09e02ef8f1
This commit adds the functionality for an operator to specify their own trusted CA certificate file for interacting with the Keystone API. Implements: blueprint support-trusted-ca-certificate-file Change-Id: I84f9897cc8e107658701fb309ec318c0f805883b
53 lines
1.7 KiB
YAML
53 lines
1.7 KiB
YAML
---
|
|
- name: Creating the barbican service and endpoint
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: "kolla_keystone_service"
|
|
module_args:
|
|
service_name: "barbican"
|
|
service_type: "key-manager"
|
|
description: "Barbican Key Management Service"
|
|
endpoint_region: "{{ openstack_region_name }}"
|
|
url: "{{ item.url }}"
|
|
interface: "{{ item.interface }}"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ openstack_barbican_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|
|
with_items:
|
|
- {'interface': 'admin', 'url': '{{ barbican_admin_endpoint }}'}
|
|
- {'interface': 'internal', 'url': '{{ barbican_internal_endpoint }}'}
|
|
- {'interface': 'public', 'url': '{{ barbican_public_endpoint }}'}
|
|
|
|
- name: Creating the barbican project, user, and role
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: "kolla_keystone_user"
|
|
module_args:
|
|
project: "service"
|
|
user: "{{ barbican_keystone_user }}"
|
|
password: "{{ barbican_keystone_password }}"
|
|
role: "admin"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ openstack_barbican_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|
|
|
|
- name: Creating default barbican roles
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: os_keystone_role
|
|
module_args:
|
|
name: "{{ item }}"
|
|
auth: "{{ openstack_barbican_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|
|
with_items:
|
|
- "{{ barbican_keymanager_role }}"
|
|
- "{{ barbican_creator_role }}"
|
|
- "{{ barbican_observer_role }}"
|
|
- "{{ barbican_audit_role }}"
|