4341b79b3a
This patch introduces an insecure flag for the Keystone internal and admin endpoints: * keystone_service_adminuri_insecure * keystone_service_internaluri_insecure Both values default to false. If you have setup SSL endpoints for Keystone using an untrusted certificate then you should set the appropriate flag to true in your user_variables. This patch is used to enable testing and development with Keystone SSL endpoints without having to make use of SSL certificates signed by a trusted, public CA. The patch introduces a new optional argument (insecure) to the keystone, glance and neutron Ansible libraries. This is a boolean value which, when true, enables these libraries to access Keystone endpoints 'insecurely'. When these libraries are used in plays, the appropriate value is set automatically as per the above conditions. Implements: blueprint keystone-federation Change-Id: Ia07e7e201f901042dd06a86efe5c6f6725e9ce13
261 lines
6.5 KiB
YAML
261 lines
6.5 KiB
YAML
---
|
|
# Copyright 2014, Rackspace US, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
- name: Ensure cirros image
|
|
glance:
|
|
command: 'image-create'
|
|
openrc_path: /root/openrc
|
|
image_name: cirros
|
|
image_url: 'http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img'
|
|
image_container_format: bare
|
|
image_disk_format: qcow2
|
|
image_is_public: True
|
|
insecure: "{{ keystone_service_internaluri_insecure }}"
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Store glance image id
|
|
set_fact:
|
|
tempest_glance_image_id: "{{ glance_images.cirros.id }}"
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Ensure tempest tenants
|
|
keystone:
|
|
command: ensure_tenant
|
|
token: "{{ keystone_auth_admin_token }}"
|
|
tenant_name: "{{ item }}"
|
|
description: "{{ item }} Tenant"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
with_items:
|
|
- demo
|
|
- alt_demo
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Ensure tempest users
|
|
keystone:
|
|
command: ensure_user
|
|
token: "{{ keystone_auth_admin_token }}"
|
|
tenant_name: "{{ item }}"
|
|
user_name: "{{ item }}"
|
|
password: "{{ item }}"
|
|
description: "{{ item }} User"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
with_items:
|
|
- demo
|
|
- alt_demo
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Ensure tempest users have heat_stack_owners role
|
|
keystone:
|
|
command: ensure_user_role
|
|
token: "{{ keystone_auth_admin_token }}"
|
|
tenant_name: "{{ item }}"
|
|
user_name: "{{ item }}"
|
|
role_name: heat_stack_owner
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
with_items:
|
|
- demo
|
|
- alt_demo
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Ensure reseller_admin role
|
|
keystone:
|
|
command: ensure_role
|
|
token: "{{ keystone_auth_admin_token }}"
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
role_name: "reseller_admin"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Ensure remote_image role exists
|
|
keystone:
|
|
command: ensure_role
|
|
token: "{{ keystone_auth_admin_token }}"
|
|
role_name: remote_image
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Get demo tenant id
|
|
keystone:
|
|
command: get_tenant
|
|
token: "{{ keystone_auth_admin_token }}"
|
|
tenant_name: demo
|
|
endpoint: "{{ keystone_service_adminurl }}"
|
|
insecure: "{{ keystone_service_adminuri_insecure }}"
|
|
register: add_service
|
|
until: add_service|success
|
|
retries: 5
|
|
delay: 10
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Store demo tenant id
|
|
set_fact:
|
|
keystone_demo_tenant_id: "{{ keystone_facts.id }}"
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Ensure private network exists
|
|
neutron:
|
|
command: create_network
|
|
openrc_path: /root/openrc
|
|
net_name: private
|
|
tenant_id: "{{ keystone_demo_tenant_id }}"
|
|
insecure: "{{ keystone_service_internaluri_insecure }}"
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Store neutron private network id
|
|
set_fact:
|
|
tempest_neutron_private_network_id: "{{ neutron_networks.private.id }}"
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Ensure public network exists
|
|
neutron:
|
|
command: create_network
|
|
openrc_path: /root/openrc
|
|
net_name: public
|
|
provider_network_type: flat
|
|
provider_physical_network: flat
|
|
router_external: true
|
|
insecure: "{{ keystone_service_internaluri_insecure }}"
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Store neutron public network id
|
|
set_fact:
|
|
tempest_neutron_public_network_id: "{{ neutron_networks.public.id }}"
|
|
tags:
|
|
- tempest-setup
|
|
- tempest-config
|
|
|
|
- name: Ensure private subnet exists
|
|
neutron:
|
|
command: create_subnet
|
|
openrc_path: /root/openrc
|
|
net_name: private
|
|
subnet_name: private-subnet
|
|
cidr: "{{ tempest_private_subnet_cidr }}"
|
|
tenant_id: "{{ keystone_demo_tenant_id }}"
|
|
insecure: "{{ keystone_service_internaluri_insecure }}"
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Ensure public subnet exists
|
|
neutron:
|
|
command: create_subnet
|
|
openrc_path: /root/openrc
|
|
net_name: public
|
|
subnet_name: public-subnet
|
|
cidr: "{{ tempest_public_subnet_cidr }}"
|
|
insecure: "{{ keystone_service_internaluri_insecure }}"
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Create router
|
|
neutron:
|
|
command: create_router
|
|
openrc_path: /root/openrc
|
|
router_name: router
|
|
external_gateway_info: public
|
|
tenant_id: "{{ keystone_demo_tenant_id }}"
|
|
insecure: "{{ keystone_service_internaluri_insecure }}"
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Add private subnet to router
|
|
neutron:
|
|
command: add_router_interface
|
|
openrc_path: /root/openrc
|
|
router_name: router
|
|
subnet_name: private-subnet
|
|
insecure: "{{ keystone_service_internaluri_insecure }}"
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Check if tempest flavor 201 exists
|
|
shell: |
|
|
. /root/openrc
|
|
nova flavor-show tempest1
|
|
register: tempest1
|
|
failed_when: False
|
|
changed_when: tempest1.rc != 0
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Create tempest flavor 201
|
|
shell: |
|
|
. /root/openrc
|
|
nova flavor-create tempest1 201 256 1 1
|
|
when: tempest1.rc != 0
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Check if tempest flavor 202 exists
|
|
shell: |
|
|
. /root/openrc
|
|
nova flavor-show tempest2
|
|
register: tempest2
|
|
failed_when: False
|
|
changed_when: tempest2.rc != 0
|
|
tags:
|
|
- tempest-setup
|
|
|
|
- name: Create tempest flavor 202
|
|
shell: |
|
|
. /root/openrc
|
|
nova flavor-create tempest2 202 512 1 1
|
|
when: tempest2.rc != 0
|
|
tags:
|
|
- tempest-setup
|