From b766695f18d5f235f1a2f0db88a41dce9db674d1 Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang <zhang.lei.fly@gmail.com>
Date: Mon, 14 Dec 2015 15:10:44 +0800
Subject: [PATCH] Move the admin account creation to register.yml

Create the admin project, user, role and keystone service info by
using ansible task rather than shell script

Closes-Bug: #1526251
Change-Id: Ieee215b9de1618b3d31f3d1a766a9d0ebafdee4d
---
 ansible/roles/keystone/defaults/main.yml  |  1 +
 ansible/roles/keystone/tasks/main.yml     |  3 ++
 ansible/roles/keystone/tasks/register.yml | 39 +++++++++++++++++++++++
 ansible/roles/keystone/tasks/start.yml    |  3 ++
 docker/keystone/extend_start.sh           | 14 --------
 5 files changed, 46 insertions(+), 14 deletions(-)
 create mode 100644 ansible/roles/keystone/tasks/register.yml

diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml
index d9a53ca37d..2f3b155248 100644
--- a/ansible/roles/keystone/defaults/main.yml
+++ b/ansible/roles/keystone/defaults/main.yml
@@ -28,3 +28,4 @@ keystone_logging_verbose: "{{ openstack_logging_verbose }}"
 keystone_logging_debug: "{{ openstack_logging_debug }}"
 
 openstack_keystone_auth: "{'auth_url':'{{ openstack_auth_v2.auth_url }}','username':'{{ openstack_auth_v2.username }}','password':'{{ openstack_auth_v2.password }}','project_name':'{{ openstack_auth_v2.project_name }}'}"
+openstack_keystone_token_auth: "{'endpoint':'{{ openstack_auth_v2.auth_url }}','token':'{{ keystone_admin_token }}'}"
diff --git a/ansible/roles/keystone/tasks/main.yml b/ansible/roles/keystone/tasks/main.yml
index de4178148f..10a7a1bf5a 100644
--- a/ansible/roles/keystone/tasks/main.yml
+++ b/ansible/roles/keystone/tasks/main.yml
@@ -8,4 +8,7 @@
 - include: start.yml
   when: inventory_hostname in groups['keystone']
 
+- include: register.yml
+  when: inventory_hostname in groups['keystone']
+
 - include: check.yml
diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml
new file mode 100644
index 0000000000..a401624cfc
--- /dev/null
+++ b/ansible/roles/keystone/tasks/register.yml
@@ -0,0 +1,39 @@
+---
+- name: Creating the admin project, user and role
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_user
+    -a "project=admin
+        user=admin
+        password={{ keystone_admin_password }}
+        role=admin
+        region_name={{ openstack_region_name }}
+        auth_type=admin_token
+        auth={{ '{{ openstack_keystone_token_auth }}' }}"
+    -e "{'openstack_keystone_token_auth':{{ openstack_keystone_token_auth }}}"
+  register: keystone_admin_user
+  changed_when: "{{ keystone_admin_user.stdout.find('localhost | SUCCESS => ') != -1 and (keystone_admin_user.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: keystone_admin_user.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
+
+- name: Creating the Keystone service and endpoint
+  command: docker exec -t kolla_ansible /usr/bin/ansible localhost
+    -m kolla_keystone_service
+    -a "service_name=keystone
+        service_type=identity
+        description='Openstack Identity'
+        endpoint_region={{ openstack_region_name }}
+        admin_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
+        internal_url='http://{{ kolla_internal_address }}:{{ keystone_admin_port }}'
+        public_url='http://{{ kolla_external_address }}:{{ keystone_public_port }}'
+        region_name={{ openstack_region_name }}
+        auth_type=admin_token
+        auth={{ '{{ openstack_keystone_token_auth }}' }}"
+    -e "{'openstack_keystone_token_auth':{{ openstack_keystone_token_auth }}}"
+  register: keystone_endpoint
+  changed_when: "{{ keystone_endpoint.stdout.find('localhost | SUCCESS => ') != -1 and (keystone_endpoint.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: keystone_endpoint.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True
diff --git a/ansible/roles/keystone/tasks/start.yml b/ansible/roles/keystone/tasks/start.yml
index 620a468d65..2e395398e1 100644
--- a/ansible/roles/keystone/tasks/start.yml
+++ b/ansible/roles/keystone/tasks/start.yml
@@ -18,3 +18,6 @@
       - "/var/lib/kolla/dev/log:/dev/log"
     env:
       KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+
+- name: Wait for keystone startup
+  wait_for: host={{ keystone_admin_address }} port={{ keystone_admin_port }}
diff --git a/docker/keystone/extend_start.sh b/docker/keystone/extend_start.sh
index c7c8ad83d8..c13ebfa0be 100644
--- a/docker/keystone/extend_start.sh
+++ b/docker/keystone/extend_start.sh
@@ -17,20 +17,6 @@ fi
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
     sudo -H -u keystone keystone-manage db_sync
-    # Start the api to set initial endpoint and users with the admin_token
-    $CMD
-    sleep 5
-
-    openstack service create --name keystone --description "OpenStack Identity" identity
-    openstack endpoint create --region "${REGION_NAME}" \
-                                --publicurl "${PUBLIC_URL}" \
-                                --internalurl "${INTERNAL_URL}" \
-                                --adminurl "${ADMIN_URL}" \
-                                identity
-    openstack project create --description "Admin Project" admin
-    openstack user create --password "${KEYSTONE_ADMIN_PASSWORD}" admin
-    openstack role create admin
-    openstack role add --project admin --user admin admin
     exit 0
 fi