diff options
Diffstat (limited to 'deploy/adapters/ansible/roles/keystone')
5 files changed, 138 insertions, 122 deletions
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml index 2f5aefeb..10228952 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml @@ -7,122 +7,114 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- -- name: set keystone endpoint - shell: - . /opt/admin-openrc.sh; - openstack endpoint set \ - --interface public \ - --url {{ item.publicurl }} \ - $(openstack endpoint list | grep keystone | grep public \ - | awk '{print $2}'); - openstack endpoint set \ - --interface internal \ - --url {{ item.internalurl }} \ - $(openstack endpoint list | grep keystone | grep internal \ - | awk '{print $2}'); - openstack endpoint set \ - --interface admin \ - --url {{ item.adminurl }} \ - $(openstack endpoint list | grep keystone | grep admin \ - | awk '{print $2}'); +- name: set admin url for keystone endpoint + keystone_endpoint: + cloud: opnfv + endpoint_type: admin + name: "{{ item.name }}" + service_type: "{{ item.type }}" + state: present + interface: admin + region: "{{ item.region}}" + url: "{{ item.adminurl }}" + with_items: "{{ os_services[0:1] }}" + +- name: set internal url for keystone endpointl + keystone_endpoint: + cloud: opnfv + endpoint_type: admin + name: "{{ item.name }}" + service_type: "{{ item.type }}" + state: present + interface: internal + region: "{{ item.region}}" + url: "{{ item.internalurl }}" + with_items: "{{ os_services[0:1] }}" + +- name: set public url for keystone endpoint + keystone_endpoint: + cloud: opnfv + endpoint_type: admin + name: "{{ item.name }}" + service_type: "{{ item.type }}" + state: present + interface: public + region: "{{ item.region}}" + url: "{{ item.publicurl }}" with_items: "{{ os_services[0:1] }}" - register: result - until: result.rc == 0 - retries: 10 - delay: 5 - name: add service - shell: - . /opt/admin-openrc.sh; - openstack service create \ - --name "{{ item.name }}" - --description "{{ item.description }}" \ - {{ item.type }} - with_items: "{{ os_services[1:] }}" - register: result - until: result.rc == 0 - retries: 10 - delay: 5 + os_keystone_service: + cloud: opnfv + name: "{{ item.name }}" + description: "{{ item.description }}" + service_type: "{{ item.type }}" + with_items: "{{ os_services }}" - name: add project - shell: - . /opt/admin-openrc.sh; - openstack project create --description "Service Project" service; - openstack project create --domain default --description "Demo Project" demo; - register: result - until: result.rc == 0 - retries: 10 - delay: 5 - -- name: set admin user - shell: - . /opt/admin-openrc.sh; - openstack user set \ - --email "{{ item.email }}" \ - --project "{{ item.tenant }}" \ - --description "{{ item.tenant_description }}" \ - --password "{{ item.password }}" \ - {{ item.user }} + os_project: + cloud: opnfv + domain_id: default + name: "{{ item.tenant }}" + description: "{{ item.tenant_description }}" with_items: "{{ os_users }}" - when: item["user"] == "admin" - register: result - until: result.rc == 0 - retries: 10 - delay: 5 - name: add user - shell: - . /opt/admin-openrc.sh; - openstack user create \ - --email "{{ item.email }}" \ - --project "{{ item.tenant }}" \ - --description "{{ item.tenant_description }}" \ - --password "{{ item.password }}" \ - {{ item.user }} - with_items: "{{ os_users[1:] }}" - register: result - until: result.rc == 0 - retries: 10 - delay: 5 + os_user: + cloud: opnfv + domain: default + name: "{{ item.user }}" + password: "{{ item.password }}" + default_project: "{{ item.tenant }}" + email: "{{ item.email }}" + with_items: "{{ os_users }}" - name: add roles - shell: - . /opt/admin-openrc.sh; - openstack role create {{ item.role }} + os_keystone_role: + cloud: opnfv + name: "{{ item.role }}" with_items: "{{ os_users }}" - when: item["user"] == "demo" - register: result - until: result.rc == 0 - retries: 10 - delay: 5 - name: grant roles - shell: - . /opt/admin-openrc.sh; - openstack role add \ - --project "{{ item.tenant }}" \ - --user "{{ item.user }}" \ - {{ item.role }} + os_user_role: + cloud: opnfv + user: "{{ item.user }}" + role: "{{ item.role }}" + project: "{{ item.tenant }}" with_items: "{{ os_users }}" - register: result - until: result.rc == 0 - retries: 10 - delay: 5 -- name: add endpoints - shell: - . /opt/admin-openrc.sh; - openstack endpoint create \ - --region {{ item.region }} \ - {{ item.name }} public {{ item.publicurl }}; - openstack endpoint create \ - --region {{ item.region }} \ - {{ item.name }} internal {{ item.internalurl }}; - openstack endpoint create \ - --region {{ item.region }} \ - {{ item.name }} admin {{ item.adminurl }}; +- name: create admin url for service's endpoint + keystone_endpoint: + cloud: opnfv + endpoint_type: admin + name: "{{ item.name }}" + service_type: "{{ item.type }}" + state: present + interface: admin + region: "{{ item.region}}" + url: "{{ item.adminurl }}" + with_items: "{{ os_services[1:] }}" + +- name: create internal url for service's endpoint + keystone_endpoint: + cloud: opnfv + endpoint_type: admin + name: "{{ item.name }}" + service_type: "{{ item.type }}" + state: present + interface: internal + region: "{{ item.region}}" + url: "{{ item.internalurl }}" + with_items: "{{ os_services[1:] }}" + +- name: create public url for service'e endpoint + keystone_endpoint: + cloud: opnfv + endpoint_type: admin + name: "{{ item.name }}" + service_type: "{{ item.type }}" + state: present + interface: public + region: "{{ item.region}}" + url: "{{ item.publicurl }}" with_items: "{{ os_services[1:] }}" - register: result - until: result.rc == 0 - retries: 10 - delay: 5 diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml index 0d3161ed..a390ffca 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml @@ -88,11 +88,23 @@ notify: - restart keystone services +- name: install shade + pip: name=shade state=present + +- name: create path for os-client-config + file: + path: /etc/openstack + state: directory + mode: 0755 + +- name: copy os-client-config + template: + src: clouds.yml.j2 + dest: /etc/openstack/clouds.yml + - name: keystone source files template: src={{ item }} dest=/opt/{{ item }} with_items: - admin-openrc.sh - admin-openrc-v2.sh - demo-openrc.sh - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml index ad619d40..29b6cd61 100644 --- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml +++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml @@ -20,11 +20,11 @@ - keystone_config - keystone +- meta: flush_handlers + - include: keystone_create.yml when: inventory_hostname == groups['controller'][0] tags: - config - keystone_create - keystone - -- meta: flush_handlers diff --git a/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 new file mode 100644 index 00000000..b387f7b8 --- /dev/null +++ b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 @@ -0,0 +1,12 @@ +--- +clouds: + opnfv: + auth: + username: 'admin' + password: {{ ADMIN_PASS }} + project_name: 'admin' + auth_url: 'http://{{ internal_vip.ip }}:35357/v3' + project_domain_name: default + user_domain_name: default + identity_api_version: 3 + region_name: RegionOne diff --git a/deploy/adapters/ansible/roles/keystone/vars/main.yml b/deploy/adapters/ansible/roles/keystone/vars/main.yml index 65ae4090..2e5f57ca 100644 --- a/deploy/adapters/ansible/roles/keystone/vars/main.yml +++ b/deploy/adapters/ansible/roles/keystone/vars/main.yml @@ -32,9 +32,9 @@ os_services: type: compute region: RegionOne description: "OpenStack Compute" - publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s" - internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s" - adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s" + publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s" - name: neutron type: network @@ -64,25 +64,25 @@ os_services: type: volume region: RegionOne description: "OpenStack Block Storage" - publicurl: "http://{{ public_vip.ip }}:8776/v1/%\\(tenant_id\\)s" - internalurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s" - adminurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s" + publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s" - name: cinderv2 type: volumev2 region: RegionOne description: "OpenStack Block Storage v2" - publicurl: "http://{{ public_vip.ip }}:8776/v2/%\\(tenant_id\\)s" - internalurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s" - adminurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s" + publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s" - name: heat type: orchestration region: RegionOne description: "OpenStack Orchestration" - publicurl: "http://{{ public_vip.ip }}:8004/v1/%\\(tenant_id\\)s" - internalurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s" - adminurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s" + publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s" + internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" + adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s" - name: heat-cfn type: cloudformation @@ -104,9 +104,9 @@ os_services: # type: object-store # region: RegionOne # description: "OpenStack Object Storage" -# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s" -# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s" -# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s" +# publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" +# internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" +# adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s" os_users: - user: admin |