From 14c337344987857a4648ff08365b8b128a553ef8 Mon Sep 17 00:00:00 2001 From: liyuenan Date: Wed, 26 Oct 2016 13:55:23 +0800 Subject: Update the API version for Openstack Newton Use the "keystone-manage bootstrap" command to instead of admin_token. Because the admin_token is treated as a "shared secret" that can be used to bootstrap Keystone through the API. This "token" does not represent a user (it has no identity), and carries no explicit authorization (it effectively bypasses most authorization checks). Use the API v3 to instead of API v2.0. Identity API v3 was established to introduce namespacing for users and projects by using "domains" as a higher-level container for more flexible identity management and fixed a security issue in the v2.0 API (bearer tokens appearing in URLs). JIRA: COMPASS-491 Change-Id: I56182c14b761728c3492b9dd2b05c3b57aa5f35f Signed-off-by: liyuenan --- .../roles/ext-network/tasks/main.yml | 50 +++++++++------------- 1 file changed, 20 insertions(+), 30 deletions(-) (limited to 'deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml') diff --git a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml index a8bce16e..2c61ff66 100644 --- a/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml +++ b/deploy/adapters/ansible/openstack_newton_xenial/roles/ext-network/tasks/main.yml @@ -18,37 +18,27 @@ - name: restart neutron server service: name=neutron-server state=restarted enabled=yes +- name: wait for neutron ready + wait_for: port=9696 delay=10 timeout=30 host={{ internal_vip.ip }} + - name: create external net - neutron_network: - login_username: ADMIN - login_password: "{{ ADMIN_PASS }}" - login_tenant_name: admin - auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" - name: "{{ public_net_info.network }}" - provider_network_type: "{{ public_net_info.type }}" - provider_physical_network: "{{ public_net_info.provider_network }}" - provider_segmentation_id: "{{ public_net_info.segment_id}}" - shared: false - router_external: yes - state: present - run_once: true - when: 'public_net_info.enable == True' + shell: + . /opt/admin-openrc.sh; + neutron net-create \ + {{ public_net_info.network }} \ + --provider:network_type {{ public_net_info.type }} \ + --provider:physical_network {{ public_net_info.provider_network }} \ + --router:external True + when: public_net_info.enable == True and inventory_hostname == groups['controller'][0] - name: create external subnet - neutron_subnet: - login_username: ADMIN - login_password: "{{ ADMIN_PASS }}" - login_tenant_name: admin - auth_url: "http://{{ internal_vip.ip }}:35357/v2.0" - name: "{{ public_net_info.subnet }}" - network_name: "{{ public_net_info.network }}" - cidr: "{{ public_net_info.floating_ip_cidr }}" - enable_dhcp: "{{ public_net_info.enable_dhcp }}" - no_gateway: "{{ public_net_info.no_gateway }}" - gateway_ip: "{{ public_net_info.external_gw }}" - allocation_pool_start: "{{ public_net_info.floating_ip_start }}" - allocation_pool_end: "{{ public_net_info.floating_ip_end }}" - state: present - run_once: true - when: 'public_net_info.enable == True' + shell: + . /opt/admin-openrc.sh; + neutron subnet-create \ + --name {{ public_net_info.subnet }} \ + --gateway {{ public_net_info.external_gw }} \ + --allocation-pool \ + start={{ public_net_info.floating_ip_start }},end={{ public_net_info.floating_ip_end }} \ + {{ public_net_info.network }} {{ public_net_info.floating_ip_cidr }} + when: public_net_info.enable == True and inventory_hostname == groups['controller'][0] -- cgit 1.2.3-korg