openstack/openstack-ansible-os_swift
Code Issues Proposed changes
openstack-ansible-os_swift/tasks/swift_service_setup.yml
Jesse Pretorius 130e8da005 Do not log passwords 
This prevents data to be leaked into the callback plugin.

Some style changes are included to make it easier to read,
the copyright notice is added as it should have been from
the start, and a duplicate retry argument is removed.

Change-Id: I11c3da84fa6469764a19b6a387ef312124dfba2a
2018-04-18 12:57:31 +01:00

179 lines
6.1 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create a service
- name: Ensure swift service
keystone:
command: "ensure_service"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
description: "{{ swift_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
no_log: True
# Create an admin user
- name: Ensure swift user
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_service_user_name }}"
tenant_name: "{{ swift_service_project_name }}"
password: "{{ swift_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
no_log: True
# Add a role to the user
- name: Ensure swift user to admin role
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_service_user_name }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
no_log: True
- name: Ensure swiftoperator role
keystone:
command: "ensure_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
no_log: True
- name: "Create keystone user for swift-dispersion"
keystone:
command: "ensure_user"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
password: "{{ swift_dispersion_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
no_log: True
- name: "Create keystone role for ResellerAdmin"
keystone:
command: "ensure_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
role_name: "{{ swift_reselleradmin_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_role
until: add_role|success
retries: 5
delay: 10
no_log: True
- name: "Add ResellerAdmin role to the service tenant and ceilometer user"
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ ceilometer_service_user_name }}"
tenant_name: "{{ ceilometer_service_tenant_name }}"
role_name: "{{ swift_reselleradmin_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: ensure_role
until: ensure_role|success
retries: 5
delay: 10
when: swift_ceilometer_enabled | bool
no_log: True
- name: "Add swiftoperator role to swift-dispersion user"
keystone:
command: "ensure_user_role"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
no_log: True
# Create an endpoint
- name: Ensure swift endpoint
keystone:
command: "ensure_endpoint"
endpoint: "{{ keystone_service_adminurl }}"
login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}"
region_name: "{{ swift_service_region }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ swift_service_publicurl }}"
interface: "public"
- url: "{{ swift_service_internalurl }}"
interface: "internal"
- url: "{{ swift_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5
delay: 10
no_log: True
View Git Blame Copy Permalink