10 files changed, 257 insertions, 166 deletions

diff --git a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
index d212dd99..b73bb0a9 100644
--- a/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/ext-network/tasks/main.yml
@@ -22,25 +22,43 @@
   wait_for: port=9696 delay=10 timeout=60 host={{ internal_ip }}
 
 - name: create external net
-  shell:
-    . /opt/admin-openrc.sh;
-    neutron net-create \
-        {{ public_net_info.network }} \
-        --provider:network_type {{ public_net_info.type }} \
-        --provider:physical_network {{ public_net_info.provider_network }} \
-        --router:external "True"
+  os_network:
+    cloud: opnfv
+    name: "{{ public_net_info.network }}"
+    provider_network_type: "{{ public_net_info.type }}"
+    provider_physical_network: "{{ public_net_info.provider_network }}"
+    shared: false
+    external: "yes"
+    state: present
+  run_once: true
   when: public_net_info.enable == "True"
-        and inventory_hostname == groups['controller'][0]
+        and public_net_info.type == "flat"
+
+- name: create external net
+  os_network:
+    cloud: opnfv
+    name: "{{ public_net_info.network }}"
+    provider_network_type: "{{ public_net_info.type }}"
+    provider_physical_network: "{{ public_net_info.provider_network }}"
+    provider_segmentation_id: "{{ public_net_info.segment_id }}"
+    shared: false
+    external: "yes"
+    state: present
+  run_once: true
+  when: public_net_info.enable == "True"
+        and public_net_info.type != "flat"
 
 - name: create external subnet
-  shell:
-    . /opt/admin-openrc.sh;
-    neutron subnet-create \
-        --name {{ public_net_info.subnet }} \
-        --gateway {{ public_net_info.external_gw }} \
-        --disable-dhcp \
-        --allocation-pool \
-        start={{ public_net_info.floating_ip_start }},end={{ public_net_info.floating_ip_end }} \
-        {{ public_net_info.network }} {{ public_net_info.floating_ip_cidr }}
+  os_subnet:
+    cloud: opnfv
+    name: "{{ public_net_info.subnet }}"
+    network_name: "{{ public_net_info.network }}"
+    cidr: "{{ public_net_info.floating_ip_cidr }}"
+    enable_dhcp: "{{ public_net_info.enable_dhcp }}"
+    no_gateway_ip: "{{ public_net_info.no_gateway }}"
+    gateway_ip: "{{ public_net_info.external_gw }}"
+    allocation_pool_start: "{{ public_net_info.floating_ip_start }}"
+    allocation_pool_end: "{{ public_net_info.floating_ip_end }}"
+    state: present
+  run_once: true
   when: public_net_info.enable == "True"
-        and inventory_hostname == groups['controller'][0]
diff --git a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml b/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml
index fd0f6eaa..2803a3e6 100644
--- a/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml
+++ b/deploy/adapters/ansible/roles/heat/tasks/heat_install.yml
@@ -17,16 +17,34 @@
   lineinfile: dest=/opt/service create=yes line='{{ item }}'
   with_items: "{{ services | union(services_noarch) }}"
 
-- name: create heat user domain
-  shell: |
-    . /opt/admin-openrc.sh;
-    openstack domain create --description "Stack projects and users" heat;
-    openstack user create --domain heat --password {{ HEAT_PASS }} \
-        heat_domain_admin;
-    openstack role add --domain heat --user-domain heat \
-        --user heat_domain_admin admin;
-    openstack role create heat_stack_owner;
-    openstack role add --project demo --user demo heat_stack_owner;
+- name: create heat domain
+  os_keystone_domain:
+    cloud: opnfv
+    name: heat
+    state: present
+    description: "Stack projects and users"
+  when: inventory_hostname == groups['controller'][0]
+
+- name: create heat user
+  os_user:
+    cloud: opnfv
+    domain: heat
+    name: heat_domain_user
+    password: "{{ HEAT_PASS }}"
+  when: inventory_hostname == groups['controller'][0]
+
+- name: create heat role
+  os_keystone_role:
+    cloud: opnfv
+    name: heat_stack_owner
+  when: inventory_hostname == groups['controller'][0]
+
+- name: grant heat role
+  os_user_role:
+    cloud: opnfv
+    user: demo
+    project: demo
+    role: heat_stack_owner
   when: inventory_hostname == groups['controller'][0]
 
