315 lines
9.0 KiB
YAML
315 lines
9.0 KiB
YAML
- name: Upload config files
|
|
template:
|
|
src: "{{item}}"
|
|
dest: /tmp/{{item}}
|
|
backup: yes
|
|
mode: 0644
|
|
with_items:
|
|
- httpd.conf
|
|
- httpd-keystone-main.conf
|
|
- httpd-keystone-admin.conf
|
|
|
|
- include: hiera.yml
|
|
|
|
- name: Generate config files
|
|
config_template:
|
|
src: base.conf.j2
|
|
dest: /tmp/keystone.conf
|
|
config_overrides: '{{keystone_config}}'
|
|
config_type: ini
|
|
|
|
- name: Read configs into memory
|
|
slurp:
|
|
src: "/tmp/httpd-keystone-main.conf"
|
|
register: "httpd_keystone_main_conf"
|
|
|
|
- name: Read configs into memory
|
|
slurp:
|
|
src: "/tmp/httpd-keystone-admin.conf"
|
|
register: "httpd_keystone_admin_conf"
|
|
|
|
- name: Read configs into memory
|
|
slurp:
|
|
src: "/tmp/httpd.conf"
|
|
register: "httpd_conf"
|
|
|
|
- name: Read configs into memory
|
|
slurp:
|
|
src: "/tmp/keystone.conf"
|
|
register: "keystone_conf"
|
|
|
|
- name: Create keystone configmaps
|
|
ignore_errors: yes
|
|
k8s_v1_config_map:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: keystone
|
|
namespace: "{{namespace}}"
|
|
state: present
|
|
debug: yes
|
|
labels:
|
|
service: keystone
|
|
data:
|
|
config.json: |
|
|
{
|
|
"command": "/usr/sbin/httpd -DFOREGROUND",
|
|
"config_files": [
|
|
{
|
|
"dest": "/etc/httpd/conf/httpd.conf",
|
|
"owner": "root",
|
|
"perm": "0644",
|
|
"source": "/var/lib/kolla/config_files/httpd.conf"
|
|
},
|
|
{
|
|
"dest": "/etc/keystone/keystone.conf",
|
|
"owner": "keystone",
|
|
"perm": "0644",
|
|
"source": "/var/lib/kolla/config_files/keystone.conf"
|
|
},
|
|
{
|
|
"dest": "/etc/httpd/conf.d/10-keystone-main.conf",
|
|
"owner": "root",
|
|
"perm": "0644",
|
|
"source": "/var/lib/kolla/config_files/httpd-keystone-main.conf"
|
|
},
|
|
{
|
|
"dest": "/etc/httpd/conf.d/10-keystone-admin.conf",
|
|
"owner": "root",
|
|
"perm": "0644",
|
|
"source": "/var/lib/kolla/config_files/httpd-keystone-admin.conf"
|
|
}
|
|
]
|
|
}
|
|
keystone.conf: |
|
|
{{keystone_conf['content'] | b64decode}}
|
|
httpd.conf: |
|
|
{{httpd_conf['content'] | b64decode}}
|
|
httpd-keystone-main.conf: |
|
|
{{httpd_keystone_main_conf['content'] | b64decode}}
|
|
httpd-keystone-admin.conf: |
|
|
{{httpd_keystone_admin_conf['content'] | b64decode}}
|
|
|
|
- name: Create keystone database
|
|
include_role:
|
|
name: ansible-role-k8s-tripleo
|
|
tasks_from: create-database
|
|
vars:
|
|
service_name: 'keystone'
|
|
database_name: 'keystone'
|
|
|
|
# NOTE(flaper87): Requesting a PVC should probably not be the default, explore
|
|
# using secrets for the fernet keys
|
|
- name: Create keystone PVC
|
|
k8s_v1_persistent_volume_claim:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: keystone-fernet
|
|
namespace: "{{namespace}}"
|
|
state: present
|
|
spec_access_modes:
|
|
- ReadWriteMany
|
|
spec_storage_class_name: slow
|
|
spec_resources_requests:
|
|
storage: 1Gi
|
|
|
|
- name: Create keystone job
|
|
k8s_v1_job:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: keystone-db-sync
|
|
namespace: "{{namespace}}"
|
|
state: present
|
|
restart_policy: OnFailure
|
|
containers:
|
|
- image: tripleoupstream/centos-binary-keystone
|
|
name: keystone-db-sync
|
|
env:
|
|
- name: KOLLA_CONFIG_STRATEGY
|
|
value: COPY_ALWAYS
|
|
- name: KOLLA_BOOTSTRAP
|
|
value: ''
|
|
volume_mounts:
|
|
- name: kolla-config
|
|
mountPath: /var/lib/kolla/config_files/
|
|
- name: keystone-fernet
|
|
mountPath: /etc/keystone/fernet-keys
|
|
volumes:
|
|
- name: kolla-config
|
|
config_map:
|
|
name: keystone
|
|
- name: keystone-fernet
|
|
persistentVolumeClaim:
|
|
claimName: keystone-fernet
|
|
state: present
|
|
|
|
- name: Keystone fernet bootstrap
|
|
k8s_v1_job:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: keystone-fernet
|
|
namespace: "{{namespace}}"
|
|
state: present
|
|
restart_policy: OnFailure
|
|
containers:
|
|
- image: tripleoupstream/centos-binary-keystone-fernet
|
|
name: keystone-fernet-bootstrap
|
|
command: ["kolla_keystone_bootstrap", "keystone", "keystone"]
