Merge "Move heat domain setup into service setup tasks"
This commit is contained in:
commit
e54f13fd4c
|
@ -1,83 +0,0 @@
|
|||
---
|
||||
# Copyright 2014, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This is the role assigned to users created within Heat stacks themselves
|
||||
- name: Ensure heat_stack_user role
|
||||
keystone:
|
||||
command: ensure_role
|
||||
role_name: "heat_stack_user"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat domain
|
||||
keystone:
|
||||
command: ensure_domain
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat project
|
||||
keystone:
|
||||
command: ensure_project
|
||||
project_name: "{{ heat_project_name }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
password: "{{ heat_stack_domain_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
|
||||
- name: Ensure heat role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
role_name: "{{ keystone_role_name | default('admin') }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
|
@ -47,14 +47,55 @@
|
|||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
|
||||
- name: Add service user
|
||||
- name: Add owner/user roles
|
||||
os_keystone_role:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ item }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not heat_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_items:
|
||||
- "{{ heat_stack_owner_name }}"
|
||||
- "heat_stack_user"
|
||||
|
||||
- name: Add stack user domain
|
||||
os_keystone_domain:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_stack_user_domain_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_stack_user_domain
|
||||
until: add_stack_user_domain is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Add heat project
|
||||
os_project:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_project_name }}"
|
||||
domain_id: "{{ heat_project_domain_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_project
|
||||
until: add_project is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
- name: Add service/heat user
|
||||
os_user:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_service_user_name }}"
|
||||
password: "{{ heat_service_password }}"
|
||||
domain: default
|
||||
default_project: "{{ heat_service_project_name }}"
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
domain: "{{ item.domain }}"
|
||||
default_project: "{{ item.default_project }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
|
@ -63,19 +104,15 @@
|
|||
retries: 5
|
||||
delay: 10
|
||||
no_log: True
|
||||
|
||||
- name: Ensure stack_owner role
|
||||
os_keystone_role:
|
||||
cloud: default
|
||||
state: present
|
||||
name: "{{ heat_stack_owner_name }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
when: not heat_service_in_ldap | bool
|
||||
until: add_service is success
|
||||
retries: 5
|
||||
delay: 10
|
||||
with_items:
|
||||
- name: "{{ heat_service_user_name }}"
|
||||
password: "{{ heat_service_password }}"
|
||||
domain: default
|
||||
default_project: "{{ heat_service_project_name }}"
|
||||
- name: "{{ heat_stack_domain_admin }}"
|
||||
password: "{{ heat_stack_domain_admin_password }}"
|
||||
domain: "{{ heat_stack_user_domain_name }}"
|
||||
default_project: "{{ heat_project_name }}"
|
||||
|
||||
- name: Add service user to roles
|
||||
os_user_role:
|
||||
|
@ -83,7 +120,7 @@
|
|||
state: present
|
||||
user: "{{ item.user }}"
|
||||
role: "{{ item.role }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
project: "{{ item.project }}"
|
||||
endpoint_type: admin
|
||||
verify: "{{ not keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
|
@ -94,14 +131,20 @@
|
|||
with_items:
|
||||
- user: "{{ heat_service_user_name }}"
|
||||
role: "{{ heat_service_role_name }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
# We add the keystone role used by heat to delegate to the heat service user
|
||||
# for performing deferred operations via trusts.
|
||||
- user: "{{ heat_service_user_name }}"
|
||||
role: "{{ heat_stack_owner_name }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
# Any user creating stacks needs to have the 'heat_stack_owner' role assigned.
|
||||
# We add to admin user here for testing purposes.
|
||||
- user: "{{ keystone_admin_user_name }}"
|
||||
role: "{{ heat_stack_owner_name }}"
|
||||
project: "{{ heat_service_project_name }}"
|
||||
- user: "{{ heat_stack_domain_admin }}"
|
||||
role: "{{ keystone_role_name | default('admin') }}"
|
||||
project: "{{ heat_project_name }}"
|
||||
|
||||
- name: Add endpoints to keystone endpoint catalog
|
||||
os_keystone_endpoint:
|
||||
|
|
|
@ -87,12 +87,6 @@
|
|||
- heat-config
|
||||
- systemd-service
|
||||
|
||||
- include_tasks: heat_domain_setup.yml
|
||||
when:
|
||||
- "inventory_hostname == ansible_play_hosts[0]"
|
||||
tags:
|
||||
- heat-config
|
||||
|
||||
- import_tasks: mq_setup.yml
|
||||
when:
|
||||
- "heat_services['heat-api']['group'] in group_names"
|
||||
|
|
Loading…
Reference in New Issue