Adding support of system scoped openrc and clouds.yaml
Change-Id: Iff5a0892d812601c0fa3fd549b7f00a468cfdd97 Closes-Bug: 1903656
This commit is contained in:
parent
87e9d56d06
commit
c5812b3198
|
@ -13,6 +13,9 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
|
## Use System Scope Authentication
|
||||||
|
openrc_system_scope: false
|
||||||
|
|
||||||
## Endpoint types
|
## Endpoint types
|
||||||
openrc_cinder_endpoint_type: internalURL
|
openrc_cinder_endpoint_type: internalURL
|
||||||
openrc_nova_endpoint_type: internalURL
|
openrc_nova_endpoint_type: internalURL
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The role now supports creating system scoped credentials alongside
|
||||||
|
project scoped credentials. The default behavior of the role did not
|
||||||
|
changed, until ``openrc_system_scope`` variable was set to ``true``.
|
||||||
|
If the ``openrc_system_scope`` is ``true`` the default cloud in
|
||||||
|
clouds.yaml will set to system scoped credentials and another credentials
|
||||||
|
named ``default_project_scope`` will get created with project scoped
|
||||||
|
credentials. Due to usage of openrc file in other roles, the opposite
|
||||||
|
logic applies to openrc files, which means if ``openrc_system_scope``
|
||||||
|
is set to ``true`` the credentials in openrc will set to project scoped
|
||||||
|
credentials and another openrc filec named ``openrc.system_scope`` will
|
||||||
|
get created with system scoped credentials.
|
|
@ -23,6 +23,26 @@
|
||||||
tags:
|
tags:
|
||||||
- openstack_openrc-config
|
- openstack_openrc-config
|
||||||
|
|
||||||
|
- name: Set fact for system scoped openrc file
|
||||||
|
set_fact:
|
||||||
|
_not_openrc_system_scope: not openrc_system_scope
|
||||||
|
when:
|
||||||
|
- openrc_system_scope
|
||||||
|
|
||||||
|
- name: Create project scoped openrc file
|
||||||
|
template:
|
||||||
|
src: openrc.j2
|
||||||
|
dest: "{{ openrc_file_dest }}.system_scope"
|
||||||
|
owner: "{{ openrc_file_owner }}"
|
||||||
|
group: "{{ openrc_file_group }}"
|
||||||
|
mode: "{{ openrc_file_mode }}"
|
||||||
|
vars:
|
||||||
|
openrc_system_scope: false
|
||||||
|
when:
|
||||||
|
- openrc_system_scope
|
||||||
|
tags:
|
||||||
|
- openstack_openrc-config
|
||||||
|
|
||||||
- name: Create OpenStack client configuration directory
|
- name: Create OpenStack client configuration directory
|
||||||
file:
|
file:
|
||||||
dest: "{{ openrc_openstack_client_config_dir_dest }}"
|
dest: "{{ openrc_openstack_client_config_dir_dest }}"
|
||||||
|
|
|
@ -3,12 +3,16 @@ clouds:
|
||||||
default:
|
default:
|
||||||
auth:
|
auth:
|
||||||
auth_url: {{ openrc_os_auth_url }}
|
auth_url: {{ openrc_os_auth_url }}
|
||||||
|
{% if openrc_system_scope | default(false) | bool %}
|
||||||
|
system_scope: all
|
||||||
|
{% else %}
|
||||||
project_name: {{ openrc_os_tenant_name }}
|
project_name: {{ openrc_os_tenant_name }}
|
||||||
tenant_name: {{ openrc_os_tenant_name }}
|
tenant_name: {{ openrc_os_tenant_name }}
|
||||||
|
project_domain_name: {{ openrc_os_domain_name }}
|
||||||
|
{% endif %}
|
||||||
username: {{ openrc_os_username }}
|
username: {{ openrc_os_username }}
|
||||||
password: {{ openrc_os_password }}
|
password: {{ openrc_os_password }}
|
||||||
user_domain_name: {{ openrc_os_domain_name }}
|
user_domain_name: {{ openrc_os_domain_name }}
|
||||||
project_domain_name: {{ openrc_os_domain_name }}
|
|
||||||
region_name: {{ openrc_region_name }}
|
region_name: {{ openrc_region_name }}
|
||||||
interface: {{ openrc_clouds_yml_interface }}
|
interface: {{ openrc_clouds_yml_interface }}
|
||||||
{% if openrc_os_auth_url.endswith('v2.0') %}
|
{% if openrc_os_auth_url.endswith('v2.0') %}
|
||||||
|
@ -20,3 +24,25 @@ clouds:
|
||||||
verify: false
|
verify: false
|
||||||
insecure: true
|
insecure: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if openrc_system_scope | default(false) | bool %}
|
||||||
|
default_project_scope:
|
||||||
|
auth:
|
||||||
|
auth_url: {{ openrc_os_auth_url }}
|
||||||
|
project_name: {{ openrc_os_tenant_name }}
|
||||||
|
tenant_name: {{ openrc_os_tenant_name }}
|
||||||
|
project_domain_name: {{ openrc_os_domain_name }}
|
||||||
|
username: {{ openrc_os_username }}
|
||||||
|
password: {{ openrc_os_password }}
|
||||||
|
user_domain_name: {{ openrc_os_domain_name }}
|
||||||
|
region_name: {{ openrc_region_name }}
|
||||||
|
interface: {{ openrc_clouds_yml_interface }}
|
||||||
|
{% if openrc_os_auth_url.endswith('v2.0') %}
|
||||||
|
identity_api_version: "2.0"
|
||||||
|
{% else %}
|
||||||
|
identity_api_version: "3"
|
||||||
|
{% endif %}
|
||||||
|
{% if openrc_insecure | bool %}
|
||||||
|
verify: false
|
||||||
|
insecure: true
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -15,13 +15,17 @@ export OS_ENDPOINT_TYPE={{ openrc_os_endpoint_type }}
|
||||||
export OS_INTERFACE={{ openrc_os_endpoint_type }}
|
export OS_INTERFACE={{ openrc_os_endpoint_type }}
|
||||||
export OS_USERNAME={{ openrc_os_username }}
|
export OS_USERNAME={{ openrc_os_username }}
|
||||||
export OS_PASSWORD='{{ openrc_os_password }}'
|
export OS_PASSWORD='{{ openrc_os_password }}'
|
||||||
|
{% if not _not_openrc_system_scope | default(false) | bool %}
|
||||||
export OS_PROJECT_NAME={{ openrc_os_tenant_name }}
|
export OS_PROJECT_NAME={{ openrc_os_tenant_name }}
|
||||||
export OS_TENANT_NAME={{ openrc_os_tenant_name }}
|
export OS_TENANT_NAME={{ openrc_os_tenant_name }}
|
||||||
|
export OS_PROJECT_DOMAIN_NAME={{ openrc_os_domain_name }}
|
||||||
|
{% else %}
|
||||||
|
export OS_SYSTEM_SCOPE=all
|
||||||
|
{% endif %}
|
||||||
export OS_AUTH_TYPE={{ openrc_os_auth_type }}
|
export OS_AUTH_TYPE={{ openrc_os_auth_type }}
|
||||||
export OS_AUTH_URL={{ openrc_os_auth_url }}
|
export OS_AUTH_URL={{ openrc_os_auth_url }}
|
||||||
export OS_NO_CACHE=1
|
export OS_NO_CACHE=1
|
||||||
export OS_USER_DOMAIN_NAME={{ openrc_os_domain_name }}
|
export OS_USER_DOMAIN_NAME={{ openrc_os_domain_name }}
|
||||||
export OS_PROJECT_DOMAIN_NAME={{ openrc_os_domain_name }}
|
|
||||||
export OS_REGION_NAME={{ openrc_region_name }}
|
export OS_REGION_NAME={{ openrc_region_name }}
|
||||||
|
|
||||||
# For openstackclient
|
# For openstackclient
|
||||||
|
|
Loading…
Reference in New Issue