Add ability to write clouds.yaml

In order to support authentication, bifrost needs to be able to store the configuration safely on disk. The best answer to this problem seems to be to utilize clouds.yaml and os-client-config. Change-Id: I0ee43f1ff8d63deda640dbe4c5ea2e57462b7174
2016-09-30 12:27:13 +00:00 · 2016-09-30 12:27:13 +00:00 · 9068d38352
parent 6ad5be7891
commit 9068d38352
6 changed files with 153 additions and 0 deletions
--- a/playbooks/roles/bifrost-keystone-client-config/README.md
+++ b/playbooks/roles/bifrost-keystone-client-config/README.md
@ -0,0 +1,79 @@
+bifrost-keystone-client-config
+==============================
+
+This is a simple role intended for writing out a clouds.yaml
+file for Bifrost with the cloud name "bifrost".
+
+Requirements
+------------
+
+None
+
+Role Variables
+--------------
+
+This role expects to be invoked with seven variables:
+
+- config_username
+- config_password
+- config_project_name
+- config_region_name
+- config_auth_url
+- user: Username of the user who will own the
+         configuration file.
+
+Additionally, two optional variables exist, which when not defined
+default to "default":
+
+- config_project_domain_id
+- config_user_domain_id
+
+The resulting clouds.yaml file, will be created at
+~{{user}}/.config/openstack/clouds.yaml.
+
+Notes
+-----
+
+None
+
+Dependencies
+------------
+
+None at this time.
+
+Example Playbook
+----------------
+
+- hosts: localhost
+  connection: local
+  name: "Create clouds.yaml file""
+  become: no
+  gather_facts: no
+  roles:
+    - role: bifrost-keystone-client-config
+      config_username: username
+      config_password: password
+      config_project_name: baremetal
+      config_region_name: RegionOne
+      config_auth_url: http://localhost:5000/v2.0/
+      user: joe
+
+License
+-------
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+Author Information
+------------------
+
+Ironic Developers
--- a/playbooks/roles/bifrost-keystone-client-config/defaults/main.yml
+++ b/playbooks/roles/bifrost-keystone-client-config/defaults/main.yml
@ -0,0 +1,2 @@
+---
+# This file is intentionally empty
--- a/playbooks/roles/bifrost-keystone-client-config/meta/main.yml
+++ b/playbooks/roles/bifrost-keystone-client-config/meta/main.yml
@ -0,0 +1,22 @@
+---
+galaxy_info:
+  author: Ironic Developers
+  description: Creates simple clouds.yaml file for Bifrost usage
+  company: OpenStack
+  license: Apache
+  min_ansible_version: 2.0
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  - name: Debian
+    versions:
+    - wheezy
+  - name: Ubuntu
+    versions:
+    - trusty
+    - utopic
+  categories:
+  - cloud
+  - cloud:openstack
+dependencies: []
--- a/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml
+++ b/playbooks/roles/bifrost-keystone-client-config/tasks/main.yml
@ -0,0 +1,26 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: "Ensure the ~/.config/openstack/ exists"
+  file:
+    name: "~{{ user | default('root') }}/.config/openstack"
+    state: directory
+    owner: "{{ user }}"
+    mode: 0700
+
+- name: "Write clouds.yaml configuration from template"
+  template:
+    src: clouds.yaml.j2
+    dest: "~{{ user | default('root') }}/.config/openstack/clouds.yaml"
+    owner: "{{ user }}"
+    mode: 0600
--- a/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2
+++ b/playbooks/roles/bifrost-keystone-client-config/templates/clouds.yaml.j2
@ -0,0 +1,12 @@
+# WARNING: This file is managed by bifrost.
+clouds:
+  bifrost:
+    region_name: {{ config_region_name }}
+    auth:
+      username: {{ config_username }}
+      password: {{ config_password }}
+      project_name: {{ config_project_name }}
+      auth_url: {{ config_auth_url }}
+      project_domain_id: "{{ config_project_domain_id | default('default') }}"
+      user_domain_id: "{{ config_user_domain_id | default('default') }}"
+    identity_api_version: "3"
--- a/releasenotes/notes/create-clouds.yaml-9bbc79c0497dee43.yaml
+++ b/releasenotes/notes/create-clouds.yaml-9bbc79c0497dee43.yaml
@ -0,0 +1,12 @@
+---
+features:
+  - Bifrost now has a role that can create a clouds.yaml
+    file for os-client-config based client auto-configuration.
+issues:
+  - Bifrost now has a role that can create a clouds.yaml
+    file for os-client-config based client auto-configuration.
+    This file overwrites the default file for the user
+    executing bifrost, located at
+    ``~/.config/openstack/clouds.yaml``.
+    It is recommended that users execute bifrost's installation
+    via a service account.