Move heat domain setup into service setup tasks
The heat domain setup tasks use the old keystone plugin. In this patch we switch it to using the ansible modules instead, and move the tasks into the same place as all the other tasks doing similar things. Change-Id: Idcb79f43ab33b58829e6a07a2c2c13774ed3148b
This commit is contained in:
parent
cc63216583
commit
d8f75b802f
|
@ -1,83 +0,0 @@
|
|||
---
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This is the role assigned to users created within Heat stacks themselves
|
||||
- name: Ensure heat_stack_user role
|
||||
keystone:
|
||||
command: ensure_role
|
||||
role_name: "heat_stack_user"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat domain
|
||||
keystone:
|
||||
command: ensure_domain
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat project
|
||||
keystone:
|
||||
command: ensure_project
|
||||
project_name: "{{ heat_project_name }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
password: "{{ heat_stack_domain_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
role_name: "{{ keystone_role_name | default('admin') }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
|
@ -47,14 +47,55 @@
|
|||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
|
||||
- name: Add service user
|
||||
- name: Add owner/user roles
|
||||
os_keystone_role:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ item }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not heat_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_items:
|
||||
- "{{ heat_stack_owner_name }}"
|
||||
- "heat_stack_user"
|
||||
|
||||
- name: Add stack user domain
|
||||
os_keystone_domain:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_stack_user_domain_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_stack_user_domain
|
||||
until: add_stack_user_domain is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Add heat project
|
||||
os_project:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_project_name }}"
|
||||
domain_id: "{{ heat_project_domain_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_project
|
||||
until: add_project is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Add service/heat user
|
||||
os_user:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_service_user_name }}"
|
||||
password: "{{ heat_service_password }}"
|
||||
domain: default
|
||||
default_project: "{{ heat_service_project_name }}"
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
domain: "{{ item.domain }}"
|
||||
default_project: "{{ item.default_project }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
|
@ -63,19 +104,15 @@
|
|||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
|
||||
- name: Ensure stack_owner role
|
||||
os_keystone_role:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_stack_owner_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not heat_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_items:
|
||||
- name: "{{ heat_service_user_name }}"
|
||||
password: "{{ heat_service_password }}"
|
||||
domain: default
|
||||
default_project: "{{ heat_service_project_name }}"
|
||||
- name: "{{ heat_stack_domain_admin }}"
|
||||
password: "{{ heat_stack_domain_admin_password }}"
|
||||
domain: "{{ heat_stack_user_domain_name }}"
|
||||
default_project: "{{ heat_project_name }}"
|
||||
|
||||
- name: Add service user to roles
|
||||
os_user_role:
|
||||
|
@ -83,7 +120,7 @@
|
|||
state: present
|
||||
user: "{{ item.user }}"
|
||||
role: "{{ item.role }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
project: "{{ item.project }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
|
@ -94,14 +131,20 @@
|
|||
with_items:
|
||||
- user: "{{ heat_service_user_name }}"
|
||||
role: "{{ heat_service_role_name }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
# We add the keystone role used by heat to delegate to the heat service user
|
||||
# for performing deferred operations via trusts.
|
||||
- user: "{{ heat_service_user_name }}"
|
||||
role: "{{ heat_stack_owner_name }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
# Any user creating stacks needs to have the 'heat_stack_owner' role assigned.
|
||||
# We add to admin user here for testing purposes.
|
||||
- user: "{{ keystone_admin_user_name }}"
|
||||
role: "{{ heat_stack_owner_name }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
- user: "{{ heat_stack_domain_admin }}"
|
||||
role: "{{ keystone_role_name | default('admin') }}"
|
||||
project: "{{ heat_project_name }}"
|
||||
|
||||
- name: Add endpoints to keystone endpoint catalog
|
||||
os_keystone_endpoint:
|
||||
|
|
|
@ -87,12 +87,6 @@
|
|||
- heat-config
|
||||
- systemd-service
|
||||
|
||||
- include_tasks: heat_domain_setup.yml
|
||||
when:
|
||||
- "inventory_hostname == ansible_play_hosts[0]"
|
||||
tags:
|
||||
- heat-config
|
||||
|
||||
- import_tasks: mq_setup.yml
|
||||
when:
|
||||
- "heat_services['heat-api']['group'] in group_names"
|
||||
|
|
Loading…
Reference in New Issue