Adding support of system scoped openrc and clouds.yaml
Change-Id: Iff5a0892d812601c0fa3fd549b7f00a468cfdd97 Closes-Bug: 1903656
This commit is contained in:
parent
87e9d56d06
commit
c5812b3198
|
@ -13,6 +13,9 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
## Use System Scope Authentication
|
||||
openrc_system_scope: false
|
||||
|
||||
## Endpoint types
|
||||
openrc_cinder_endpoint_type: internalURL
|
||||
openrc_nova_endpoint_type: internalURL
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
The role now supports creating system scoped credentials alongside
|
||||
project scoped credentials. The default behavior of the role did not
|
||||
changed, until ``openrc_system_scope`` variable was set to ``true``.
|
||||
If the ``openrc_system_scope`` is ``true`` the default cloud in
|
||||
clouds.yaml will set to system scoped credentials and another credentials
|
||||
named ``default_project_scope`` will get created with project scoped
|
||||
credentials. Due to usage of openrc file in other roles, the opposite
|
||||
logic applies to openrc files, which means if ``openrc_system_scope``
|
||||
is set to ``true`` the credentials in openrc will set to project scoped
|
||||
credentials and another openrc filec named ``openrc.system_scope`` will
|
||||
get created with system scoped credentials.
|
|
@ -23,6 +23,26 @@
|
|||
tags:
|
||||
- openstack_openrc-config
|
||||
|
||||
- name: Set fact for system scoped openrc file
|
||||
set_fact:
|
||||
_not_openrc_system_scope: not openrc_system_scope
|
||||
when:
|
||||
- openrc_system_scope
|
||||
|
||||
- name: Create project scoped openrc file
|
||||
template:
|
||||
src: openrc.j2
|
||||
dest: "{{ openrc_file_dest }}.system_scope"
|
||||
owner: "{{ openrc_file_owner }}"
|
||||
group: "{{ openrc_file_group }}"
|
||||
mode: "{{ openrc_file_mode }}"
|
||||
vars:
|
||||
openrc_system_scope: false
|
||||
when:
|
||||
- openrc_system_scope
|
||||
tags:
|
||||
- openstack_openrc-config
|
||||
|
||||
- name: Create OpenStack client configuration directory
|
||||
file:
|
||||
dest: "{{ openrc_openstack_client_config_dir_dest }}"
|
||||
|
|
|
@ -3,12 +3,16 @@ clouds:
|
|||
default:
|
||||
auth:
|
||||
auth_url: {{ openrc_os_auth_url }}
|
||||
{% if openrc_system_scope | default(false) | bool %}
|
||||
system_scope: all
|
||||
{% else %}
|
||||
project_name: {{ openrc_os_tenant_name }}
|
||||
tenant_name: {{ openrc_os_tenant_name }}
|
||||
project_domain_name: {{ openrc_os_domain_name }}
|
||||
{% endif %}
|
||||
username: {{ openrc_os_username }}
|
||||
password: {{ openrc_os_password }}
|
||||
user_domain_name: {{ openrc_os_domain_name }}
|
||||
project_domain_name: {{ openrc_os_domain_name }}
|
||||
region_name: {{ openrc_region_name }}
|
||||
interface: {{ openrc_clouds_yml_interface }}
|
||||
{% if openrc_os_auth_url.endswith('v2.0') %}
|
||||
|
@ -20,3 +24,25 @@ clouds:
|
|||
verify: false
|
||||
insecure: true
|
||||
{% endif %}
|
||||
{% if openrc_system_scope | default(false) | bool %}
|
||||
default_project_scope:
|
||||
auth:
|
||||
auth_url: {{ openrc_os_auth_url }}
|
||||
project_name: {{ openrc_os_tenant_name }}
|
||||
tenant_name: {{ openrc_os_tenant_name }}
|
||||
project_domain_name: {{ openrc_os_domain_name }}
|
||||
username: {{ openrc_os_username }}
|
||||
password: {{ openrc_os_password }}
|
||||
user_domain_name: {{ openrc_os_domain_name }}
|
||||
region_name: {{ openrc_region_name }}
|
||||
interface: {{ openrc_clouds_yml_interface }}
|
||||
{% if openrc_os_auth_url.endswith('v2.0') %}
|
||||
identity_api_version: "2.0"
|
||||
{% else %}
|
||||
identity_api_version: "3"
|
||||
{% endif %}
|
||||
{% if openrc_insecure | bool %}
|
||||
verify: false
|
||||
insecure: true
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
|
|
@ -15,13 +15,17 @@ export OS_ENDPOINT_TYPE={{ openrc_os_endpoint_type }}
|
|||
export OS_INTERFACE={{ openrc_os_endpoint_type }}
|
||||
export OS_USERNAME={{ openrc_os_username }}
|
||||
export OS_PASSWORD='{{ openrc_os_password }}'
|
||||
{% if not _not_openrc_system_scope | default(false) | bool %}
|
||||
export OS_PROJECT_NAME={{ openrc_os_tenant_name }}
|
||||
export OS_TENANT_NAME={{ openrc_os_tenant_name }}
|
||||
export OS_PROJECT_DOMAIN_NAME={{ openrc_os_domain_name }}
|
||||
{% else %}
|
||||
export OS_SYSTEM_SCOPE=all
|
||||
{% endif %}
|
||||
export OS_AUTH_TYPE={{ openrc_os_auth_type }}
|
||||
export OS_AUTH_URL={{ openrc_os_auth_url }}
|
||||
export OS_NO_CACHE=1
|
||||
export OS_USER_DOMAIN_NAME={{ openrc_os_domain_name }}
|
||||
export OS_PROJECT_DOMAIN_NAME={{ openrc_os_domain_name }}
|
||||
export OS_REGION_NAME={{ openrc_region_name }}
|
||||
|
||||
# For openstackclient
|
||||
|
|
Loading…
Reference in New Issue