: - - restart keystone services - -- name: Rotate fernet keys for Keystone - command: - keystone-manage fernet_rotate - --keystone-user keystone - --keystone-group keystone - when: fernet_keys_0.stat.exists - notify: - - restart keystone services - -- name: Distribute the fernet key repository - shell: | - rsync -e 'ssh -o StrictHostKeyChecking=no' \ - -avz \ - --delete \ - /etc/keystone/fernet-keys \ - root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/ - with_items: "{{ groups['controller'][1:] }}" - notify: - - restart keystone services - -- name: Check if credential keys already exist - stat: - path: "/etc/keystone/credential-keys/0" - register: credential_keys_0 - -- name: Create credential keys for Keystone - command: - keystone-manage credential_setup - --keystone-user keystone - --keystone-group keystone - when: not credential_keys_0.stat.exists - notify: - - restart keystone services - -- name: Rotate credential keys for Keystone - command: - keystone-manage credential_rotate - --keystone-user keystone - --keystone-group keystone - when: credential_keys_0.stat.exists - notify: - - restart keystone services - -- name: Distribute the credential key repository - shell: | - rsync -e 'ssh -o StrictHostKeyChecking=no' \ - -avz \ - --delete \ - /etc/keystone/credential-keys \ - root@{{ hostvars[ item ].ansible_eth0.ipv4.address }}:/etc/keystone/ - with_items: "{{ groups['controller'][1:] }}" - notify: - - restart keystone services - -- name: Bootstrap the Identity service - shell: - keystone-manage bootstrap \ - --bootstrap-password {{ ADMIN_PASS }} \ - --bootstrap-admin-url http://{{ internal_ip }}:35357/v3/ \ - --bootstrap-internal-url http://{{ internal_ip }}:35357/v3/ \ - --bootstrap-public-url http://{{ internal_ip }}:5000/v3/ - --bootstrap-region-id RegionOne \ - notify: - - restart keystone services - -- meta: flush_handlers - -- name: wait for keystone ready - wait_for: port=35357 delay=15 timeout=60 host={{ internal_ip }} diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml deleted file mode 100644 index 10228952..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml +++ /dev/null @@ -1,120 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- name: set admin url for keystone endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: admin - region: "{{ item.region}}" - url: "{{ item.adminurl }}" - with_items: "{{ os_services[0:1] }}" - -- name: set internal url for keystone endpointl - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: internal - region: "{{ item.region}}" - url: "{{ item.internalurl }}" - with_items: "{{ os_services[0:1] }}" - -- name: set public url for keystone endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: public - region: "{{ item.region}}" - url: "{{ item.publicurl }}" - with_items: "{{ os_services[0:1] }}" - -- name: add service - os_keystone_service: - cloud: opnfv - name: "{{ item.name }}" - description: "{{ item.description }}" - service_type: "{{ item.type }}" - with_items: "{{ os_services }}" - -- name: add project - os_project: - cloud: opnfv - domain_id: default - name: "{{ item.tenant }}" - description: "{{ item.tenant_description }}" - with_items: "{{ os_users }}" - -- name: add user - os_user: - cloud: opnfv - domain: default - name: "{{ item.user }}" - password: "{{ item.password }}" - default_project: "{{ item.tenant }}" - email: "{{ item.email }}" - with_items: "{{ os_users }}" - -- name: add roles - os_keystone_role: - cloud: opnfv - name: "{{ item.role }}" - with_items: "{{ os_users }}" - -- name: grant roles - os_user_role: - cloud: opnfv - user: "{{ item.user }}" - role: "{{ item.role }}" - project: "{{ item.tenant }}" - with_items: "{{ os_users }}" - -- name: create admin url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: admin - region: "{{ item.region}}" - url: "{{ item.adminurl }}" - with_items: "{{ os_services[1:] }}" - -- name: create internal url for service's endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: internal - region: "{{ item.region}}" - url: "{{ item.internalurl }}" - with_items: "{{ os_services[1:] }}" - -- name: create public url for service'e endpoint - keystone_endpoint: - cloud: opnfv - endpoint_type: admin - name: "{{ item.name }}" - service_type: "{{ item.type }}" - state: present - interface: public - region: "{{ item.region}}" - url: "{{ item.publicurl }}" - with_items: "{{ os_services[1:] }}" diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml deleted file mode 100644 index a390ffca..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml +++ /dev/null @@ -1,110 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include_vars: "{{ ansible_os_family }}.yml" - -- name: disable auto start - copy: - content: "#!/bin/sh\nexit 101" - dest: "/usr/sbin/policy-rc.d" - mode: 0755 - when: ansible_os_family == "Debian" - -- name: install keystone packages - action: "{{ ansible_pkg_mgr }} name={{ item }} state=present" - with_items: "{{ packages | union(packages_noarch) }}" - -- name: enable auto start - file: - path=/usr/sbin/policy-rc.d - state=absent - when: ansible_os_family == "Debian" - -- name: disable boot auto start - file: - path={{ item }} - state=absent - with_items: - - /etc/init.d/keystone - - /etc/init/keystone.conf - - /lib/systemd/system/keystone.service - when: ansible_os_family == "Debian" - -- name: generate keystone service list - lineinfile: dest=/opt/service create=yes line='{{ item }}' - with_items: "{{ services | union(services_noarch) }}" - -- name: delete sqlite database - file: - path: /var/lib/keystone/keystone.db - state: absent - -- name: update keystone conf - template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes - notify: - - restart keystone services - -- name: assure listen port exist - lineinfile: - dest: '{{ apache_config_dir }}/ports.conf' - regexp: '{{ item.regexp }}' - line: '{{ item.line}}' - with_items: - - regexp: "^Listen {{ internal_ip }}:5000" - line: "Listen {{ internal_ip }}:5000" - - regexp: "^Listen {{ internal_ip }}:35357" - line: "Listen {{ internal_ip }}:35357" - notify: - - restart keystone services - -- name: update apache2 configs - template: - src: wsgi-keystone.conf.j2 - dest: '{{ apache_config_dir }}/sites-available/keystone.conf' - when: ansible_os_family == 'Debian' - notify: - - restart keystone services - -- name: update apache2 configs - template: - src: wsgi-keystone.conf.j2 - dest: '{{ apache_config_dir }}/keystone.conf' - when: ansible_os_family == 'RedHat' - notify: - - restart keystone services - -- name: enable keystone server - file: - src: "{{ apache_config_dir }}/sites-available/keystone.conf" - dest: "{{ apache_config_dir }}/sites-enabled/keystone.conf" - state: "link" - when: ansible_os_family == 'Debian' - notify: - - restart keystone services - -- name: install shade - pip: name=shade state=present - -- name: create path for os-client-config - file: - path: /etc/openstack - state: directory - mode: 0755 - -- name: copy os-client-config - template: - src: clouds.yml.j2 - dest: /etc/openstack/clouds.yml - -- name: keystone source files - template: src={{ item }} dest=/opt/{{ item }} - with_items: - - admin-openrc.sh - - admin-openrc-v2.sh - - demo-openrc.sh diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml deleted file mode 100644 index 29b6cd61..00000000 --- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml +++ /dev/null @@ -1,30 +0,0 @@ -############################################################################## -# Copyright (c) 2016 HUAWEI TECHNOLOGIES CO.,LTD and others. -# -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -- include: keystone_install.yml - tags: - - install - - keystone_install - - keystone - -- include: keystone_config.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - keystone_config - - keystone - -- meta: flush_handlers - -- include: keystone_create.yml - when: inventory_hostname == groups['controller'][0] - tags: - - config - - keystone_create - - keystone |