From d8583df31cccd23e092a82b386d8693d0a2f8086 Mon Sep 17 00:00:00 2001 From: Jimmy McCrory Date: Thu, 17 Mar 2016 14:52:53 -0700 Subject: [PATCH] Remove dependency on the Keystone admin auth token Now that auth token usage is deprecated, prefer the admin user and password for all barbican setup tasks run against keystone. Change-Id: I7c839b52c04bc7e889d10f52c08d1b4453eabc5d --- README.rst | 9 ++++++++- tasks/service-setup.yml | 16 ++++++++++++---- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/README.rst b/README.rst index 5d0a22f..65c704f 100644 --- a/README.rst +++ b/README.rst @@ -15,9 +15,13 @@ Default Variables Required Variables ================== -barbican_service_password +barbican_galera_address barbican_galera_password barbican_rabbitmq_password +barbican_service_password +keystone_admin_user_name +keystone_auth_admin_password +keystone_admin_tenant_name Example Playbook ================ @@ -36,3 +40,6 @@ Example Playbook barbican_service_password: SuperSecretePassword1 barbican_galera_password: SuperSecretePassword2 barbican_rabbitmq_password: SuperSecretePassword3 + keystone_admin_user_name: admin + keystone_auth_admin_password: SuperSecretePassword4 + keystone_admin_tenant_name: admin diff --git a/tasks/service-setup.yml b/tasks/service-setup.yml index 00a3468..c5ba600 100644 --- a/tasks/service-setup.yml +++ b/tasks/service-setup.yml @@ -16,8 +16,10 @@ - name: Ensure the service for Barbican exists keystone: command: "ensure_service" - token: "{{ keystone_auth_admin_token }}" endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" service_name: "{{ barbican_service_name }}" service_type: "{{ barbican_service_type }}" @@ -34,8 +36,10 @@ - name: Ensure the Barbican user exists keystone: command: "ensure_user" - token: "{{ keystone_auth_admin_token }}" endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" user_name: "{{ barbican_service_user_name }}" tenant_name: "{{ barbican_service_project_name }}" @@ -53,8 +57,10 @@ - name: Ensure the Barbican user has the admin role keystone: command: "ensure_user_role" - token: "{{ keystone_auth_admin_token }}" endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" user_name: "{{ barbican_service_user_name }}" tenant_name: "{{ barbican_service_project_name }}" role_name: "{{ item }}" @@ -72,8 +78,10 @@ - name: Ensure the Barbican endpoint is registered keystone: command: "ensure_endpoint" - token: "{{ keystone_auth_admin_token }}" endpoint: "{{ keystone_service_adminurl }}" + login_user: "{{ keystone_admin_user_name }}" + login_password: "{{ keystone_auth_admin_password }}" + login_project_name: "{{ keystone_admin_tenant_name }}" insecure: "{{ keystone_service_adminuri_insecure }}" region_name: "{{ barbican_service_region }}" service_name: "{{ barbican_service_name }}"