Since CentOS do not support C.UTF-8 locale[1] we're placing system
default inside openrc file. If locale can't be found from gathered facts
it's defaulted to C.UTF-8.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1361965
Change-Id: I304bacf0e586b119ac41757b96fa237d2839aaf5
There is currently no default value for openrc_os_domain_name,
so we add one, and we update the example to remove the unnecessary
overrides.
Change-Id: Ic18b07d9347260faf828a55112f0b38e86e617f5
For gnocchi cli this env var is mandatory in the openrc.
Default value: password
Closes-Bug: 1781552
Change-Id: I1e54d53dd131351dda70d3d166ae8e2029caa1cb
The default for 'openrc_insecure' was not working as expected. Both of
the inner variables were evaluated as booleans first and the expression
would fail if either was undefined.
Change-Id: I5f296bfe6cab43ad782ae063ed9ed25414e316fc
Currently the clouds.yaml directory permissions are hardcoded and
missing the execute bit. When using this role with a default location in
/etc/openstack, normal system users are not able to read the
configuration file.
This commit adds variable overrides for the file and directory
permissions, as well as correcting the directory permissions.
Change-Id: I2380030235d455ff4dd0ea7658c7146ece60db81
Closes-Bug: #1689837
Add OS_REGION_NAME to the openrc file. Replaces openrc_clouds_yml_region_name
with a common openrc_service_region variable.
Change-Id: I68cbd6b2aaa64ef655cfc617a96d428fb2c35d2b
OpenStack client supports defining one or more sets of credentials
inside a clouds.yml configuration file. A default configuration has
been created named `default` that contains the same admin credentials
from the `openrc` file currently being templated.
The default configuration can be specified using the following:
openstack --os-cloud default <command>
Change-Id: Icc0c06a9b9a9e2e75b58fe90b4da9dd46b63e7f4
This patch introduces an insecure flag for the Keystone internal
and admin endpoints:
* keystone_service_adminuri_insecure
* keystone_service_internaluri_insecure
Both values default to false. If you have setup SSL endpoints
for Keystone using an untrusted certificate then you should
set the appropriate flag to true in your user_variables.
This patch is used to enable testing and development with
Keystone SSL endpoints without having to make use of SSL
certificates signed by a trusted, public CA.
The patch introduces a new optional argument (insecure) to the
keystone, glance and neutron Ansible libraries. This is a
boolean value which, when true, enables these libraries to
access Keystone endpoints 'insecurely'. When these libraries
are used in plays, the appropriate value is set automatically
as per the above conditions.
Implements: blueprint keystone-federation
Change-Id: Ia07e7e201f901042dd06a86efe5c6f6725e9ce13
This change implements the blueprint to convert all roles and plays into
a more generic setup, following upstream ansible best practices.
Items Changed:
* All tasks have tags.
* All roles use namespaced variables.
* All redundant tasks within a given play and role have been removed.
* All of the repetitive plays have been removed in-favor of a more
simplistic approach. This change duplicates code within the roles but
ensures that the roles only ever run within their own scope.
* All roles have been built using an ansible galaxy syntax.
* The `*requirement.txt` files have been reformatted follow upstream
Openstack practices.
* Dynamically generated inventory is now more organized, this should assist
anyone who may want or need to dive into the JSON blob that is created.
In the inventory a properties field is used for items that customize containers
within the inventory.
* The environment map has been modified to support additional host groups to
enable the seperation of infrastructure pieces. While the old infra_hosts group
will still work this change allows for groups to be divided up into seperate
chunks; eg: deployment of a swift only stack.
* The LXC logic now exists within the plays.
* etc/openstack_deploy/user_variables.yml has all password/token
variables extracted into the separate file
etc/openstack_deploy/user_secrets.yml in order to allow seperate
security settings on that file.
Items Excised:
* All of the roles have had the LXC logic removed from within them which
should allow roles to be consumed outside of the `os-ansible-deployment`
reference architecture.
Note:
* the directory rpc_deployment still exists and is presently pointed at plays
containing a deprecation warning instructing the user to move to the standard
playbooks directory.
* While all of the rackspace specific components and variables have been removed
and or were refactored the repository still relies on an upstream mirror of
Openstack built python files and container images. This upstream mirror is hosted
at rackspace at "http://rpc-repo.rackspace.com" though this is
not locked to and or tied to rackspace specific installations. This repository
contains all of the needed code to create and/or clone your own mirror.
DocImpact
Co-Authored-By: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Closes-Bug: #1403676
Implements: blueprint galaxy-roles
Change-Id: I03df3328b7655f0cc9e43ba83b02623d038d214e
Jonathan Rosser