 - name: update heat conf
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
index 2f5aefeb..10228952 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_create.yml
@@ -7,122 +7,114 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 ---
-- name: set keystone endpoint
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack endpoint set \
-        --interface public \
-        --url {{ item.publicurl }} \
-        $(openstack endpoint list | grep keystone | grep public \
-        | awk '{print $2}');
-    openstack endpoint set \
-        --interface internal \
-        --url {{ item.internalurl }} \
-        $(openstack endpoint list | grep keystone | grep internal \
-        | awk '{print $2}');
-    openstack endpoint set \
-        --interface admin \
-        --url {{ item.adminurl }} \
-        $(openstack endpoint list | grep keystone | grep admin \
-        | awk '{print $2}');
+- name: set admin url for keystone endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: admin
+    region: "{{ item.region}}"
+    url: "{{ item.adminurl }}"
+  with_items: "{{ os_services[0:1] }}"
+
+- name: set internal url for keystone endpointl
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: internal
+    region: "{{ item.region}}"
+    url: "{{ item.internalurl }}"
+  with_items: "{{ os_services[0:1] }}"
+
+- name: set public url for keystone endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: public
+    region: "{{ item.region}}"
+    url: "{{ item.publicurl }}"
   with_items: "{{ os_services[0:1] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
 - name: add service
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack service create \
-        --name "{{ item.name }}"
-        --description "{{ item.description }}" \
-        {{ item.type }}
-  with_items: "{{ os_services[1:] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
+  os_keystone_service:
+    cloud: opnfv
+    name: "{{ item.name }}"
+    description: "{{ item.description }}"
+    service_type: "{{ item.type }}"
+  with_items: "{{ os_services }}"
 
 - name: add project
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack project create --description "Service Project" service;
-    openstack project create --domain default --description "Demo Project" demo;
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
-
-- name: set admin user
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack user set \
-        --email "{{ item.email }}" \
-        --project "{{ item.tenant }}" \
-        --description "{{ item.tenant_description }}" \
-        --password "{{ item.password }}" \
-        {{ item.user }}
+  os_project:
+    cloud: opnfv
+    domain_id: default
+    name: "{{ item.tenant }}"
+    description: "{{ item.tenant_description }}"
   with_items: "{{ os_users }}"
-  when: item["user"] == "admin"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
 - name: add user
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack user create \
-        --email "{{ item.email }}" \
-        --project "{{ item.tenant }}" \
-        --description "{{ item.tenant_description }}" \
-        --password "{{ item.password }}" \
-        {{ item.user }}
-  with_items: "{{ os_users[1:] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
+  os_user:
+    cloud: opnfv
+    domain: default
+    name: "{{ item.user }}"
+    password: "{{ item.password }}"
+    default_project: "{{ item.tenant }}"
+    email: "{{ item.email }}"
+  with_items: "{{ os_users }}"
 
 - name: add roles
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack role create {{ item.role }}
+  os_keystone_role:
+    cloud: opnfv
+    name: "{{ item.role }}"
   with_items: "{{ os_users }}"
-  when: item["user"] == "demo"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
 - name: grant roles
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack role add \
-        --project "{{ item.tenant }}" \
-        --user "{{ item.user }}" \
-        {{ item.role }}
+  os_user_role:
+    cloud: opnfv
+    user: "{{ item.user }}"
+    role: "{{ item.role }}"
+    project: "{{ item.tenant }}"
   with_items: "{{ os_users }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
 
