diff --git a/ansible/roles/test-project/defaults/main.yml b/ansible/roles/test-project/defaults/main.yml new file mode 100644 index 000000000..9de14e435 --- /dev/null +++ b/ansible/roles/test-project/defaults/main.yml @@ -0,0 +1,54 @@ +--- +# Path to a directory in which to create a virtualenv. +test_project_venv: + +# Authentication type as used by os_* modules' 'auth_type' argument. +test_project_auth_type: + +# Authentication options for admin as used by os_* modules' 'auth' argument. +test_project_admin_auth: + +# Authentication option overrides for non-admin user as used by os_* modules' +# 'auth' argument. +test_project_user_auth_overrides: + project_domain_name: "{{ test_project_domain }}" + user_domain_name: "{{ test_project_users[0].domain }}" + project_name: "{{ test_project_name }}" + username: "{{ test_project_users[0].name }}" + password: "{{ test_project_users[0].password }}" + +# Authentication options for admin as used by os_* modules' 'auth' argument. +test_project_auth: "{{ test_project_admin_auth | combine(test_project_user_auth_overrides) }}" + +# Environment variables for use with os_* modules. +test_project_environment: + OS_IDENTITY_API_VERSION: 3 + +# Name of project to create. +test_project_name: test-project + +# Description of project to create. +test_project_description: Test project + +# Domain in which to create project. +test_project_domain: default + +# List of users to create in the project. +test_project_users: + - name: test-user + password: test-password + domain: default + roles: + - admin + openrc_file: "{{ test_project_openrc_directory }}/test-user-openrc.sh" + +# List of SSH key-pairs to register. +test_project_keypairs: + - name: test-key + public_key: "{{ test_project_public_key }}" + +# SSH public key to register. +test_project_public_key: + +# Directory in which to store openrc environment +test_project_openrc_directory: "{{ lookup('env', 'PWD') }}" diff --git a/ansible/roles/test-project/meta/main.yml b/ansible/roles/test-project/meta/main.yml new file mode 100644 index 000000000..3007d1618 --- /dev/null +++ b/ansible/roles/test-project/meta/main.yml @@ -0,0 +1,4 @@ +--- +dependencies: + - role: shade + shade_venv: "{{ test_project_venv }}" diff --git a/ansible/roles/test-project/tasks/main.yml b/ansible/roles/test-project/tasks/main.yml new file mode 100644 index 000000000..4c3292f0a --- /dev/null +++ b/ansible/roles/test-project/tasks/main.yml @@ -0,0 +1,69 @@ +--- +- name: Set a fact to ensure Ansible uses the python interpreter in the virtualenv + set_fact: + ansible_python_interpreter: "{{ test_project_venv }}/bin/python" + +- name: Ensure the test project exists + os_project: + auth_type: "{{ test_project_auth_type }}" + auth: "{{ test_project_admin_auth }}" + name: "{{ test_project_name }}" + description: "{{ test_project_description }}" + domain_id: "{{ test_project_domain }}" + state: present + enabled: True + wait: yes + environment: "{{ test_project_environment }}" + +- name: Ensure test project users exist + os_user: + auth_type: "{{ test_project_auth_type }}" + auth: "{{ test_project_admin_auth }}" + name: "{{ item.name }}" + password: "{{ item.password }}" + default_project: "{{ test_project_name }}" + domain: "{{ item.domain }}" + state: present + enabled: True + wait: yes + with_items: "{{ test_project_users }}" + environment: "{{ test_project_environment }}" + +- name: Ensure test project users have required roles + os_user_role: + auth_type: "{{ test_project_auth_type }}" + auth: "{{ test_project_admin_auth }}" + user: "{{ item.0.name }}" + project: "{{ test_project_name }}" + role: "{{ item.1 }}" + state: present + with_subelements: + - "{{ test_project_users }}" + - roles + environment: "{{ test_project_environment }}" + +- name: Ensure SSH keypairs are registered + os_keypair: + auth_type: "{{ test_project_auth_type }}" + auth: "{{ test_project_auth }}" + name: "{{ item.name }}" + public_key_file: "{{ item.public_key_file | default(omit) }}" + public_key: "{{ item.public_key | default(omit) }}" + state: present + with_items: "{{ test_project_keypairs }}" + environment: "{{ test_project_environment }}" + +# This variable is unset before we set it, and it does not appear to be +# possible to unset a variable in Ansible. +- name: Set a fact to reset the Ansible python interpreter + set_fact: + ansible_python_interpreter: /usr/bin/python + +- name: Ensure openrc environment file exists + local_action: + module: template + src: openrc.j2 + dest: "{{ item.openrc_file }}" + mode: 0600 + with_items: "{{ test_project_users }}" + when: "{{ item.openrc_file is defined }}" diff --git a/ansible/roles/test-project/templates/openrc.j2 b/ansible/roles/test-project/templates/openrc.j2 new file mode 100644 index 000000000..93f32ec98 --- /dev/null +++ b/ansible/roles/test-project/templates/openrc.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} +# This is an openrc environment file for OpenStack user {{ item.name }} in +# project {{ test_project_name }}. +{% for name, value in test_project_auth.items() %} +export OS_{{ name | upper }}={{ value }} +{% endfor %} +{% for name, value in test_project_environment.items() %} +export {{ name }}={{ value }} +{% endfor %} diff --git a/ansible/test-project.yml b/ansible/test-project.yml new file mode 100644 index 000000000..481bd0830 --- /dev/null +++ b/ansible/test-project.yml @@ -0,0 +1,43 @@ +--- +- name: Ensure a test project exists + hosts: controllers[0] + vars: + venv: "{{ ansible_env.PWD }}/shade-venv" + # Dict of quotas to set for the test project. + test_project_quotas: + cores: -1 + floating_ips: -1 + injected_files: -1 + injected_file_size: -1 + instances: -1 + key_pairs: -1 + fixed_ips: -1 + ram: -1 + secgroup_rules: -1 + secgroups: -1 + + pre_tasks: + - name: Read the SSH public key on the controller + slurp: + src: "{{ ansible_env.PWD ~ '/.ssh/id_rsa.pub' }}" + register: ssh_public_key + + roles: + - role: test-project + test_project_venv: "{{ venv }}" + test_project_auth_type: "{{ openstack_auth_type }}" + test_project_admin_auth: "{{ openstack_auth }}" + test_project_openrc_directory: "{{ kayobe_config_path }}" + test_project_public_key: "{{ ssh_public_key.content | b64decode }}" + + - role: openstackclient + openstackclient_venv: "{{ venv }}" + + post_tasks: + - name: Ensure quotas are set + shell: > + source {{ venv }}/bin/activate && + openstack quota set {{ test_project_name }} + {% for name, value in test_project_quotas.items() %} --{{ name | replace('_', '-') }}={{ value }}{% endfor %} + when: "{{ test_project_quotas }}" + environment: "{{ openstack_auth_env }}"