09e02ef8f1
This commit adds the functionality for an operator to specify their own trusted CA certificate file for interacting with the Keystone API. Implements: blueprint support-trusted-ca-certificate-file Change-Id: I84f9897cc8e107658701fb309ec318c0f805883b
76 lines
3.1 KiB
YAML
76 lines
3.1 KiB
YAML
---
|
|
- name: Creating the Heat service and endpoint
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: "kolla_keystone_service"
|
|
module_args:
|
|
service_name: "{{ item.service_name }}"
|
|
service_type: "{{ item.service_type }}"
|
|
description: "{{ item.description }}"
|
|
endpoint_region: "{{ openstack_region_name }}"
|
|
url: "{{ item.url }}"
|
|
interface: "{{ item.interface }}"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ openstack_heat_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|
|
with_items:
|
|
- {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'}
|
|
- {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'}
|
|
- {'interface': 'public', 'url': '{{ heat_public_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'}
|
|
- {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'}
|
|
- {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'}
|
|
- {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'}
|
|
|
|
- name: Creating the Heat project, user, and role
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: "kolla_keystone_user"
|
|
module_args:
|
|
project: "service"
|
|
user: "{{ heat_keystone_user }}"
|
|
password: "{{ heat_keystone_password }}"
|
|
role: "admin"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ openstack_heat_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|
|
|
|
- name: Creating the heat_stack_user role
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: os_keystone_role
|
|
module_args:
|
|
name: "{{ heat_stack_user_role }}"
|
|
auth: "{{ openstack_heat_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|
|
|
|
- name: Creating the heat_stack_owner role
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: os_keystone_role
|
|
module_args:
|
|
name: "{{ heat_stack_owner_role }}"
|
|
auth: "{{ openstack_heat_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|
|
|
|
- name: Add the heat_stack_owner role to the admin project
|
|
become: true
|
|
kolla_toolbox:
|
|
module_name: "os_user_role"
|
|
module_args:
|
|
project: "{{ openstack_auth.project_name }}"
|
|
user: "{{ openstack_auth.username }}"
|
|
role: "{{ heat_stack_owner_role }}"
|
|
region_name: "{{ openstack_region_name }}"
|
|
auth: "{{ openstack_heat_auth }}"
|
|
endpoint_type: "{{ openstack_interface }}"
|
|
cacert: "{{ openstack_cacert }}"
|
|
run_once: True
|