Role support for authentication

Bifrost was built around utilizing noauth authenticaiton mode. However the roles can easilly be re-utilized by users consuming only part of bifrost, or that are wishing to utilize the roles as examples to create their own playbooks. To allow re-consumption of roles interacting with ironic, addition of logic to allow for os-client-config to be utilized for module authentication Change-Id: I072791613cdf99723c567d24dbd3aee935e2e068 Implements: blueprint bifrost-role-auth-support
2015-12-16 09:19:04 -05:00
parent 7ff69efafa
commit 625a628887
16 changed files with 93 additions and 14 deletions
--- a/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md
+++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/README.md
@@ -60,6 +60,14 @@ inventory_dhcp: A boolean value, defaulted to false, which causes the role
                to update a template file and reload dhsmasq upon each update
                in order to perform static dhcp assignments utilizing the
                ipv4_address parameter.
+
+noauth_mode: Controls if the module is called in noauth mode.
+             By default, this is the standard mode of operation,
+             however if set to false, the role utilizes os_client_config
+             which expects a clouds.yml file.  More information about
+             this file format can be found at:
+             http://docs.openstack.org/developer/os-client-config/
+
 Dependencies
 ------------

--- a/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml
+++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/defaults/main.yml
@@ -8,5 +8,5 @@ http_boot_folder: "/httpboot"
 deploy_image_filename: "deployment_image.qcow2"
 deploy_image: "{{http_boot_folder}}/{{deploy_image_filename}}"
 inventory_dhcp: false
-
 deploy_url_protocol: "http"
+noauth_mode: true
--- a/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml
+++ b/playbooks/roles/bifrost-deploy-nodes-dynamic/tasks/main.yml
@@ -17,6 +17,11 @@
 # the pass-through could mean that the user could deploy
 # things that are not directly accessible or reasonable
 # to be inspected.
+- name: "If in noauth mode, set Auth parameters to None"
+  set_fact:
+    auth_type: None
+    auth: None
+  when: noauth_mode | bool == true
 - name: "Setup DHCP for nodes."
  template: src=dhcp-host.j2 dest=/etc/dnsmasq.d/bifrost.dhcp-hosts.d/{{ inventory_hostname }}  owner=root group=root mode=0644
  delegate_to: localhost
@@ -28,10 +33,10 @@
  command: killall -HUP dnsmasq
  become: yes
  when: inventory_dhcp | bool
- name: "Deploy to hardware - Using custom instance_info."
+- name: "Deploy to hardware - Using custom instance_info"
  os_ironic_node:
-    auth_type: None
-    auth: None
+    auth_type: "{{ auth_type | default(omit) }}"
+    auth: "{{ auth | default(omit) }}"
    ironic_url: "{{ ironic_url }}"
    uuid: "{{ uuid }}"
    state: present
@@ -48,8 +53,8 @@
  when: instance_info is not defined and test_deploy_image.stat.exists | bool == false
 - name: "Deploy to hardware - bifrost default"
  os_ironic_node:
-    auth_type: None
-    auth: None
+    auth_type: "{{ auth_type | default(omit) }}"
+    auth: "{{ auth | default(omit) }}"
    ironic_url: "{{ ironic_url }}"
    uuid: "{{ uuid }}"
    state: present