--- # Copyright 2017, Logan Vig # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: Configure keystone for radosgw hosts: "{{ openstack_service_setup_host | default('localhost') }}" user: root vars_files: - "defaults/{{ install_method | default('source') }}_install.yml" vars: ansible_python_interpreter: >- {{ openstack_service_setup_host_python_interpreter | default((openstack_service_setup_host | default('localhost') == 'localhost') | ternary(ansible_playbook_python, ansible_facts['python']['executable'])) }} tags: - ceph-rgw - ceph-rgw-setup - rgw-service-add tasks: - name: Add service to the keystone service catalog openstack.cloud.catalog_service: cloud: default state: present name: "{{ radosgw_service_name }}" service_type: "{{ radosgw_service_type }}" description: "{{ radosgw_service_description }}" interface: admin verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" register: add_service until: add_service is success retries: 5 delay: 10 tags: - ceph-rgw-setup - rgw-service-add - name: Add service user openstack.cloud.identity_user: cloud: default state: present name: "{{ radosgw_admin_user }}" password: "{{ radosgw_admin_password }}" domain: default default_project: "{{ radosgw_admin_tenant }}" interface: admin verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" register: add_user until: add_user is success retries: 5 delay: 10 no_log: True - name: Add service user to roles openstack.cloud.role_assignment: cloud: default state: present user: "{{ radosgw_admin_user }}" role: "{{ radosgw_role_name | default('admin') }}" project: "{{ radosgw_admin_tenant }}" interface: admin verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" register: add_user_role until: add_user_role is success retries: 5 delay: 10 - name: Add service role openstack.cloud.identity_role: cloud: default state: present name: "swiftoperator" interface: admin verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" register: add_role until: add_role is success retries: 5 delay: 10 - name: Add endpoints to keystone endpoint catalog openstack.cloud.endpoint: cloud: default state: present service: "{{ radosgw_service_name }}" endpoint_interface: "{{ item.interface }}" url: "{{ item.url }}" region: "{{ radosgw_service_region }}" interface: admin verify: "{{ not (keystone_service_adminuri_insecure | bool) }}" register: add_service until: add_service is success retries: 5 delay: 10 with_items: - interface: "public" url: "{{ radosgw_service_publicurl }}" - interface: "internal" url: "{{ radosgw_service_internalurl }}" - interface: "admin" url: "{{ radosgw_service_adminurl }}"