-- name: add endpoints
-  shell:
-    . /opt/admin-openrc.sh;
-    openstack endpoint create \
-        --region {{ item.region }} \
-        {{ item.name }} public {{ item.publicurl }};
-    openstack endpoint create \
-        --region {{ item.region }} \
-        {{ item.name }} internal {{ item.internalurl }};
-    openstack endpoint create \
-        --region {{ item.region }} \
-        {{ item.name }} admin {{ item.adminurl }};
+- name: create admin url for service's endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: admin
+    region: "{{ item.region}}"
+    url: "{{ item.adminurl }}"
+  with_items: "{{ os_services[1:] }}"
+
+- name: create internal url for service's endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: internal
+    region: "{{ item.region}}"
+    url: "{{ item.internalurl }}"
+  with_items: "{{ os_services[1:] }}"
+
+- name: create public url for service'e endpoint
+  keystone_endpoint:
+    cloud: opnfv
+    endpoint_type: admin
+    name: "{{ item.name }}"
+    service_type: "{{ item.type }}"
+    state: present
+    interface: public
+    region: "{{ item.region}}"
+    url: "{{ item.publicurl }}"
   with_items: "{{ os_services[1:] }}"
-  register: result
-  until: result.rc == 0
-  retries: 10
-  delay: 5
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
index 0d3161ed..a390ffca 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/keystone_install.yml
@@ -88,11 +88,23 @@
   notify:
     - restart keystone services
 
+- name: install shade
+  pip: name=shade state=present
+
+- name: create path for os-client-config
+  file:
+    path: /etc/openstack
+    state: directory
+    mode: 0755
+
+- name: copy os-client-config
+  template:
+    src: clouds.yml.j2
+    dest: /etc/openstack/clouds.yml
+
 - name: keystone source files
   template: src={{ item }} dest=/opt/{{ item }}
   with_items:
     - admin-openrc.sh
     - admin-openrc-v2.sh
     - demo-openrc.sh
-
-- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/tasks/main.yml b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
index ad619d40..29b6cd61 100644
--- a/deploy/adapters/ansible/roles/keystone/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/tasks/main.yml
@@ -20,11 +20,11 @@
     - keystone_config
     - keystone
 
+- meta: flush_handlers
+
 - include: keystone_create.yml
   when: inventory_hostname == groups['controller'][0]
   tags:
     - config
     - keystone_create
     - keystone
-
-- meta: flush_handlers
diff --git a/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2 b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2
new file mode 100644
index 00000000..b387f7b8
--- /dev/null
+++ b/deploy/adapters/ansible/roles/keystone/templates/clouds.yml.j2
@@ -0,0 +1,12 @@
+---
+clouds:
+  opnfv:
+    auth:
+      username: 'admin'
+      password: {{ ADMIN_PASS }}
+      project_name: 'admin'
+      auth_url: 'http://{{ internal_vip.ip }}:35357/v3'
+      project_domain_name: default
+      user_domain_name: default
+    identity_api_version: 3
+    region_name: RegionOne
diff --git a/deploy/adapters/ansible/roles/keystone/vars/main.yml b/deploy/adapters/ansible/roles/keystone/vars/main.yml
index 65ae4090..2e5f57ca 100644
--- a/deploy/adapters/ansible/roles/keystone/vars/main.yml
+++ b/deploy/adapters/ansible/roles/keystone/vars/main.yml
@@ -32,9 +32,9 @@ os_services:
     type: compute
     region: RegionOne
     description: "OpenStack Compute"
-    publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8774/v2.1/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8774/v2.1/%(tenant_id)s"
 
   - name: neutron
     type: network
@@ -64,25 +64,25 @@ os_services:
     type: volume
     region: RegionOne
     description: "OpenStack Block Storage"
-    publicurl: "http://{{ public_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8776/v1/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8776/v1/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8776/v1/%(tenant_id)s"
 
   - name: cinderv2
     type: volumev2
     region: RegionOne
     description: "OpenStack Block Storage v2"
-    publicurl: "http://{{ public_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8776/v2/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8776/v2/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8776/v2/%(tenant_id)s"
 
