Playbook and role to register a test project and other resources
This will register a project, users, keypairs and generate an openrc file for use by the user.
This commit is contained in:
parent
ef1456d94d
commit
90f0fd14d3
54
ansible/roles/test-project/defaults/main.yml
Normal file
54
ansible/roles/test-project/defaults/main.yml
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
# Path to a directory in which to create a virtualenv.
|
||||
test_project_venv:
|
||||
|
||||
# Authentication type as used by os_* modules' 'auth_type' argument.
|
||||
test_project_auth_type:
|
||||
|
||||
# Authentication options for admin as used by os_* modules' 'auth' argument.
|
||||
test_project_admin_auth:
|
||||
|
||||
# Authentication option overrides for non-admin user as used by os_* modules'
|
||||
# 'auth' argument.
|
||||
test_project_user_auth_overrides:
|
||||
project_domain_name: "{{ test_project_domain }}"
|
||||
user_domain_name: "{{ test_project_users[0].domain }}"
|
||||
project_name: "{{ test_project_name }}"
|
||||
username: "{{ test_project_users[0].name }}"
|
||||
password: "{{ test_project_users[0].password }}"
|
||||
|
||||
# Authentication options for admin as used by os_* modules' 'auth' argument.
|
||||
test_project_auth: "{{ test_project_admin_auth | combine(test_project_user_auth_overrides) }}"
|
||||
|
||||
# Environment variables for use with os_* modules.
|
||||
test_project_environment:
|
||||
OS_IDENTITY_API_VERSION: 3
|
||||
|
||||
# Name of project to create.
|
||||
test_project_name: test-project
|
||||
|
||||
# Description of project to create.
|
||||
test_project_description: Test project
|
||||
|
||||
# Domain in which to create project.
|
||||
test_project_domain: default
|
||||
|
||||
# List of users to create in the project.
|
||||
test_project_users:
|
||||
- name: test-user
|
||||
password: test-password
|
||||
domain: default
|
||||
roles:
|
||||
- admin
|
||||
openrc_file: "{{ test_project_openrc_directory }}/test-user-openrc.sh"
|
||||
|
||||
# List of SSH key-pairs to register.
|
||||
test_project_keypairs:
|
||||
- name: test-key
|
||||
public_key: "{{ test_project_public_key }}"
|
||||
|
||||
# SSH public key to register.
|
||||
test_project_public_key:
|
||||
|
||||
# Directory in which to store openrc environment
|
||||
test_project_openrc_directory: "{{ lookup('env', 'PWD') }}"
|
4
ansible/roles/test-project/meta/main.yml
Normal file
4
ansible/roles/test-project/meta/main.yml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
dependencies:
|
||||
- role: shade
|
||||
shade_venv: "{{ test_project_venv }}"
|
69
ansible/roles/test-project/tasks/main.yml
Normal file
69
ansible/roles/test-project/tasks/main.yml
Normal file
@ -0,0 +1,69 @@
|
||||
---
|
||||
- name: Set a fact to ensure Ansible uses the python interpreter in the virtualenv
|
||||
set_fact:
|
||||
ansible_python_interpreter: "{{ test_project_venv }}/bin/python"
|
||||
|
||||
- name: Ensure the test project exists
|
||||
os_project:
|
||||
auth_type: "{{ test_project_auth_type }}"
|
||||
auth: "{{ test_project_admin_auth }}"
|
||||
name: "{{ test_project_name }}"
|
||||
description: "{{ test_project_description }}"
|
||||
domain_id: "{{ test_project_domain }}"
|
||||
state: present
|
||||
enabled: True
|
||||
wait: yes
|
||||
environment: "{{ test_project_environment }}"
|
||||
|
||||
- name: Ensure test project users exist
|
||||
os_user:
|
||||
auth_type: "{{ test_project_auth_type }}"
|
||||
auth: "{{ test_project_admin_auth }}"
|
||||
name: "{{ item.name }}"
|
||||
password: "{{ item.password }}"
|
||||
default_project: "{{ test_project_name }}"
|
||||
domain: "{{ item.domain }}"
|
||||
state: present
|
||||
enabled: True
|
||||
wait: yes
|
||||
with_items: "{{ test_project_users }}"
|
||||
environment: "{{ test_project_environment }}"
|
||||
|
||||
- name: Ensure test project users have required roles
|
||||
os_user_role:
|
||||
auth_type: "{{ test_project_auth_type }}"
|
||||
auth: "{{ test_project_admin_auth }}"
|
||||
user: "{{ item.0.name }}"
|
||||
project: "{{ test_project_name }}"
|
||||
role: "{{ item.1 }}"
|
||||
state: present
|
||||
with_subelements:
|
||||
- "{{ test_project_users }}"
|
||||
- roles
|
||||
environment: "{{ test_project_environment }}"
|
||||
|
||||
- name: Ensure SSH keypairs are registered
|
||||
os_keypair:
|
||||
auth_type: "{{ test_project_auth_type }}"
|
||||
auth: "{{ test_project_auth }}"
|
||||
name: "{{ item.name }}"
|
||||
public_key_file: "{{ item.public_key_file | default(omit) }}"
|
||||
public_key: "{{ item.public_key | default(omit) }}"
|
||||
state: present
|
||||
with_items: "{{ test_project_keypairs }}"
|
||||
environment: "{{ test_project_environment }}"
