Use secrets for the login info

2017-08-30 15:20:35 +02:00 · 2017-08-30 15:20:35 +02:00 · 2427323819
parent 66fce6b879
commit 2427323819
2 changed files with 28 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -7,6 +7,8 @@ namespace: openstack
 hiera_data: {}
 hiera_data_file: ''

+clouds_config: 'clouds-secret'
+
 keystone_config:
  DEFAULT:
    public_bind_host: "0.0.0.0"
--- a/tasks/provision.yml
+++ b/tasks/provision.yml
@ -288,3 +288,29 @@
          path: /tmp/keystone-fernet
    state: present
  register: create_service
+
+- set_fact:
+    clouds_yaml: |
+      clouds:
+        {{namespace}}:
+          region_name: RegionOne
+          identity_api_version: 3
+          auth:
+            username: '{{keystone_config.admin_username}}'
+            password: '{{keystone_config.admin_password}}'
+            project_name: '{{keystone_config.admin_project_name}}'
+            user_domain_name: '{{keystone_config.admin_domain_name}}'
+            project_domain_name: '{{keystone_config.admin_domain_name}}'
+            auth_url: 'http://keystone:5000/v3'
+
+- name: Create keystone secrets
+  k8s_v1_secret:
+    host: "{{coe_host}}"
+    context: "{{kube_context}}"
+    kubeconfig: "{{config_file}}"
+    name: '{{clouds_config}}'
+    namespace: "{{namespace}}"
+    state: present
+    data:
+      clouds.yaml: |
+        {{clouds_yaml | b64encode}}