Add clouds.yaml file and use it

clouds.yaml[0] is a richer way to express configuration for OpenStack
clouds. It's also fully supported by Ansible's OpenStack modules as
well as python-openstackclient and openstacksdk. It's the future - who
doesn't like the future?

Write a file using both the public (default) and the internal endpoints
for the admin user. Also, change all of the examples to reference it
and to get python-openstackclient to use it too.

[0] https://docs.openstack.org/openstacksdk/latest/user/guides/connect_from_config.html

Implements: blueprint use-clouds-yaml
Change-Id: I557d2e4975c7b3d3c713a556b9ba47af9567ce6e

ansible/post-deploy.yml

@@ -1,4 +1,25 @@
 ---
+- name: Creating clouds.yaml file on the deploy node
+  hosts: localhost
+  tasks:
+    - name: Create /etc/openstack directory
+      become: true
+      file:
+        state: directory
+        dest: "/etc/openstack"
+        owner: "{{ ansible_facts.user_uid }}"
+        group: "{{ ansible_facts.user_gid }}"
+        mode: 0700
+
+    - name: Template out clouds.yaml
+      become: true
+      template:
+        src: "roles/common/templates/clouds.yaml.j2"
+        dest: "/etc/openstack/clouds.yaml"
+        owner: "{{ ansible_facts.user_uid }}"
+        group: "{{ ansible_facts.user_gid }}"
+        mode: 0600
+
 - name: Creating admin openrc file on the deploy node
   hosts: localhost
   tasks:

ansible/roles/common/templates/clouds.yaml.j2

@@ -0,0 +1,26 @@
+clouds:
+  kolla-admin:
+    auth:
+      auth_url: {{ keystone_public_url }}
+      project_domain_name: Default
+      user_domain_name: Default
+      project_name: {{ keystone_admin_project }}
+      username: {{ keystone_admin_user }}
+      password: {{ keystone_admin_password }}
+    region_name: {{ openstack_region_name }}
+{% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
+    cacert: {{ kolla_admin_openrc_cacert }}
+{% endif %}
+  kolla-admin-internal:
+    auth:
+      auth_url: {{ keystone_internal_url }}
+      project_domain_name: Default
+      user_domain_name: Default
+      project_name: {{ keystone_admin_project }}
+      username: {{ keystone_admin_user }}
+      password: {{ keystone_admin_password }}
+    interface: internal
+    region_name: {{ openstack_region_name }}
+{% if kolla_admin_openrc_cacert is not none and kolla_admin_openrc_cacert | length > 0 %}
+    cacert: {{ kolla_admin_openrc_cacert }}
+{% endif %}

doc/source/contributor/vagrant-dev-env.rst

@@ -246,7 +246,7 @@ Validate OpenStack is operational:
 .. code-block:: console
 
    kolla-ansible post-deploy
-   . /etc/kolla/admin-openrc.sh
+   export OS_CLOUD=kolla-admin
    openstack user list
 
 Or navigate to ``http://172.28.128.254/`` with a web browser.

doc/source/user/quickstart.rst

@@ -537,15 +537,14 @@ Using OpenStack
 
       pip install python-openstackclient -c https://releases.openstack.org/constraints/upper/|KOLLA_OPENSTACK_RELEASE|
 
-#. OpenStack requires an openrc file where credentials for admin user
-   are set. To generate this file:
+#. OpenStack requires a ``clouds.yaml`` file where credentials for the
+   admin user are set. To generate this file:
 
    * For deployment or evaluation, run:
 
      .. code-block:: console
 
         kolla-ansible post-deploy
-        . /etc/kolla/admin-openrc.sh
 
    * For development, run:
 
@@ -553,7 +552,6 @@ Using OpenStack
 
         cd kolla-ansible/tools
         ./kolla-ansible post-deploy
-        . /etc/kolla/admin-openrc.sh
 
 #. Depending on how you installed Kolla Ansible, there is a script that will
    create example networks, images, and so on.

tools/init-runonce

@@ -47,12 +47,16 @@ for i in curl openstack; do
     fi
 done
 
-# Test for credentials set
-if [[ "${OS_USERNAME}" == "" ]]; then
-    echo "No Keystone credentials specified. Try running source /etc/kolla/admin-openrc.sh command"
-    exit
+# Test for clouds.yaml
+if [[ ! -f /etc/openstack/clouds.yaml ]]; then
+    echo "/etc/openstack/clouds.yaml is missing."
+    echo " Did your deploy finish successfully?"
+    exit 1
 fi
 
+# Select admin account from clouds.yaml
+export OS_CLOUD=kolla-admin
+
 # Test to ensure configure script is run only once
 if $KOLLA_OPENSTACK_COMMAND image list | grep -q cirros; then
     echo "This tool should only be run once per deployment."
@@ -144,7 +148,7 @@ Done.
 
 To deploy a demo instance, run:
 
-openstack server create \\
+openstack --os-cloud=kolla-admin server create \\
     --image ${IMAGE_NAME} \\
     --flavor m1.tiny \\
     --key-name mykey \\