openstack/openstack-ansible-os_keystone
Code Issues Proposed changes

Bypass web server during service setup

Browse Source 
When connecting directly to a keystone host during service setup, use
the UWSGI ports instead of going through the web server to avoid any
potential errors with differing URI protocols or SSL certs not including
the hostnames of individual hosts.

Change-Id: Ie5b33f9d0210a23badb63cab72c481b027790be3
Closes-Bug: 1699191
This commit is contained in:
Jimmy McCrory 2017-10-09 10:09:24 -07:00
parent f6b5e64e59
commit cabd7e9cef
1 changed files with 9 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
tasks/keystone_service_setup.yml
View File

@ -15,15 +15,12 @@
- name: Wait for services to be up - name: Wait for services to be up
uri: uri:
url: "{{ item['url'] }}" url: "{{ item }}"
validate_certs: "{{ item['validate_certs'] }}"
method: "HEAD" method: "HEAD"
status_code: 300 status_code: 300
with_items: with_items:
- url: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}" - "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}"
validate_certs: "{{ not keystone_service_adminuri_insecure | bool }}" - "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-public']['http'] }}"
- url: "{{ keystone_service_internaluri_proto }}://{{ ansible_host }}:{{ keystone_service_port }}"
validate_certs: "{{ not keystone_service_internaluri_insecure | bool }}"
register: _wait_check register: _wait_check
until: _wait_check | success until: _wait_check | success
retries: 12 retries: 12
@ -56,11 +53,10 @@
login_user: "{{ keystone_admin_user_name }}" login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}" login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}" login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3" endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
ignore_catalog: True ignore_catalog: True
tenant_name: "{{ keystone_service_tenant_name }}" tenant_name: "{{ keystone_service_tenant_name }}"
description: "{{ keystone_service_description }}" description: "{{ keystone_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service register: add_service
until: add_service|success until: add_service|success
retries: 5 retries: 5
@ -73,10 +69,9 @@
login_user: "{{ keystone_admin_user_name }}" login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}" login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}" login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3" endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
ignore_catalog: True ignore_catalog: True
role_name: "{{ keystone_default_role_name }}" role_name: "{{ keystone_default_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_member_role register: add_member_role
when: not keystone_service_in_ldap | bool when: not keystone_service_in_ldap | bool
until: add_member_role|success until: add_member_role|success
@ -90,12 +85,11 @@
login_user: "{{ keystone_admin_user_name }}" login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}" login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}" login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3" endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
ignore_catalog: True ignore_catalog: True
service_name: "{{ keystone_service_name }}" service_name: "{{ keystone_service_name }}"
service_type: "{{ keystone_service_type }}" service_type: "{{ keystone_service_type }}"
description: "{{ keystone_service_description }}" description: "{{ keystone_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service register: add_service
until: add_service|success until: add_service|success
retries: 5 retries: 5
@ -108,12 +102,11 @@
login_user: "{{ keystone_admin_user_name }}" login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}" login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}" login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3" endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
ignore_catalog: True ignore_catalog: True
user_name: "{{ keystone_service_user_name }}" user_name: "{{ keystone_service_user_name }}"
tenant_name: "{{ keystone_service_tenant_name }}" tenant_name: "{{ keystone_service_tenant_name }}"
password: "{{ keystone_service_password }}" password: "{{ keystone_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service register: add_service
until: add_service|success until: add_service|success
retries: 5 retries: 5
@ -126,12 +119,11 @@
login_user: "{{ keystone_admin_user_name }}" login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}" login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}" login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3" endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
ignore_catalog: True ignore_catalog: True
user_name: "{{ keystone_service_user_name }}" user_name: "{{ keystone_service_user_name }}"
tenant_name: "{{ keystone_service_tenant_name }}" tenant_name: "{{ keystone_service_tenant_name }}"
role_name: "{{ keystone_role_name }}" role_name: "{{ keystone_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service register: add_service
until: add_service|success until: add_service|success
retries: 5 retries: 5
@ -144,12 +136,11 @@
login_user: "{{ keystone_admin_user_name }}" login_user: "{{ keystone_admin_user_name }}"
login_password: "{{ keystone_auth_admin_password }}" login_password: "{{ keystone_auth_admin_password }}"
login_project_name: "{{ keystone_admin_tenant_name }}" login_project_name: "{{ keystone_admin_tenant_name }}"
endpoint: "{{ keystone_service_adminuri_proto }}://{{ ansible_host }}:{{ keystone_admin_port }}/v3" endpoint: "http://{{ ansible_host }}:{{ keystone_uwsgi_ports['keystone-wsgi-admin']['http'] }}/v3"
ignore_catalog: True ignore_catalog: True
region_name: "{{ keystone_service_region }}" region_name: "{{ keystone_service_region }}"
service_name: "{{ keystone_service_name }}" service_name: "{{ keystone_service_name }}"
service_type: "{{ keystone_service_type }}" service_type: "{{ keystone_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list: endpoint_list:
- url: "{{ keystone_service_publicuri }}" - url: "{{ keystone_service_publicuri }}"
interface: "public" interface: "public"