openstack/openstack-ansible-os_adjutant
Code Issues Proposed changes
openstack-ansible-os_adjutant/tasks/service_setup.yml
Dmitriy Rabotyagov c5fbb4d2f5 Make role fit to the OSA standards 
We've pulled that role from github, and we need to make
an adjustments to standardize approach across all other
roles, like service and db create, uwsgi usage, etc.

We're also adding integrated CI.

Needed-By: https://review.opendev.org/756310
Change-Id: Ie95b9c723f29eb20f9e1e95e284d7ed20346aaff
2020-11-24 11:48:05 +02:00

163 lines
5.8 KiB
YAML
Raw Blame History

---
# Copyright 2019, VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# WARNING:
# This file is maintained in the openstack-ansible-tests repository.
# https://opendev.org/openstack/openstack-ansible-tests/src/sync/tasks/service_setup.yml
# If you need to modify this file, update the one in the openstack-ansible-tests
# repository. Once it merges there, the changes will automatically be proposed to
# all the repositories which use it.
# We set the python interpreter to the ansible runtime venv if
# the delegation is to localhost so that we get access to the
# appropriate python libraries in that venv. If the delegation
# is to another host, we assume that it is accessible by the
# system python instead.
- name: Setup the OS service
delegate_to: "{{ _service_setup_host }}"
vars:
ansible_python_interpreter: "{{ _service_setup_host_python_interpreter }}"
block:
- name: Add keystone domain
openstack.cloud.os_keystone_domain:
cloud: default
state: present
description: "{{ _domain_name_description | default(omit) }}"
name: "{{ _domain_name }}"
endpoint_type: admin
verify: "{{ not _service_adminuri_insecure }}"
register: add_domain
when: _domain_name is defined
until: add_domain is success
retries: 5
delay: 10
- name: Add service project
openstack.cloud.os_project:
cloud: default
state: present
name: "{{ _project_name }}"
description: "{{ _project_description | default(omit) }}"
domain_id: "{{ _project_domain | default('default') }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _project_name is defined
until: add_service is success
retries: 5
delay: 10
- name: Add services to the keystone service catalog
openstack.cloud.os_keystone_service:
cloud: default
state: "{{ item.state | default('present') }}"
name: "{{ item.name }}"
service_type: "{{ item.type }}"
description: "{{ item.description | default('') }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
with_items: "{{ _service_catalog }}"
when: _service_catalog is defined
until: add_service is success
retries: 5
delay: 10
- name: Add keystone roles
openstack.cloud.os_keystone_role:
cloud: default
state: present
name: "{{ item.role }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _service_users is defined
- "'role' in item"
- (item.condition | default(True)) | bool
until: add_service is success
with_items: "{{ _service_users }}"
retries: 5
delay: 10
no_log: True
- name: Add service users
openstack.cloud.os_user:
cloud: default
state: present
name: "{{ item.name }}"
password: "{{ item.password }}"
domain: "{{ item.domain | default('default') }}"
default_project: "{{ item.project | default(_service_project_name) }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
update_password: always
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _service_users is defined
- "'name' in item"
- "'password' in item"
- (item.condition | default(True)) | bool
until: add_service is success
with_items: "{{ _service_users }}"
retries: 5
delay: 10
no_log: True
- name: Add service users to the role
openstack.cloud.os_user_role:
cloud: default
state: present
user: "{{ item.name }}"
role: "{{ item.role }}"
project: "{{ item.project | default(_service_project_name) }}"
domain: "{{ item.domain | default(omit) }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
when:
- not (_service_in_ldap | default(False) | bool)
- _service_users is defined
- "'name' in item"
- "'role' in item"
- (item.condition | default(True)) | bool
until: add_service is success
with_items: "{{ _service_users }}"
retries: 5
delay: 10
no_log: True
- name: Add endpoints to keystone endpoint catalog
openstack.cloud.os_keystone_endpoint:
cloud: default
state: "{{ item.state | default('present') }}"
service: "{{ item.service }}"
endpoint_interface: "{{ item.interface }}"
url: "{{ item.url }}"
region: "{{ _service_region | default('RegionOne') }}"
endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service
until: add_service is success
retries: 5
delay: 10
with_items: "{{ _service_endpoints }}"
when: _service_endpoints is defined
View Git Blame Copy Permalink