   - name: heat
     type: orchestration
     region: RegionOne
     description: "OpenStack Orchestration"
-    publicurl: "http://{{ public_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
-    internalurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
-    adminurl: "http://{{ internal_vip.ip }}:8004/v1/%\\(tenant_id\\)s"
+    publicurl: "http://{{ public_vip.ip }}:8004/v1/%(tenant_id)s"
+    internalurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
+    adminurl: "http://{{ internal_vip.ip }}:8004/v1/%(tenant_id)s"
 
   - name: heat-cfn
     type: cloudformation
@@ -104,9 +104,9 @@ os_services:
 #    type: object-store
 #    region: RegionOne
 #    description: "OpenStack Object Storage"
-#    publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
-#    internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
-#    adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%\\(tenant_id\\)s"
+#    publicurl: "http://{{ public_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+#    internalurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
+#    adminurl: "http://{{ internal_vip.ip }}:8080/v1/AUTH_%(tenant_id)s"
 
 os_users:
   - user: admin
diff --git a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
index f3c4687d..6be41aa4 100644
--- a/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
+++ b/deploy/adapters/ansible/roles/nova-controller/tasks/nova_config.yml
@@ -14,7 +14,7 @@
     - restart nova service
 
 - name: nova db sync
-  nova_manage: action=dbsync
+  shell: su -s /bin/sh -c "nova-manage db sync" nova
   notify:
     - restart nova service
 
diff --git a/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml b/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml
index 84b1260a..882f4884 100644
--- a/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml
+++ b/deploy/adapters/ansible/roles/openstack-post/tasks/main.yml
@@ -7,20 +7,14 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 ---
-
 - name: create openstack flavors
-  shell: |
-    . /opt/admin-openrc.sh;
-    openstack flavor show m1.nano || openstack flavor create \
-        --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
-    openstack flavor show m1.tiny || openstack flavor create \
-        --id 1 --vcpus 1 --ram 512 --disk 1 m1.tiny
-    openstack flavor show m1.small || openstack flavor create \
-        --id 2 --vcpus 1 --ram 2048 --disk 20 m1.small
-    openstack flavor show m1.medium || openstack flavor create \
-        --id 3 --vcpus 2 --ram 4096 --disk 40 m1.medium
-    openstack flavor show m1.large || openstack flavor create \
-        --id 4 --vcpus 4 --ram 8192 --disk 80 m1.large
-    openstack flavor show m1.xlarge || openstack flavor create \
-        --id 5 --vcpus 8 --ram 16384 --disk 160 m1.xlarge
+  os_nova_flavor:
+    cloud: opnfv
+    state: present
+    flavorid: "{{ item.id }}"
+    name: "{{ item.name }}"
+    vcpus: "{{ item.vcpus }}"
+    ram: "{{ item.ram }}"
+    disk: "{{ item.disk }}"
+  with_items: "{{ flavors }}"
   when: inventory_hostname == groups['controller'][0]
diff --git a/deploy/adapters/ansible/roles/openstack-post/vars/main.yml b/deploy/adapters/ansible/roles/openstack-post/vars/main.yml
new file mode 100644
index 00000000..d9c36d42
--- /dev/null
+++ b/deploy/adapters/ansible/roles/openstack-post/vars/main.yml
@@ -0,0 +1,45 @@
+##############################################################################
+# Copyright (c) 2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+flavors:
+  - id: 0
+    name: m1.nano
+    vcpus: 1
+    ram: 64
+    disk: 1
+
+  - id: 1
+    name: m1.tiny
+    vcpus: 1
+    ram: 512
+    disk: 1
+
+  - id: 2
+    name: m1.small
+    vcpus: 1
+    ram: 2048
+    disk: 20
+
+  - id: 3
+    name: m1.medium
+    vcpus: 2
+    ram: 4096
+    disk: 40
+
+  - id: 4
+    name: m1.large
+    vcpus: 4
+    ram: 8192
+    disk: 80
+
+  - id: 5
+    name: m1.xlarge
+    vcpus: 8
+    ram: 16384
+    disk: 160