--- # Copyright 2019, VEXXHOST, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Setup the OS service delegate_to: "{{ _service_setup_host }}" vars: ansible_python_interpreter: "{{ _service_setup_host_python_interpreter }}" _service_cloud_name: "{{ service_cloud_name | default('default') }}" block: - name: Add keystone domain openstack.cloud.identity_domain: cloud: "{{ _service_cloud_name }}" state: present description: "{{ _domain_name_description | default(omit) }}" name: "{{ _domain_name }}" endpoint_type: admin verify: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" register: add_domain when: _domain_name is defined until: add_domain is success retries: 5 delay: 10 - name: Add service project openstack.cloud.project: cloud: "{{ _service_cloud_name }}" state: present name: "{{ _project_name }}" description: "{{ _project_description | default(omit) }}" domain_id: "{{ _project_domain | default('default') }}" endpoint_type: admin validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" register: add_service when: - not (_service_in_ldap | default(False) | bool) - _project_name is defined until: add_service is success retries: 5 delay: 10 - name: Add services to the keystone service catalog openstack.cloud.catalog_service: cloud: "{{ _service_cloud_name }}" state: "{{ item.state | default('present') }}" name: "{{ item.name }}" service_type: "{{ item.type }}" description: "{{ item.description | default('') }}" endpoint_type: admin validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" register: add_service with_items: "{{ _service_catalog }}" when: _service_catalog is defined until: add_service is success retries: 5 delay: 10 - name: Add service users vars: default_project: "{{ item.project | default(_service_project_name) }}" openstack.cloud.identity_user: cloud: "{{ _service_cloud_name }}" state: present name: "{{ item.name }}" password: "{{ item.password }}" domain: "{{ item.domain | default('default') }}" default_project: "{{ (default_project is truthy) | ternary(default_project, omit) }}" endpoint_type: admin validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" update_password: "{{ (service_update_password | default(False) | bool) | ternary('always', omit) }}" register: add_service when: - not (_service_in_ldap | default(False) | bool) - _service_users is defined - "'name' in item" - "'password' in item" - (item.condition | default(True)) | bool until: add_service is success with_items: "{{ _service_users }}" retries: 5 delay: 10 no_log: "{{ _service_setup_nolog | default(True) }}" - name: Include task for role assignment include_tasks: setup_roles.yml vars: user_roles: "{{ (user.role is not string and user.role is iterable) | ternary(user.role, [ user.role ]) }}" when: - not (_service_in_ldap | default(False) | bool) - _service_users is defined - "'role' in user" - (user.condition | default(True)) | bool loop: "{{ _service_users }}" no_log: "{{ _service_setup_nolog | default(True) }}" loop_control: loop_var: user - name: Add endpoints to keystone endpoint catalog openstack.cloud.endpoint: cloud: "{{ _service_cloud_name }}" state: "{{ item.state | default('present') }}" service: "{{ item.service }}" endpoint_interface: "{{ item.interface }}" url: "{{ item.url }}" region: "{{ _service_region | default('RegionOne') }}" endpoint_type: admin validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" register: add_service until: add_service is success retries: 5 delay: 10 with_items: "{{ _service_endpoints }}" when: _service_endpoints is defined