summaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/roles/keystone
diff options
context:
space:
mode:
Diffstat (limited to 'deploy/adapters/ansible/roles/keystone')
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml60
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml6
-rw-r--r--deploy/adapters/ansible/roles/keystone/tasks/main.yml1
-rw-r--r--deploy/adapters/ansible/roles/keystone/templates/keystone_init54
-rw-r--r--deploy/adapters/ansible/roles/keystone/vars/main.yml98
5 files changed, 146 insertions, 73 deletions
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
index 78ac970b..f69a83cb 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_config.yml
@@ -1,18 +1,52 @@
---
- name: keystone-manage db-sync
- shell: su -s /bin/sh -c "keystone-manage db_sync"
- register: result
- run_once: True
- until: result.rc == 0
- retries: 5
- delay: 3
+ keystone_manage: action=dbsync
-- name: place keystone init script under /opt/
- template: src=keystone_init dest=/opt/keystone_init mode=0744
+- name: wait for keystone ready
+ wait_for: port=35357 delay=3 timeout=10 host={{ internal_vip.ip }}
-- name: run keystone_init
- run_once: True
- shell: /opt/keystone_init && touch keystone_init_complete || keystone_init_failed
- args:
- creates: keystone_init_complete
+- name: cron job to purge expired tokens hourly
+ cron:
+ name: 'purge expired tokens'
+ special_time: hourly
+ job: '/usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1'
+- name: add tenants
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ tenant: "{{ item.tenant }}"
+ tenant_description: "{{ item.tenant_description }}"
+ with_items: "{{ os_users }}"
+
+- name: add users
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ tenant: "{{ item.tenant }}"
+ password: "{{ item.password }}"
+ email: "{{ item.email }}"
+ with_items: "{{ os_users }}"
+
+- name: grant roles
+ keystone_user:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ user: "{{ item.user }}"
+ role: "{{ item.role }}"
+ tenant: "{{ item.tenant }}"
+ with_items: "{{ os_users }}"
+
+- name: add endpoints
+ keystone_service:
+ token: "{{ ADMIN_TOKEN }}"
+ endpoint: "http://{{ internal_ip }}:35357/v2.0"
+ name: "{{ item.name }}"
+ type: "{{ item.type }}"
+ region: "{{ item.region}}"
+ description: "{{ item.description }}"
+ publicurl: "{{ item.publicurl }}"
+ internalurl: "{{ item.internalurl }}"
+ adminurl: "{{ item.adminurl }}"
+ with_items: "{{ os_services }}"
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
index 32d2b6be..e4488016 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -15,12 +15,6 @@
- name: delete sqlite database
shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed
-- name: cron job to purge expired tokens hourly
- shell: (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' >> {{ cron_path }}/keystone
-
-- name: modify keystone cron rights
- file: path={{ cron_path }}/keystone mode=0600
-
- name: keystone source files
template: src={{ item }} dest=/opt/{{ item }}
with_items:
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
index 3ff37342..aa3ff1d5 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
@@ -6,6 +6,7 @@
- keystone
- include: keystone_config.yml
+ when: inventory_hostname == groups['controller'][0]
tags:
- config
- keystone_config
diff --git a/deploy/adapters/ansible/roles/keystone/templates/keystone_init b/deploy/adapters/ansible/roles/keystone/templates/keystone_init
deleted file mode 100644
index 0ea6e08a..00000000
--- a/deploy/adapters/ansible/roles/keystone/templates/keystone_init
+++ /dev/null
@@ -1,54 +0,0 @@
-set -e
-while ! keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-list; do
- echo "not ready"
- sleep 1
-done
-echo "keystone is ready"
-
-# create an administrative user
-
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 role-create --name=admin
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-create --name=admin --description="Admin Tenant"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=admin --pass={{ ADMIN_PASS }} --tenant=admin --email=admin@admin.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user=admin --tenant=admin --role=admin
-
-# create a normal user
-
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-create --name=demo --description="Demo Tenant"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=demo --pass={{ DEMO_PASS }} --tenant=demo --email=DEMO_EMAIL
-
-# create a service tenant
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 tenant-create --name=service --description="Service Tenant"
-
-# regist keystone
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name=keystone --type=identity --description="OpenStack Identity"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service_id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ identity / {print $2}') --publicurl=http://{{ public_vip.ip }}:5000/v2.0 --internalurl=http://{{ internal_vip.ip }}:5000/v2.0 --adminurl=http://{{ internal_vip.ip }}:35357/v2.0
-
-# Create a glance user that the Image Service can use to authenticate with the Identity service
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=glance --pass={{ GLANCE_PASS }} --email=glance@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user=glance --tenant=service --role=admin
