Use keystone library for heat_stack_domain_admin
The keystone library has been updated to support adding a user to a domain and assigning a role without specifying a project. Use it instead of shelling out to the openstackclient. Closes-Bug: 1579612 Depends-On: I6a132e5407c9881a047037b85bd6e25b85c0d8a1 Change-Id: I2659f0496528c29e036c459494a463182e69599d
This commit is contained in:
parent
47088f7e47
commit
b45b74eb4f
|
@ -58,47 +58,42 @@
|
|||
- heat-domain-setup
|
||||
- heat-config
|
||||
|
||||
# TODO Change the keystone library to support adding
|
||||
# a user to a domain without specifying a project
|
||||
- name: Ensure heat user
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
{{ heat_bin }}/openstack {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}\
|
||||
--os-identity-api-version=3 \
|
||||
--os-auth-url={{ keystone_service_adminurl }} \
|
||||
--os-project-name={{ heat_project_name }} \
|
||||
--os-project-domain-name={{ heat_project_domain_name }} \
|
||||
--os-user-domain-name={{ heat_user_domain_name }} \
|
||||
user \
|
||||
create \
|
||||
--or-show \
|
||||
--domain {{ heat_stack_user_domain_name }} \
|
||||
--password {{ heat_stack_domain_admin_password }} \
|
||||
"{{ heat_stack_domain_admin }}"
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
password: "{{ heat_stack_domain_admin_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- heat-domain
|
||||
- heat-domain-setup
|
||||
- heat-config
|
||||
- heat-command-bin
|
||||
|
||||
|
||||
# TODO Change the keystone library to support adding
|
||||
# a role to a user without specifying a project
|
||||
- name: Assign admin role to heat domain admin user
|
||||
shell: |
|
||||
. {{ ansible_env.HOME }}/openrc
|
||||
{{ heat_bin }}/openstack {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}\
|
||||
--os-identity-api-version=3 \
|
||||
--os-auth-url={{ keystone_service_adminurl }} \
|
||||
--os-project-name={{ heat_project_name }} \
|
||||
--os-project-domain-name={{ heat_project_domain_name }} \
|
||||
--os-user-domain-name={{ heat_user_domain_name }} \
|
||||
role \
|
||||
add \
|
||||
--user {{ heat_stack_domain_admin }} \
|
||||
--domain {{ heat_stack_user_domain_name }} \
|
||||
--user-domain {{ heat_stack_user_domain_name }} \
|
||||
admin
|
||||
- name: Ensure heat role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ heat_stack_domain_admin }}"
|
||||
role_name: "admin"
|
||||
domain_name: "{{ heat_stack_user_domain_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_service
|
||||
until: add_service|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
tags:
|
||||
- heat-domain
|
||||
- heat-domain-setup
|
||||
|
|
Loading…
Reference in New Issue