openstack-ansible-os_keystone/tasks/keystone_service_setup.yml

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Wait for services to be up
  uri:
    url: "{{ item }}"
    method: "HEAD"
    status_code: 300
  with_items:
    - "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}"
    - "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
  register: _wait_check
  until: _wait_check | success
  retries: 12
  delay: 5

- name: Bootstrap keystone admin and endpoint
  command: |
     {{ keystone_bin }}/keystone-manage bootstrap \
     --bootstrap-username {{ keystone_admin_user_name }} \
     --bootstrap-password {{ keystone_auth_admin_password }} \
     --bootstrap-project-name {{ keystone_admin_tenant_name }} \
     --bootstrap-role-name {{ keystone_role_name }} \
     --bootstrap-service-name {{ keystone_service_name }} \
     --bootstrap-region-id {{ keystone_service_region }} \
     --bootstrap-admin-url {{ keystone_service_adminuri }} \
     --bootstrap-public-url {{ keystone_service_publicuri }} \
     --bootstrap-internal-url {{ keystone_service_internaluri }}     
  no_log: true
  become: yes
  become_user: "{{ keystone_system_user_name }}"
  changed_when: false
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

# Create a service tenant
- name: Ensure service tenant
  keystone:
    command: "ensure_tenant"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
    ignore_catalog: True
    tenant_name: "{{ keystone_service_tenant_name }}"
    description: "{{ keystone_service_description }}"
  no_log: true
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

# Add the default user role
- name: Ensure default keystone user role
  keystone:
    command: "ensure_role"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
    ignore_catalog: True
    role_name: "{{ keystone_default_role_name }}"
  no_log: true
  register: add_member_role
  when: not keystone_service_in_ldap | bool
  until: add_member_role|success
  retries: 5
  delay: 10

# Create a service
- name: Ensure Keystone Service
  keystone:
    command: "ensure_service"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
    ignore_catalog: True
    service_name: "{{ keystone_service_name }}"
    service_type: "{{ keystone_service_type }}"
    description: "{{ keystone_service_description }}"
  no_log: true
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

# Create a service user
- name: Ensure Keystone user
  keystone:
    command: "ensure_user"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
    ignore_catalog: True
    user_name: "{{ keystone_service_user_name }}"
    tenant_name: "{{ keystone_service_tenant_name }}"
    password: "{{ keystone_service_password }}"
  no_log: true
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

# Add a role to the user
- name: Ensure Keystone user to Admin role
  keystone:
    command: "ensure_user_role"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
    ignore_catalog: True
    user_name: "{{ keystone_service_user_name }}"
    tenant_name: "{{ keystone_service_tenant_name }}"
    role_name: "{{ keystone_role_name }}"
  no_log: true
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10

# Create an endpoint
- name: Update Keystone endpoint
  keystone:
    command: "ensure_endpoint"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
    ignore_catalog: True
    region_name: "{{ keystone_service_region }}"
    service_name: "{{ keystone_service_name }}"
    service_type: "{{ keystone_service_type }}"
    endpoint_list:
      - url: "{{ keystone_service_publicuri }}"
        interface: "public"
      - url: "{{ keystone_service_internaluri }}"
        interface: "internal"
      - url: "{{ keystone_service_adminuri }}"
        interface: "admin"
  no_log: true
  register: add_service
  until: add_service|success
  retries: 5
  delay: 10