|
||||
|
||||
# This variable is unset before we set it, and it does not appear to be
|
||||
# possible to unset a variable in Ansible.
|
||||
- name: Set a fact to reset the Ansible python interpreter
|
||||
set_fact:
|
||||
ansible_python_interpreter: /usr/bin/python
|
||||
|
||||
- name: Ensure openrc environment file exists
|
||||
local_action:
|
||||
module: template
|
||||
src: openrc.j2
|
||||
dest: "{{ item.openrc_file }}"
|
||||
mode: 0600
|
||||
with_items: "{{ test_project_users }}"
|
||||
when: "{{ item.openrc_file is defined }}"
|
9
ansible/roles/test-project/templates/openrc.j2
Normal file
9
ansible/roles/test-project/templates/openrc.j2
Normal file
@ -0,0 +1,9 @@
|
||||
# {{ ansible_managed }}
|
||||
# This is an openrc environment file for OpenStack user {{ item.name }} in
|
||||
# project {{ test_project_name }}.
|
||||
{% for name, value in test_project_auth.items() %}
|
||||
export OS_{{ name | upper }}={{ value }}
|
||||
{% endfor %}
|
||||
{% for name, value in test_project_environment.items() %}
|
||||
export {{ name }}={{ value }}
|
||||
{% endfor %}
|
43
ansible/test-project.yml
Normal file
43
ansible/test-project.yml
Normal file
@ -0,0 +1,43 @@
|
||||
---
|
||||
- name: Ensure a test project exists
|
||||
hosts: controllers[0]
|
||||
vars:
|
||||
venv: "{{ ansible_env.PWD }}/shade-venv"
|
||||
# Dict of quotas to set for the test project.
|
||||
test_project_quotas:
|
||||
cores: -1
|
||||
floating_ips: -1
|
||||
injected_files: -1
|
||||
injected_file_size: -1
|
||||
instances: -1
|
||||
key_pairs: -1
|
||||
fixed_ips: -1
|
||||
ram: -1
|
||||
secgroup_rules: -1
|
||||
secgroups: -1
|
||||
|
||||
pre_tasks:
|
||||
- name: Read the SSH public key on the controller
|
||||
slurp:
|
||||
src: "{{ ansible_env.PWD ~ '/.ssh/id_rsa.pub' }}"
|
||||
register: ssh_public_key
|
||||
|
||||
roles:
|
||||
- role: test-project
|
||||
test_project_venv: "{{ venv }}"
|
||||
test_project_auth_type: "{{ openstack_auth_type }}"
|
||||
test_project_admin_auth: "{{ openstack_auth }}"
|
||||
test_project_openrc_directory: "{{ kayobe_config_path }}"
|
||||
test_project_public_key: "{{ ssh_public_key.content | b64decode }}"
|
||||
|
||||
- role: openstackclient
|
||||
openstackclient_venv: "{{ venv }}"
|
||||
|
||||
post_tasks:
|
||||
- name: Ensure quotas are set
|
||||
shell: >
|
||||
source {{ venv }}/bin/activate &&
|
||||
openstack quota set {{ test_project_name }}
|
||||
{% for name, value in test_project_quotas.items() %} --{{ name | replace('_', '-') }}={{ value }}{% endfor %}
|
||||
when: "{{ test_project_quotas }}"
|
||||
environment: "{{ openstack_auth_env }}"
|
Loading…
Reference in New Issue
Block a user