diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 4c51b82752..f7807c88cb 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -162,14 +162,6 @@ openstack_auth: password: "{{ keystone_admin_password }}" project_name: "admin" -# This shouldn't be needed for long. It is only temporary until we get the -# ansible modules sorted out -openstack_auth_v2: - auth_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v2.0" - username: "admin" - password: "{{ keystone_admin_password }}" - project_name: "admin" - # These roles are required for Kolla to be operation, however a savvy deployer # could disable some of these required roles and run their own services. enable_glance: "yes" diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml index d8c0359d22..99a61803c5 100644 --- a/ansible/roles/cinder/defaults/main.yml +++ b/ansible/roles/cinder/defaults/main.yml @@ -50,12 +50,12 @@ cinder_api_image_full: "{{ cinder_api_image }}:{{ cinder_api_tag }}" #################### # OpenStack #################### -cinder_public_address: "{{ kolla_external_fqdn }}" -cinder_admin_address: "{{ kolla_internal_fqdn }}" -cinder_internal_address: "{{ kolla_internal_fqdn }}" +cinder_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s" +cinder_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s" +cinder_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s" cinder_logging_debug: "{{ openstack_logging_debug }}" cinder_keystone_user: "cinder" -openstack_cinder_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_cinder_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/cinder/tasks/register.yml b/ansible/roles/cinder/tasks/register.yml index 011f74c0cd..4f18c0a71c 100644 --- a/ansible/roles/cinder/tasks/register.yml +++ b/ansible/roles/cinder/tasks/register.yml @@ -2,33 +2,12 @@ - name: Creating the Cinder service and endpoint command: docker exec -t kolla_toolbox /usr/bin/ansible localhost -m kolla_keystone_service - -a "service_name=cinder - service_type=volume + -a "service_name={{ item.service_name }} + service_type={{ item.service_type }} description='Openstack Block Storage' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - region_name={{ openstack_region_name }} - auth={{ '{{ openstack_cinder_auth }}' }}" - -e "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}" - register: cinder_endpoint - changed_when: "{{ cinder_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (cinder_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" - until: cinder_endpoint.stdout.split()[2] == 'SUCCESS' - retries: 10 - delay: 5 - run_once: True - -- name: Creating the Cinder v2 service and endpoint - command: docker exec -t kolla_toolbox /usr/bin/ansible localhost - -m kolla_keystone_service - -a "service_name=cinderv2 - service_type=volumev2 - description='Openstack Block Storage' - endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ cinder_api_port }}/v2/%(tenant_id)s' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_cinder_auth }}' }}" -e "{'openstack_cinder_auth':{{ openstack_cinder_auth }}}" @@ -38,6 +17,13 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ cinder_admin_endpoint }}', 'service_name': 'cinder', 'service_type': 'volume'} + - {'interface': 'internal', 'url': '{{ cinder_internal_endpoint }}', 'service_name': 'cinder', 'service_type': 'volume'} + - {'interface': 'public', 'url': '{{ cinder_public_endpoint }}', 'service_name': 'cinder', 'service_type': 'volume'} + - {'interface': 'admin', 'url': '{{ cinder_admin_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'} + - {'interface': 'internal', 'url': '{{ cinder_internal_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'} + - {'interface': 'public', 'url': '{{ cinder_public_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'} - name: Creating the Cinder project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml index b98a2c1925..d8dbed8c60 100644 --- a/ansible/roles/glance/defaults/main.yml +++ b/ansible/roles/glance/defaults/main.yml @@ -37,12 +37,12 @@ glance_api_image_full: "{{ glance_api_image }}:{{ glance_api_tag }}" #################### # OpenStack #################### -glance_public_address: "{{ kolla_external_fqdn }}" -glance_admin_address: "{{ kolla_internal_fqdn }}" -glance_internal_address: "{{ kolla_internal_fqdn }}" +glance_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}" +glance_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}" +glance_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ glance_api_port }}" glance_logging_debug: "{{ openstack_logging_debug }}" glance_keystone_user: "glance" -openstack_glance_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_glance_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}','domain_name':'default'}" diff --git a/ansible/roles/glance/tasks/register.yml b/ansible/roles/glance/tasks/register.yml index 660bc30a03..d0cfaa7d98 100644 --- a/ansible/roles/glance/tasks/register.yml +++ b/ansible/roles/glance/tasks/register.yml @@ -6,9 +6,8 @@ service_type=image description='Openstack Image' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ glance_api_port }}' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ glance_api_port }}' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_glance_auth }}' }}" -e "{'openstack_glance_auth':{{ openstack_glance_auth }}}" @@ -18,6 +17,10 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ glance_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ glance_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ glance_public_endpoint }}'} - name: Creating the Glance project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml index d1954c62aa..d5e71e0d96 100644 --- a/ansible/roles/heat/defaults/main.yml +++ b/ansible/roles/heat/defaults/main.yml @@ -27,12 +27,15 @@ heat_engine_image_full: "{{ heat_engine_image }}:{{ heat_engine_tag }}" #################### # OpenStack #################### -heat_public_address: "{{ kolla_external_fqdn }}" -heat_admin_address: "{{ kolla_internal_fqdn }}" -heat_internal_address: "{{ kolla_internal_fqdn }}" +heat_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s" +heat_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s" +heat_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s" +heat_cfn_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_cfn_port }}/v1" +heat_cfn_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_cfn_port }}/v1" +heat_cfn_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1" heat_logging_debug: "{{ openstack_logging_debug }}" heat_keystone_user: "heat" -openstack_heat_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_heat_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/heat/tasks/register.yml b/ansible/roles/heat/tasks/register.yml index 0f50f66e55..3e4235fb2b 100644 --- a/ansible/roles/heat/tasks/register.yml +++ b/ansible/roles/heat/tasks/register.yml @@ -6,29 +6,8 @@ service_type=orchestration description='Openstack Orchestration' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_port }}/v1/%(tenant_id)s' - region_name={{ openstack_region_name }} - auth={{ '{{ openstack_heat_auth }}' }}" - -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}" - register: heat_endpoint - changed_when: "{{ heat_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (heat_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" - until: heat_endpoint.stdout.split()[2] == 'SUCCESS' - retries: 10 - delay: 5 - run_once: True - -- name: Creating the Heat-cfn service and endpoint - command: docker exec -t kolla_toolbox /usr/bin/ansible localhost - -m kolla_keystone_service - -a "service_name=heat-cfn - service_type=orchestration - description='Openstack Orchestration' - endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_port }}/v1' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ heat_api_cfn_port }}/v1' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ heat_api_cfn_port }}/v1' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_heat_auth }}' }}" -e "{'openstack_heat_auth':{{ openstack_heat_auth }}}" @@ -38,6 +17,13 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ heat_public_endpoint }}'} + - {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}'} - name: Creating the Heat project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index 6fb97c340b..f2ad0556de 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -32,10 +32,10 @@ ironic_pxe_image_full: "{{ ironic_pxe_image }}:{{ ironic_pxe_tag }}" #################### # OpenStack #################### -ironic_public_address: "{{ kolla_external_fqdn }}" -ironic_admin_address: "{{ kolla_internal_fqdn }}" -ironic_internal_address: "{{ kolla_internal_fqdn }}" +ironic_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}" +ironic_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}" +ironic_admin_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ ironic_api_port }}" ironic_logging_debug: "{{ openstack_logging_debug }}" -openstack_ironic_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_ironic_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/ironic/tasks/register.yml b/ansible/roles/ironic/tasks/register.yml index fc44611b3a..0a6d52a1e7 100644 --- a/ansible/roles/ironic/tasks/register.yml +++ b/ansible/roles/ironic/tasks/register.yml @@ -6,9 +6,8 @@ service_type=baremetal description='Ironic bare metal provisioning service' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ ironic_admin_address }}:{{ ironic_api_port }}' - internal_url='{{ internal_protocol }}://{{ ironic_internal_address }}:{{ ironic_api_port }}' - public_url='{{ public_protocol }}://{{ ironic_public_address }}:{{ ironic_api_port }}' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_ironic_auth }}' }}" -e "{'openstack_ironic_auth':{{ openstack_ironic_auth }}}" @@ -18,6 +17,10 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'} - name: Creating the Ironic project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index