ddafc94e30
Change-Id: I084da313eda17435c095ade7cb1b92981f5341dc
153 lines
5.8 KiB
YAML
153 lines
5.8 KiB
YAML
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
---
|
|
|
|
# TODO(TheJulia): The user and project domains are hardcoded in this.
|
|
# We should likely address that at some point, however I think a user
|
|
# should be the driver of that work.
|
|
|
|
- name: "Error if credentials are undefined."
|
|
fail:
|
|
msg: |
|
|
Credentials are missing or undefined, unable to proceed.
|
|
Please consult roled defaults/main.yml.
|
|
when: >
|
|
keystone is undefined or keystone.bootstrap is undefined or
|
|
keystone.bootstrap.username is undefined or
|
|
keystone.bootstrap.password is undefined or
|
|
keystone.bootstrap.project_name is undefined or
|
|
ironic_inspector.service_catalog.auth_url is undefined or
|
|
ironic_inspector.service_catalog.username is undefined or
|
|
ironic_inspector.service_catalog.password is undefined or
|
|
ironic_inspector.keystone is undefined or
|
|
ironic_inspector.keystone.default_username is undefined or
|
|
ironic_inspector.keystone.default_password is undefined
|
|
|
|
- name: "Configure keystone auth"
|
|
set_fact:
|
|
keystone_auth:
|
|
auth_url: "{{ ironic.service_catalog.auth_url | default(keystone_api_url) }}"
|
|
username: "{{ keystone.bootstrap.username }}"
|
|
password: "{{ keystone.bootstrap.password }}"
|
|
project_name: "admin"
|
|
project_domain_id: "default"
|
|
user_domain_id: "default"
|
|
no_log: true
|
|
|
|
- name: "Create service user for ironic-inspector"
|
|
openstack.cloud.identity_user:
|
|
name: "{{ ironic_inspector.service_catalog.username }}"
|
|
password: "{{ ironic_inspector.service_catalog.password }}"
|
|
state: present
|
|
domain: "default"
|
|
default_project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Associate ironic_inspector user to admin role"
|
|
openstack.cloud.role_assignment:
|
|
user: "{{ ironic_inspector.service_catalog.username }}"
|
|
role: admin
|
|
project: "{{ ironic_inspector.service_catalog.project_name | default('service') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Create keystone service record for ironic-inspector"
|
|
openstack.cloud.catalog_service:
|
|
state: present
|
|
name: ironic-inspector
|
|
service_type: baremetal-introspection
|
|
description: OpenStack Baremetal Introspection Service
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
register: introspection_catalog_service
|
|
no_log: true
|
|
|
|
- name: "Create ironic-inspector admin endpoint"
|
|
openstack.cloud.endpoint:
|
|
state: present
|
|
service: "{{ introspection_catalog_service.id }}"
|
|
endpoint_interface: admin
|
|
url: "{{ ironic_inspector.keystone.admin_url | default(ironic_inspector_api_url) }}"
|
|
region: "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
no_log: true
|
|
environment: "{{ bifrost_venv_env }}"
|
|
|
|
- name: "Setting external ironic-inspector public URL"
|
|
set_fact:
|
|
ironic_inspector_public_url: "{{ api_protocol }}://{{ public_ip }}:5050/"
|
|
when: public_ip is defined
|
|
|
|
- name: "Create ironic-inspector public endpoint"
|
|
openstack.cloud.endpoint:
|
|
state: present
|
|
service: "{{ introspection_catalog_service.id }}"
|
|
endpoint_interface: public
|
|
url: "{{ ironic_inspector.keystone.public_url | default(ironic_inspector_public_url) | default(ironic_inspector_api_url) }}"
|
|
region: "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
no_log: true
|
|
environment: "{{ bifrost_venv_env }}"
|
|
|
|
- name: "Setting internal ironic-inspector URL"
|
|
set_fact:
|
|
ironic_inspector_private_url: "{{ api_protocol }}://{{ private_ip }}:5050/"
|
|
when: private_ip is defined and private_ip | length > 0
|
|
|
|
- name: "Create ironic-inspector internal endpoint"
|
|
openstack.cloud.endpoint:
|
|
state: present
|
|
service: "{{ introspection_catalog_service.id }}"
|
|
endpoint_interface: internal
|
|
url: "{{ ironic_inspector.keystone.internal_url | default(ironic_inspector_private_url) | default(ironic_inspector_api_url) }}"
|
|
region: "{{ keystone.bootstrap.region_name | default('RegionOne') }}"
|
|
auth: "{{ keystone_auth }}"
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
no_log: true
|
|
environment: "{{ bifrost_venv_env }}"
|
|
|
|
- name: "Create inspector_user user"
|
|
openstack.cloud.identity_user:
|
|
name: "{{ ironic_inspector.keystone.default_username }}"
|
|
password: "{{ ironic_inspector.keystone.default_password }}"
|
|
default_project: "baremetal"
|
|
domain: "default"
|
|
auth: "{{ keystone_auth }}"
|
|
update_password: always
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|
|
|
|
- name: "Associate inspector_user with baremetal_admin"
|
|
openstack.cloud.role_assignment:
|
|
user: "{{ ironic_inspector.keystone.default_username }}"
|
|
role: "baremetal_admin"
|
|
project: baremetal
|
|
auth: "{{ keystone_auth }}"
|
|
wait: yes
|
|
ca_cert: "{{ tls_certificate_path | default(omit) }}"
|
|
environment: "{{ bifrost_venv_env }}"
|
|
no_log: true
|