Update git submodules
* Update tripleo-ansible from branch 'master' - Merge "Data structure changes for tripleo-keystone-resources role" - Data structure changes for tripleo-keystone-resources role While reviewing the first implementation it appears that we can extend the data structure to make it so we wouldn't need extra Ansible tasks to handle other Keystone resources needed by some services like barbican, ceilometer or heat. This change does the following: - remove "container" related variable name from "haskey" filter, as we will recycle it from the tripleo-keystone-resources role. - keystone endpoints will be found under "endpoints" and not "urls". - keystone endpoints data will be built from the keystone_resources dictionary only if endpoints are specified in the dict items. The loop-endpoints will loop over a list of keystone resources which contain "endpoints" key. However, it needs access to some other keys during the endpoint creation so we re-used that filter. - Same for Keystone Services, with "service" attribute. - Re-use "get_key_from_dict" filter to get all Keystone users to create. This can be done because the function will return only the key and its value when present, create a list and then we pass it to the users playbook. We do the same for the user roles assignment, but we also apply the "get_role_assignments" filter, to build the proper data structure so role assignement is done correctly. - Allow to create extra roles and domains. - Allow to override the default domain when creating a user. - Modify "get_role_assignments" filter so if a domain is specified, the user is assigned to the role in a domain and not in a project. If on domain is specified, we assign it into a project, and the default is set by tripleo_keystone_resources_service_project where the default is "service" by legacy. The data structure of the returned value changed, to work with this complex situation (in Keystone v3, domain & project are mutually exclusive when doing role assignment). - Add tripleo_keystone_resources_batch variable and set to 10 by default, so we'll manage 10 resources at the same time in async to speed things up. - Create get_domain_id() filter to go over all domains and get a domain id from a domain name. Unfortunately, the module that list all domains changed in Ansible 2.9.1 so we have 2 kind of playbooks to support old and new style to gather all domains infos. The new structure looks like the following: keystone_resources: nova: service: compute region: RegionOne endpoints: public: https://public-nova:8774 admin: https://admin-nova:8774 internal: https://internal-nova:8774 users: nova: password: secretenova roles: - admin - service domain: nova_extra_domain roles: - nova_extra_role domains: - nova_extra_domain Change-Id: Ia68f8852662fb4abbd194954a246afb740bf3f71
This commit is contained in:
parent
aaaaa161ec
commit
5119fbf1b6
|
@ -1 +1 @@
|
|||
Subproject commit fa0c5158c8e0b83caadf45e9711a2f77c79d397f
|
||||
Subproject commit aca83763d75ec30dff6a9391924a55fa29b53379
|
Loading…
Reference in New Issue