-
-#Register the Image Service with the Identity service so that other OpenStack services can locate it
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name=glance --type=image --description="OpenStack Image Service"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ image / {print $2}') --publicurl=http://{{ public_vip.ip }}:9292 --internalurl=http://{{ internal_vip.ip }}:9292 --adminurl=http://{{ internal_vip.ip }}:9292
-
-#Create a nova user that Compute uses to authenticate with the Identity Service
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name=nova --pass={{ NOVA_PASS }} --email=nova@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user=nova --tenant=service --role=admin
-
-# register Compute with the Identity Service so that other OpenStack services can locate it
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name=nova --type=compute --description="OpenStack Compute"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ compute / {print $2}') --publicurl=http://{{ public_vip.ip }}:8774/v2/%\(tenant_id\)s --internalurl=http://{{ internal_vip.ip }}:8774/v2/%\(tenant_id\)s --adminurl=http://{{ internal_vip.ip }}:8774/v2/%\(tenant_id\)s
-
-# register netron user, role and service
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name neutron --pass {{ NEUTRON_PASS }} --email neutron@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user neutron --tenant service --role admin
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name neutron --type network --description "OpenStack Networking"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id $(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ network / {print $2}') --publicurl http://{{ public_vip.ip }}:9696 --adminurl http://{{ internal_vip.ip }}:9696 --internalurl http://{{ internal_vip.ip }}:9696
-
-
-# register ceilometer related
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-create --name ceilometer --pass {{ CEILOMETER_PASS }} --email ceilometer@example.com
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 user-role-add --user ceilometer --tenant service --role admin
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-create --name ceilometer --type metering --description "OpenStack Telemetry"
-keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 endpoint-create --service-id $(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ internal_vip.ip }}:35357/v2.0 service-list | awk '/ metering / {print $2}') --publicurl http://{{ public_vip.ip }}:8777 --adminurl http://{{ internal_vip.ip }}:8777 --internalurl http://{{ internal_vip.ip }}:8777
diff --git a/deploy/adapters/ansible/roles/keystone/vars/main.yml b/deploy/adapters/ansible/roles/keystone/vars/main.yml
index cc24916a..dc3ca498 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/main.yml
@@ -3,4 +3,102 @@ packages_noarch:
- python-keystoneclient
services_noarch: []
+os_services:
+ - name: keystone
+ type: identity
+ region: regionOne
+ description: "OpenStack Identity"
+ publicurl: "http://{{ public_vip.ip }}:5000/v2.0"
+ internalurl: "http://{{ internal_vip.ip }}:5000/v2.0"
+ adminurl: "http://{{ internal_vip.ip }}:35357/v2.0"
+ - name: glance
+ type: image
+ region: regionOne
+ description: "OpenStack Image Service"
+ publicurl: "http://{{ public_vip.ip }}:9292"
+ internalurl: "http://{{ internal_vip.ip }}:9292"
+ adminurl: "http://{{ internal_vip.ip }}:9292"
+
+ - name: nova
+ type: compute
+ region: regionOne
+ description: "OpenStack Compute"
+ publicurl: "http://{{ public_vip.ip }}:8774/v2/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8774/v2/%(tenant_id)s"
+
+ - name: neutron
+ type: network
+ region: regionOne
+ description: "OpenStack Networking"
+ publicurl: "http://{{ public_vip.ip }}:9696"
+ internalurl: "http://{{ internal_vip.ip }}:9696"
+ adminurl: "http://{{ internal_vip.ip }}:9696"
+
+ - name: ceilometer
+ type: metering
+ region: regionOne
+ description: "OpenStack Telemetry"
+ publicurl: "http://{{ public_vip.ip }}:8777/v2.0"
+ internalurl: "http://{{ internal_vip.ip }}:8777/v2.0"
+ adminurl: "http://{{ internal_vip.ip }}:8777/v2.0"
+
+ - name: cinder
+ type: volume
+ region: regionOne
+ description: "OpenStack Block Storage"
+ publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
+ internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+ adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+
+
+os_users:
+ - user: admin
+ password: "{{ ADMIN_PASS }}"
+ email: admin@admin.com
+ role: admin
+ tenant: admin
+ tenant_description: "Admin Tenant"
+
+ - user: glance
+ password: "{{ GLANCE_PASS }}"
+ email: glance@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: nova
+ password: "{{ NOVA_PASS }}"
+ email: nova@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: keystone
+ password: "{{ keystone_PASS }}"
+ email: keystone@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: neutron
+ password: "{{ NEUTRON_PASS }}"
+ email: neutron@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: ceilometer
+ password: "{{ CEILOMETER_PASS }}"
+ email: ceilometer@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"
+
+ - user: cinder
+ password: "{{ CINDER_PASS }}"
+ email: cinder@admin.com
+ role: admin
+ tenant: service
+ tenant_description: "Service Tenant"