Enable Gnocchi role lifecycle var for Identity
Because Gnocchi depends on Swift to exist in the service catalog and be available when using Swift storage, the Gnocchi role must be run after the Swift service is installed. However the Swift service benefits from the existence of the Gnocchi roles' identity artifacts in Keystone when it is configured. To work around this circular dependency, a special role lifecycle var is introduced to limit the scope of execution of the Gnocchi role to only creating the identity artifacts so that this role can be executed quickly and safely before Swift is installed to allow Swift to be properly configured, and again without that variable set after Swift is installed to perform the standard install of Gnocchi. No release note or special documentation is provided since this is still targeting the first release cycle of OpenStack-Ansible with this role and no special documentation exists for the lifecycle vars in other services (such as galera_server). Change-Id: If4fa5c1c4401911057f99488694d74f5d83330a8
This commit is contained in:
parent
e783edaa45
commit
2f40fd77ff
@ -13,6 +13,10 @@
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#: Special role execution lifecycles
|
||||
# Only create Gnocchi's identity entities in Keystone
|
||||
gnocchi_identity_only: False
|
||||
|
||||
#: Enable for debug logging level
|
||||
debug: false
|
||||
|
||||
|
66
tasks/gnocchi_identity_setup.yml
Normal file
66
tasks/gnocchi_identity_setup.yml
Normal file
@ -0,0 +1,66 @@
|
||||
---
|
||||
# Copyright 2016, Rackspace US, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Create the project if needed, assumed to be in default domain.
|
||||
# In many cases this will be present but under some circumstances the project
|
||||
# may be unique to Gnocchi, esp. when Swift is used for storage.
|
||||
- name: Ensure Gnocchi project
|
||||
keystone:
|
||||
command: ensure_project
|
||||
project_name: "{{ gnocchi_service_project_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
description: "{{ gnocchi_service_project_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_project
|
||||
until: add_project|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
# Create an admin user
|
||||
- name: Ensure Gnocchi user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ gnocchi_service_user_name }}"
|
||||
tenant_name: "{{ gnocchi_service_project_name }}"
|
||||
password: "{{ gnocchi_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_user
|
||||
until: add_user|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
# Add a role to the user
|
||||
- name: Ensure Gnocchi user maps to admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ gnocchi_service_user_name }}"
|
||||
tenant_name: "{{ gnocchi_service_project_name }}"
|
||||
role_name: "{{ gnocchi_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_admin_role
|
||||
until: add_admin_role|success
|
||||
retries: 5
|
||||
delay: 10
|
@ -30,58 +30,6 @@
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
# Create the project if needed, assumed to be in default domain.
|
||||
# In many cases this will be present but under some circumstances the project
|
||||
# may be unique to Gnocchi, esp. when Swift is used for storage.
|
||||
- name: Ensure Gnocchi project
|
||||
keystone:
|
||||
command: ensure_project
|
||||
project_name: "{{ gnocchi_service_project_name }}"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
description: "{{ gnocchi_service_project_description }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_project
|
||||
until: add_project|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
# Create an admin user
|
||||
- name: Ensure Gnocchi user
|
||||
keystone:
|
||||
command: "ensure_user"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ gnocchi_service_user_name }}"
|
||||
tenant_name: "{{ gnocchi_service_project_name }}"
|
||||
password: "{{ gnocchi_service_password }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_user
|
||||
until: add_user|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
# Add a role to the user
|
||||
- name: Ensure Gnocchi user maps to admin role
|
||||
keystone:
|
||||
command: "ensure_user_role"
|
||||
endpoint: "{{ keystone_service_adminurl }}"
|
||||
login_user: "{{ keystone_admin_user_name }}"
|
||||
login_password: "{{ keystone_auth_admin_password }}"
|
||||
login_project_name: "{{ keystone_admin_tenant_name }}"
|
||||
user_name: "{{ gnocchi_service_user_name }}"
|
||||
tenant_name: "{{ gnocchi_service_project_name }}"
|
||||
role_name: "{{ gnocchi_role_name }}"
|
||||
insecure: "{{ keystone_service_adminuri_insecure }}"
|
||||
register: add_admin_role
|
||||
until: add_admin_role|success
|
||||
retries: 5
|
||||
delay: 10
|
||||
|
||||
# Create an endpoint
|
||||
- name: Ensure Gnocchi endpoint
|
||||
keystone:
|
||||
|
@ -37,41 +37,63 @@
|
||||
- always
|
||||
|
||||
- include: gnocchi_pre_install.yml
|
||||
when:
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
|
||||
- include: gnocchi_install.yml
|
||||
when:
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
|
||||
- include: gnocchi_post_install.yml
|
||||
when:
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
- gnocchi-config
|
||||
|
||||
- include: gnocchi_init.yml
|
||||
when:
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
|
||||
- include: gnocchi_service_setup.yml
|
||||
when: inventory_hostname == groups['gnocchi_all'][0]
|
||||
when:
|
||||
- inventory_hostname == groups['gnocchi_all'][0]
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
|
||||
# N.B. Must occur after service setup, as this may perform calls to Swift
|
||||
- include: gnocchi_identity_setup.yml
|
||||
when:
|
||||
- inventory_hostname == groups['gnocchi_all'][0]
|
||||
tags:
|
||||
- gnocchi-install
|
||||
|
||||
# N.B. Must occur after identity setup, as this may perform calls to Swift
|
||||
- include: gnocchi_db_setup.yml
|
||||
when: inventory_hostname == groups['gnocchi_all'][0]
|
||||
when:
|
||||
- inventory_hostname == groups['gnocchi_all'][0]
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
|
||||
- include: gnocchi_apache.yml
|
||||
when: gnocchi_use_mod_wsgi | bool
|
||||
when:
|
||||
- gnocchi_use_mod_wsgi | bool
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
- gnocchi-config
|
||||
|
||||
- include: gnocchi_policy_setup.yml
|
||||
when: inventory_hostname == groups['gnocchi_all'][0]
|
||||
when:
|
||||
- inventory_hostname == groups['gnocchi_all'][0]
|
||||
- not gnocchi_identity_only | bool
|
||||
tags:
|
||||
- gnocchi-install
|
||||
- gnocchi-config
|
||||
|
Loading…
Reference in New Issue
Block a user