Playbook and role to register a test project and other resources

This will register a project, users, keypairs and generate an openrc file
for use by the user.
This commit is contained in:
Mark Goddard 2017-03-27 16:48:51 +01:00
parent ef1456d94d
commit 90f0fd14d3
5 changed files with 179 additions and 0 deletions

View File

@ -0,0 +1,54 @@
---
# Path to a directory in which to create a virtualenv.
test_project_venv:
# Authentication type as used by os_* modules' 'auth_type' argument.
test_project_auth_type:
# Authentication options for admin as used by os_* modules' 'auth' argument.
test_project_admin_auth:
# Authentication option overrides for non-admin user as used by os_* modules'
# 'auth' argument.
test_project_user_auth_overrides:
project_domain_name: "{{ test_project_domain }}"
user_domain_name: "{{ test_project_users[0].domain }}"
project_name: "{{ test_project_name }}"
username: "{{ test_project_users[0].name }}"
password: "{{ test_project_users[0].password }}"
# Authentication options for admin as used by os_* modules' 'auth' argument.
test_project_auth: "{{ test_project_admin_auth | combine(test_project_user_auth_overrides) }}"
# Environment variables for use with os_* modules.
test_project_environment:
OS_IDENTITY_API_VERSION: 3
# Name of project to create.
test_project_name: test-project
# Description of project to create.
test_project_description: Test project
# Domain in which to create project.
test_project_domain: default
# List of users to create in the project.
test_project_users:
- name: test-user
password: test-password
domain: default
roles:
- admin
openrc_file: "{{ test_project_openrc_directory }}/test-user-openrc.sh"
# List of SSH key-pairs to register.
test_project_keypairs:
- name: test-key
public_key: "{{ test_project_public_key }}"
# SSH public key to register.
test_project_public_key:
# Directory in which to store openrc environment
test_project_openrc_directory: "{{ lookup('env', 'PWD') }}"

View File

@ -0,0 +1,4 @@
---
dependencies:
- role: shade
shade_venv: "{{ test_project_venv }}"

View File

@ -0,0 +1,69 @@
---
- name: Set a fact to ensure Ansible uses the python interpreter in the virtualenv
set_fact:
ansible_python_interpreter: "{{ test_project_venv }}/bin/python"
- name: Ensure the test project exists
os_project:
auth_type: "{{ test_project_auth_type }}"
auth: "{{ test_project_admin_auth }}"
name: "{{ test_project_name }}"
description: "{{ test_project_description }}"
domain_id: "{{ test_project_domain }}"
state: present
enabled: True
wait: yes
environment: "{{ test_project_environment }}"
- name: Ensure test project users exist
os_user:
auth_type: "{{ test_project_auth_type }}"
auth: "{{ test_project_admin_auth }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
default_project: "{{ test_project_name }}"
domain: "{{ item.domain }}"
state: present
enabled: True
wait: yes
with_items: "{{ test_project_users }}"
environment: "{{ test_project_environment }}"
- name: Ensure test project users have required roles
os_user_role:
auth_type: "{{ test_project_auth_type }}"
auth: "{{ test_project_admin_auth }}"
user: "{{ item.0.name }}"
project: "{{ test_project_name }}"
role: "{{ item.1 }}"
state: present
with_subelements:
- "{{ test_project_users }}"
- roles
environment: "{{ test_project_environment }}"
- name: Ensure SSH keypairs are registered
os_keypair:
auth_type: "{{ test_project_auth_type }}"
auth: "{{ test_project_auth }}"
name: "{{ item.name }}"
public_key_file: "{{ item.public_key_file | default(omit) }}"
public_key: "{{ item.public_key | default(omit) }}"
state: present
with_items: "{{ test_project_keypairs }}"
environment: "{{ test_project_environment }}"
# This variable is unset before we set it, and it does not appear to be
# possible to unset a variable in Ansible.
- name: Set a fact to reset the Ansible python interpreter
set_fact:
ansible_python_interpreter: /usr/bin/python
- name: Ensure openrc environment file exists
local_action:
module: template
src: openrc.j2
dest: "{{ item.openrc_file }}"
mode: 0600
with_items: "{{ test_project_users }}"
when: "{{ item.openrc_file is defined }}"

View File

@ -0,0 +1,9 @@
# {{ ansible_managed }}
# This is an openrc environment file for OpenStack user {{ item.name }} in
# project {{ test_project_name }}.
{% for name, value in test_project_auth.items() %}
export OS_{{ name | upper }}={{ value }}
{% endfor %}
{% for name, value in test_project_environment.items() %}
export {{ name }}={{ value }}
{% endfor %}

43
ansible/test-project.yml Normal file
View File

@ -0,0 +1,43 @@
---
- name: Ensure a test project exists
hosts: controllers[0]
vars:
venv: "{{ ansible_env.PWD }}/shade-venv"
# Dict of quotas to set for the test project.
test_project_quotas:
cores: -1
floating_ips: -1
injected_files: -1
injected_file_size: -1
instances: -1
key_pairs: -1
fixed_ips: -1
ram: -1
secgroup_rules: -1
secgroups: -1
pre_tasks:
- name: Read the SSH public key on the controller
slurp:
src: "{{ ansible_env.PWD ~ '/.ssh/id_rsa.pub' }}"
register: ssh_public_key
roles:
- role: test-project
test_project_venv: "{{ venv }}"
test_project_auth_type: "{{ openstack_auth_type }}"
test_project_admin_auth: "{{ openstack_auth }}"
test_project_openrc_directory: "{{ kayobe_config_path }}"
test_project_public_key: "{{ ssh_public_key.content | b64decode }}"
- role: openstackclient
openstackclient_venv: "{{ venv }}"
post_tasks:
- name: Ensure quotas are set
shell: >
source {{ venv }}/bin/activate &&
openstack quota set {{ test_project_name }}
{% for name, value in test_project_quotas.items() %} --{{ name | replace('_', '-') }}={{ value }}{% endfor %}
when: "{{ test_project_quotas }}"
environment: "{{ openstack_auth_env }}"