e9d1507686..4242903224 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -20,14 +20,8 @@ keystone_image_full: "{{ keystone_image }}:{{ keystone_tag }}" #################### # OpenStack #################### -keystone_public_address: "{{ kolla_external_fqdn }}" -keystone_admin_address: "{{ kolla_internal_fqdn }}" -keystone_internal_address: "{{ kolla_internal_fqdn }}" - -keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}" -keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}" -keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}" +keystone_admin_url: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_admin_port }}/v3" +keystone_internal_url: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ keystone_public_port }}/v3" +keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keystone_public_port }}/v3" keystone_logging_debug: "{{ openstack_logging_debug }}" - -openstack_keystone_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" diff --git a/ansible/roles/keystone/tasks/start.yml b/ansible/roles/keystone/tasks/start.yml index 103610e1ff..78a0e9b3cf 100644 --- a/ansible/roles/keystone/tasks/start.yml +++ b/ansible/roles/keystone/tasks/start.yml @@ -10,4 +10,4 @@ - "kolla_logs:/var/log/kolla/" - name: Wait for keystone startup - wait_for: host={{ keystone_admin_address }} port={{ keystone_admin_port }} + wait_for: host={{ kolla_internal_fqdn }} port={{ keystone_admin_port }} diff --git a/ansible/roles/magnum/defaults/main.yml b/ansible/roles/magnum/defaults/main.yml index ff2e1fc0f6..a3192a8f99 100644 --- a/ansible/roles/magnum/defaults/main.yml +++ b/ansible/roles/magnum/defaults/main.yml @@ -23,12 +23,12 @@ magnum_conductor_image_full: "{{ magnum_conductor_image }}:{{ magnum_conductor_t #################### # OpenStack #################### -magnum_public_address: "{{ kolla_external_fqdn }}" -magnum_admin_address: "{{ kolla_internal_fqdn }}" -magnum_internal_address: "{{ kolla_internal_fqdn }}" +magnum_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1" +magnum_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1" +magnum_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ magnum_api_port }}/v1" magnum_logging_debug: "{{ openstack_logging_debug }}" magnum_keystone_user: "magnum" -openstack_magnum_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_magnum_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/magnum/tasks/register.yml b/ansible/roles/magnum/tasks/register.yml index 0da0ad072c..133cd9a7f5 100644 --- a/ansible/roles/magnum/tasks/register.yml +++ b/ansible/roles/magnum/tasks/register.yml @@ -6,9 +6,8 @@ service_type=container description='Openstack Container Service' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ magnum_api_port }}/v1' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ magnum_api_port }}/v1' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_magnum_auth }}' }}" -e "{'openstack_magnum_auth':{{ openstack_magnum_auth }}}" @@ -18,6 +17,10 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ magnum_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ magnum_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ magnum_public_endpoint }}'} - name: Creating the Magnum project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml index e08b72463b..58f8cdd5bb 100644 --- a/ansible/roles/manila/defaults/main.yml +++ b/ansible/roles/manila/defaults/main.yml @@ -28,9 +28,12 @@ manila_api_image_full: "{{ manila_api_image }}:{{ manila_api_tag }}" ##################### ## OpenStack ##################### -manila_public_address: "{{ kolla_external_fqdn }}" -manila_admin_address: "{{ kolla_internal_fqdn }}" -manila_internal_address: "{{ kolla_internal_fqdn }}" +manila_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s" +manila_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s" +manila_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s" +manila_v2_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s" +manila_v2_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s" +manila_v2_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s" manila_logging_debug: "{{ openstack_logging_debug }}" @@ -38,5 +41,4 @@ manila_keystone_user: "manila" manila_tenant_name: "manila_tenant" -openstack_manila_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" - +openstack_manila_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/manila/tasks/register.yml b/ansible/roles/manila/tasks/register.yml index e5dcbe925c..e3fe7e2f69 100644 --- a/ansible/roles/manila/tasks/register.yml +++ b/ansible/roles/manila/tasks/register.yml @@ -6,29 +6,8 @@ service_type=share description='Openstack Shared Filesystems' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v1/%(tenant_id)s' - region_name={{ openstack_region_name }} - auth={{ '{{ openstack_manila_auth }}' }}" - -e "{'openstack_manila_auth':{{ openstack_manila_auth }}}" - register: manila_endpoint - changed_when: "{{ manila_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (manila_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}" - until: manila_endpoint.stdout.split()[2] == 'SUCCESS' - retries: 10 - delay: 5 - run_once: True - -- name: Creating the Manila v2 service and endpoint - command: docker exec -t kolla_toolbox /usr/bin/ansible localhost - -m kolla_keystone_service - -a "service_name=manilav2 - service_type=sharev2 - description='Openstack Shared Filesystems' - endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ manila_api_port }}/v2/%(tenant_id)s' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_manila_auth }}' }}" -e "{'openstack_manila_auth':{{ openstack_manila_auth }}}" @@ -38,6 +17,13 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'} + - {'interface': 'admin', 'url': '{{ mistral_v2_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ mistral_v2_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ mistral_v2_public_endpoint }}'} - name: Creating the Manila project, user and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/mistral/defaults/main.yml b/ansible/roles/mistral/defaults/main.yml index b2d73ed0b7..9b3411b100 100644 --- a/ansible/roles/mistral/defaults/main.yml +++ b/ansible/roles/mistral/defaults/main.yml @@ -28,12 +28,12 @@ mistral_api_image_full: "{{ mistral_api_image }}:{{ mistral_api_tag }}" #################### # OpenStack #################### -mistral_public_address: "{{ kolla_external_fqdn }}" -mistral_admin_address: "{{ kolla_internal_fqdn }}" -mistral_internal_address: "{{ kolla_internal_fqdn }}" +mistral_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}" +mistral_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}" +mistral_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ mistral_api_port }}" mistral_logging_debug: "{{ openstack_logging_debug }}" mistral_keystone_user: "mistral" -openstack_mistral_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_mistral_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/mistral/tasks/register.yml b/ansible/roles/mistral/tasks/register.yml index 8ef413900f..9b6b27bf47 100644 --- a/ansible/roles/mistral/tasks/register.yml +++ b/ansible/roles/mistral/tasks/register.yml @@ -6,9 +6,8 @@ service_type=application_catalog description='Openstack Application Catalog' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ mistral_api_port }}' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ mistral_api_port }}' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_mistral_auth }}' }}" -e "{'openstack_mistral_auth':{{ openstack_mistral_auth }}}" @@ -18,6 +17,10 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'} - name: Creating the Mistral project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/murano/defaults/main.yml b/ansible/roles/murano/defaults/main.yml index 280cc99fa0..3292946ab8 100644 --- a/ansible/roles/murano/defaults/main.yml +++ b/ansible/roles/murano/defaults/main.yml @@ -24,12 +24,12 @@ murano_api_image_full: "{{ murano_api_image }}:{{ murano_api_tag }}" #################### # OpenStack #################### -murano_public_address: "{{ kolla_external_fqdn }}" -murano_admin_address: "{{ kolla_internal_fqdn }}" -murano_internal_address: "{{ kolla_internal_fqdn }}" +murano_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}" +murano_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}" +murano_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ murano_api_port }}" murano_logging_debug: "{{ openstack_logging_debug }}" murano_keystone_user: "murano" -openstack_murano_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_murano_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/murano/tasks/register.yml b/ansible/roles/murano/tasks/register.yml index 78bdc4f603..d03e41f327 100644 --- a/ansible/roles/murano/tasks/register.yml +++ b/ansible/roles/murano/tasks/register.yml @@ -6,9 +6,8 @@ service_type=application_catalog description='Openstack Application Catalogue' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ murano_api_port }}' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ murano_api_port }}' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_murano_auth }}' }}" -e "{'openstack_murano_auth':{{ openstack_murano_auth }}}" @@ -18,6 +17,10 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ murano_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ murano_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ murano_public_endpoint }}'} - name: Creating the Murano project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index d2d2240693..a8fc726791 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -48,12 +48,12 @@ openvswitch_vswitchd_image_full: "{{ openvswitch_vswitchd_image }}:{{ openvswitc #################### # OpenStack #################### -neutron_public_address: "{{ kolla_external_fqdn }}" -neutron_admin_address: "{{ kolla_internal_fqdn }}" -neutron_internal_address: "{{ kolla_internal_fqdn }}" +neutron_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}" +neutron_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}" +neutron_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}" neutron_logging_debug: "{{ openstack_logging_debug }}" neutron_bridge_name: "br-ex" -openstack_neutron_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_neutron_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/neutron/tasks/register.yml b/ansible/roles/neutron/tasks/register.yml index 067fa5bf48..fee70230ec 100644 --- a/ansible/roles/neutron/tasks/register.yml +++ b/ansible/roles/neutron/tasks/register.yml @@ -6,9 +6,8 @@ service_type=network description='Openstack Networking' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ neutron_server_port }}' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ neutron_server_port }}' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_neutron_auth }}' }}" -e "{'openstack_neutron_auth':{{ openstack_neutron_auth }}}" @@ -18,6 +17,10 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ neutron_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ neutron_public_endpoint }}'} - name: Creating the Neutron project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index 1fe842357d..bb81cdeac2 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -67,10 +67,10 @@ nova_compute_ironic_image_full: "{{ nova_compute_ironic_image }}:{{ nova_compute #################### # OpenStack #################### -nova_public_address: "{{ kolla_external_fqdn }}" -nova_admin_address: "{{ kolla_internal_fqdn }}" -nova_internal_address: "{{ kolla_internal_fqdn }}" +nova_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" +nova_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" +nova_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s" nova_logging_debug: "{{ openstack_logging_debug }}" -openstack_nova_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_nova_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/nova/tasks/register.yml b/ansible/roles/nova/tasks/register.yml index d7a757bb5d..5e21849560 100644 --- a/ansible/roles/nova/tasks/register.yml +++ b/ansible/roles/nova/tasks/register.yml @@ -6,9 +6,8 @@ service_type=compute description='Openstack Compute' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ nova_api_port }}/v2/%(tenant_id)s' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_nova_auth }}' }}" -e "{'openstack_nova_auth':{{ openstack_nova_auth }}}" @@ -18,7 +17,10 @@ retries: 10 delay: 5 run_once: True - + with_items: + - {'interface': 'admin', 'url': '{{ nova_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ nova_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ nova_public_endpoint }}'} - name: Creating the Nova project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2 index ad22aa5901..5d6b438270 100644 --- a/ansible/roles/nova/templates/nova.conf.j2 +++ b/ansible/roles/nova/templates/nova.conf.j2 @@ -80,7 +80,7 @@ html5proxy_port = {{ nova_spicehtml5proxy_port }} [ironic] admin_username = {{ ironic_keystone_user }} admin_password = {{ ironic_keystone_password }} -admin_url = {{ openstack_auth_v2.auth_url }} +admin_url = {{ openstack_auth.auth_url }} admin_tenant_name = service api_endpoint = {{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ ironic_api_port }}/v1 {% endif %} diff --git a/ansible/roles/swift/defaults/main.yml b/ansible/roles/swift/defaults/main.yml index 5194043df1..2676b00875 100644 --- a/ansible/roles/swift/defaults/main.yml +++ b/ansible/roles/swift/defaults/main.yml @@ -27,9 +27,9 @@ swift_rsyncd_image_full: "{{ swift_rsyncd_image }}:{{ swift_rsyncd_tag }}" #################### # OpenStack #################### -swift_public_address: "{{ kolla_external_fqdn }}" -swift_admin_address: "{{ kolla_internal_fqdn }}" -swift_internal_address: "{{ kolla_internal_fqdn }}" +swift_admin_endpoint: "{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}" +swift_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}" +swift_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ swift_proxy_server_port }}" swift_logging_debug: "{{ openstack_logging_debug }}" @@ -40,4 +40,4 @@ swift_devices_mount_point: "/srv/node" swift_devices_match_mode: "strict" swift_devices_name: "KOLLA_SWIFT_DATA" -openstack_swift_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}" +openstack_swift_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}" diff --git a/ansible/roles/swift/tasks/register.yml b/ansible/roles/swift/tasks/register.yml index 01ed3c629a..628e8aea6f 100644 --- a/ansible/roles/swift/tasks/register.yml +++ b/ansible/roles/swift/tasks/register.yml @@ -6,9 +6,8 @@ service_type=object-store description='Openstack Object Storage' endpoint_region={{ openstack_region_name }} - admin_url='{{ admin_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}' - internal_url='{{ internal_protocol }}://{{ kolla_internal_fqdn }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' - public_url='{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ swift_proxy_server_port }}/v1/AUTH_%(tenant_id)s' + url='{{ item.url }}' + interface='{{ item.interface }}' region_name={{ openstack_region_name }} auth={{ '{{ openstack_swift_auth }}' }}" -e "{'openstack_swift_auth':{{ openstack_swift_auth }}}" @@ -18,6 +17,10 @@ retries: 10 delay: 5 run_once: True + with_items: + - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'} - name: Creating the Swift project, user, and role command: docker exec -t kolla_toolbox /usr/bin/ansible localhost diff --git a/docker/keystone/keystone_bootstrap.sh b/docker/keystone/keystone_bootstrap.sh index 9702f02886..2d6d63ee53 100644 --- a/docker/keystone/keystone_bootstrap.sh +++ b/docker/keystone/keystone_bootstrap.sh @@ -17,7 +17,7 @@ REGION=$8 function get_token { unset OS_TOKEN OS_URL OS_TOKEN=$(openstack --os-identity-api-version 3 --os-username "${USERNAME}" --os-password "${PASSWORD}" --os-project-name "${PROJECT}" --os-auth-url "${ADMIN_URL}" token issue 2>&1 | awk '/ id / {print $4}') - OS_URL="${ADMIN_URL}/v3" + OS_URL="${ADMIN_URL}" } function fail_json { diff --git a/docker/kolla-toolbox/Dockerfile.j2 b/docker/kolla-toolbox/Dockerfile.j2 index 3a6c5a6a49..d41fe1b1c0 100644 --- a/docker/kolla-toolbox/Dockerfile.j2 +++ b/docker/kolla-toolbox/Dockerfile.j2 @@ -48,7 +48,8 @@ RUN git clone https://github.com/ansible/ansible.git \ RUN mkdir -p /etc/ansible /usr/share/ansible /home/ansible \ && echo 'localhost ansible_connection=local' > /etc/ansible/hosts \ - && useradd --user-group ansible --groups kolla + && useradd --user-group ansible --groups kolla \ + && sed -i 's| "identity_api_version": "2.0",| "identity_api_version": "3",|' /usr/lib/python2.7/site-packages/os_client_config/defaults.json COPY find_disks.py kolla_keystone_service.py kolla_keystone_user.py kolla_sanity.py kolla_zookeeper.py /usr/share/ansible/ COPY ansible.cfg /home/ansible/.ansible.cfg diff --git a/docker/kolla-toolbox/kolla_keystone_service.py b/docker/kolla-toolbox/kolla_keystone_service.py index 3551c2b998..6363042f7c 100644 --- a/docker/kolla-toolbox/kolla_keystone_service.py +++ b/docker/kolla-toolbox/kolla_keystone_service.py @@ -30,9 +30,8 @@ def main(): description=dict(required=True, type='str'), service_name=dict(required=True, type='str'), service_type=dict(required=True, type='str'), - admin_url=dict(required=True, type='str'), - internal_url=dict(required=True, type='str'), - public_url=dict(required=True, type='str'), + url=dict(required=True, type='str'), + interface=dict(required=True, type='str'), endpoint_region=dict(required=True, type='str') ) module = AnsibleModule(argument_spec) @@ -41,9 +40,8 @@ def main(): description = module.params.pop('description') service_name = module.params.pop('service_name') service_type = module.params.pop('service_type') - admin_url = module.params.pop('admin_url') - internal_url = module.params.pop('internal_url') - public_url = module.params.pop('public_url') + url = module.params.pop('url') + interface = module.params.pop('interface') endpoint_region = module.params.pop('endpoint_region') changed = False @@ -61,7 +59,8 @@ def main(): if service is not None: for _endpoint in cloud.keystone_client.endpoints.list(): - if _endpoint.service_id == service.id: + if _endpoint.service_id == service.id and \ + _endpoint.interface == interface: endpoint = _endpoint else: service = cloud.keystone_client.services.create( @@ -72,10 +71,9 @@ def main(): if endpoint is None: changed = True cloud.keystone_client.endpoints.create( - service_id=service.id, - adminurl=admin_url, - internalurl=internal_url, - publicurl=public_url, + service=service.id, + url=url, + interface=interface, region=endpoint_region) module.exit_json(changed=changed) diff --git a/docker/kolla-toolbox/kolla_keystone_user.py b/docker/kolla-toolbox/kolla_keystone_user.py index 7688e1bd34..f1d7b2bb8b 100644 --- a/docker/kolla-toolbox/kolla_keystone_user.py +++ b/docker/kolla-toolbox/kolla_keystone_user.py @@ -50,7 +50,7 @@ def main(): module.params['auth'].replace("'", '"')) cloud = shade.operator_cloud(**module.params) - for _project in cloud.keystone_client.tenants.list(): + for _project in cloud.keystone_client.projects.list(): if _project.name == project_name: project = _project @@ -64,8 +64,8 @@ def main(): if not project: changed = True - project = cloud.keystone_client.tenants.create( - tenant_name=project_name) + project = cloud.keystone_client.projects.create( + name=project_name, domain='default') if not role: changed = True @@ -75,10 +75,10 @@ def main(): changed = True user = cloud.keystone_client.users.create(name=user_name, password=password, - tenant_id=project.id) - cloud.keystone_client.roles.add_user_role(role=role.id, - user=user.id, - tenant=project.id) + project=project) + cloud.keystone_client.roles.grant(role=role, + user=user, + project=project) module.exit_json(changed=changed) except Exception as e: