8e14baa7fb
The ResellerAdmin role should be setup in keystone regardless of whether we are using Ceilometer or not. This will allow operators to add the ResellerAdmin role to users - which should then be allowed to operate on any account. Change-Id: I3c5ede01266b126705b42b086107a9232a85bf94 Closes-Bug: #1633221
170 lines
5.9 KiB
YAML
170 lines
5.9 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Create a service
|
|
- name: Ensure swift service
|
|
keystone:
|
|
command: "ensure_service"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
service_name: "{{ swift_service_name }}"
|
|
service_type: "{{ swift_service_type }}"
|
|
description: "{{ swift_service_description }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 2
|
|
|
|
# Create an admin user
|
|
- name: Ensure swift user
|
|
keystone:
|
|
command: "ensure_user"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
user_name: "{{ swift_service_user_name }}"
|
|
tenant_name: "{{ swift_service_project_name }}"
|
|
password: "{{ swift_service_password }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
when: not swift_service_in_ldap | bool
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Add a role to the user
|
|
- name: Ensure swift user to admin role
|
|
keystone:
|
|
command: "ensure_user_role"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
user_name: "{{ swift_service_user_name }}"
|
|
tenant_name: "{{ swift_service_project_name }}"
|
|
role_name: "{{ swift_service_role_name }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
when: not swift_service_in_ldap | bool
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
- name: Ensure swiftoperator role
|
|
keystone:
|
|
command: "ensure_role"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
role_name: "{{ swift_operator_role }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
- name: "Create keystone user for swift-dispersion"
|
|
keystone:
|
|
command: "ensure_user"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
user_name: "{{ swift_dispersion_user }}"
|
|
tenant_name: "{{ swift_service_project_name }}"
|
|
password: "{{ swift_dispersion_password }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
when: not swift_service_in_ldap | bool
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
- name: "Create keystone role for ResellerAdmin"
|
|
keystone:
|
|
command: "ensure_role"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
role_name: "{{ swift_reselleradmin_role }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_role
|
|
until: add_role|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
- name: "Add ResellerAdmin role to the service tenant and ceilometer user"
|
|
keystone:
|
|
command: "ensure_user_role"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
user_name: "{{ ceilometer_service_user_name }}"
|
|
tenant_name: "{{ ceilometer_service_tenant_name }}"
|
|
role_name: "{{ swift_reselleradmin_role }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: ensure_role
|
|
until: ensure_role|success
|
|
retries: 5
|
|
delay: 10
|
|
when: swift_ceilometer_enabled | bool
|
|
|
|
- name: "Add swiftoperator role to swift-dispersion user"
|
|
keystone:
|
|
command: "ensure_user_role"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
user_name: "{{ swift_dispersion_user }}"
|
|
tenant_name: "{{ swift_service_project_name }}"
|
|
role_name: "{{ swift_operator_role }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
|
|
# Create an endpoint
|
|
- name: Ensure swift endpoint
|
|
keystone:
|
|
command: "ensure_endpoint"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
login_user: "{{ keystone_admin_user_name }}"
|
|
login_password: "{{ keystone_auth_admin_password }}"
|
|
login_project_name: "{{ keystone_admin_tenant_name }}"
|
|
region_name: "{{ swift_service_region }}"
|
|
service_name: "{{ swift_service_name }}"
|
|
service_type: "{{ swift_service_type }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
endpoint_list:
|
|
- url: "{{ swift_service_publicurl }}"
|
|
interface: "public"
|
|
- url: "{{ swift_service_internalurl }}"
|
|
interface: "internal"
|
|
- url: "{{ swift_service_adminurl }}"
|
|
interface: "admin"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|