|
|
env:
|
|
- name: KOLLA_CONFIG_STRATEGY
|
|
value: COPY_ALWAYS
|
|
volume_mounts:
|
|
- name: kolla-config
|
|
mountPath: /var/lib/kolla/config_files/
|
|
- name: keystone-fernet
|
|
mountPath: /etc/keystone/fernet-keys
|
|
volumes:
|
|
- name: kolla-config
|
|
config_map:
|
|
name: keystone
|
|
- name: keystone-fernet
|
|
persistentVolumeClaim:
|
|
claimName: keystone-fernet
|
|
state: present
|
|
|
|
- name: Keystone bootstrap
|
|
k8s_v1_job:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: keystone-bootstrap
|
|
namespace: "{{namespace}}"
|
|
state: present
|
|
restart_policy: OnFailure
|
|
containers:
|
|
- image: tripleoupstream/centos-binary-keystone
|
|
name: keystone-bootstrap
|
|
# NOTE(flaper87): We might want to set bootstrap URLs, project name, etc
|
|
command:
|
|
- keystone-manage
|
|
- --config-file
|
|
- /var/lib/kolla/config_files/keystone.conf
|
|
- bootstrap
|
|
- --bootstrap-username
|
|
- '{{keystone_config.admin_username}}'
|
|
- --bootstrap-password
|
|
- '{{keystone_config.admin_password}}'
|
|
- --bootstrap-role-name
|
|
- '{{keystone_config.admin_role_name}}'
|
|
- --bootstrap-project-name
|
|
- '{{keystone_config.admin_project_name}}'
|
|
- --bootstrap-service-name
|
|
- '{{keystone_config.admin_service_name}}'
|
|
- --bootstrap-admin-url
|
|
- http://keystone:35357/v3
|
|
- --bootstrap-internal-url
|
|
- http://keystone:5000/v3
|
|
- --bootstrap-public-url
|
|
- http://keystone:5000/v3
|
|
- --bootstrap-region-id
|
|
- RegionOne
|
|
env:
|
|
- name: KOLLA_CONFIG_STRATEGY
|
|
value: COPY_ALWAYS
|
|
- name: KOLLA_BOOTSTRAP
|
|
value: ''
|
|
volume_mounts:
|
|
- name: kolla-config
|
|
mountPath: /var/lib/kolla/config_files/
|
|
- name: keystone-fernet
|
|
mountPath: /etc/keystone/fernet-keys
|
|
volumes:
|
|
- name: kolla-config
|
|
config_map:
|
|
name: keystone
|
|
- name: keystone-fernet
|
|
persistentVolumeClaim:
|
|
claimName: keystone-fernet
|
|
state: present
|
|
|
|
|
|
- name: Create keystone service
|
|
k8s_v1_service:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: keystone
|
|
namespace: "{{namespace}}"
|
|
state: present
|
|
ports:
|
|
- port: 5000
|
|
name: keystone-api-public
|
|
- port: 35357
|
|
name: keystone-api-admin
|
|
selector:
|
|
app: keystone-api
|
|
register: create_service
|
|
|
|
- name: Create keystone deployment
|
|
k8s_apps_v1beta1_deployment:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: keystone-api
|
|
namespace: "{{namespace}}"
|
|
replicas: 1
|
|
spec_revision_history_limit: 3
|
|
spec_template_metadata_labels:
|
|
app: keystone-api
|
|
containers:
|
|
- name: keystone-api
|
|
image: tripleoupstream/centos-binary-keystone
|
|
imagePullPolicy: IfNotPresent
|
|
env:
|
|
- name: KOLLA_CONFIG_STRATEGY
|
|
value: COPY_ALWAYS
|
|
- name: KOLLA_KUBERNETES
|
|
value: ""
|
|
ports:
|
|
- name: api-public
|
|
containerPort: 5000
|
|
- name: api-admin
|
|
containerPort: 35357
|
|
volume_mounts:
|
|
- name: kolla-config
|
|
mountPath: /var/lib/kolla/config_files/
|
|
- name: keystone-fernet
|
|
mountPath: /etc/keystone/fernet-keys
|
|
volumes:
|
|
- name: kolla-config
|
|
config_map:
|
|
name: keystone
|
|
- name: keystone-fernet
|
|
persistentVolumeClaim:
|
|
claimName: keystone-fernet
|
|
state: present
|
|
register: create_service
|
|
|
|
- set_fact:
|
|
clouds_yaml: |
|
|
clouds:
|
|
{{namespace}}:
|
|
region_name: RegionOne
|
|
identity_api_version: 3
|
|
auth:
|
|
username: '{{keystone_config.admin_username}}'
|
|
password: '{{keystone_config.admin_password}}'
|
|
project_name: '{{keystone_config.admin_project_name}}'
|
|
user_domain_name: '{{keystone_config.admin_domain_name}}'
|
|
project_domain_name: '{{keystone_config.admin_domain_name}}'
|
|
auth_url: 'http://keystone:5000/v3'
|
|
|
|
- name: Create keystone secrets
|
|
k8s_v1_secret:
|
|
host: "{{coe_host}}"
|
|
context: "{{coe_config_context}}"
|
|
kubeconfig: "{{coe_config_file}}"
|
|
name: '{{clouds_config}}'
|
|
namespace: "{{namespace}}"
|
|
state: present
|
|
data:
|
|
clouds.yaml: "{{clouds_yaml | b64encode}}"
|