openstack-ansible/playbooks/roles/os_heat/tasks/heat_domain_setup.yml
kevin a12dcaff62 Fix the heat stack user create
The heat stack user was being using the openstack cli tools. This has
changed such that its now using our library. This will ensure that the
roles, users, groups, projects, domains are created properly without
the variability of the CLI interface and returned data.

Closes-Bug: #1489947
Change-Id: I3f0af0589825fa506e3618f6f39a54bf89c87d14
2015-09-09 10:29:34 +00:00

95 lines
3.2 KiB
YAML

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This is the role assigned to users created within Heat stacks themselves
- name: Ensure heat_stack_user role
keystone:
command: ensure_role
role_name: "heat_stack_user"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- heat-domain
- heat-domain-role
- heat-domain-setup
- heat-config
- name: Ensure heat domain
keystone:
command: ensure_domain
domain_name: "{{ heat_stack_user_domain_name }}"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- heat-domain
- heat-domain-setup
- heat-config
- name: Ensure heat project
keystone:
command: ensure_project
project_name: "{{ heat_project_name }}"
domain_name: "{{ heat_stack_user_domain_name }}"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
tags:
- heat-domain
- heat-domain-setup
- heat-config
# TODO Change the keystone library to support adding
# a user to a domain without specifying a project
- name: Ensure heat user
shell: |
. {{ ansible_env.HOME }}/openrc
openstack --os-identity-api-version=3 \
--os-auth-url={{ keystone_service_adminurl_v3 }} \
--os-project-name={{ heat_project_name }} \
--os-project-domain-name={{ heat_project_domain_name }} \
--os-user-domain-name={{ heat_user_domain_name }} \
user \
create \
--or-show \
--domain {{ heat_stack_user_domain_name }} \
--password {{ heat_stack_domain_admin_password }} \
"{{ heat_stack_domain_admin }}"
tags:
- heat-domain
- heat-domain-setup
- heat-config
# TODO Change the keystone library to support adding
# a role to a user without specifying a project
- name: Assign admin role to heat domain admin user
shell: |
. {{ ansible_env.HOME }}/openrc
openstack --os-identity-api-version=3 \
--os-auth-url={{ keystone_service_adminurl_v3 }} \
--os-project-name={{ heat_project_name }} \
--os-project-domain-name={{ heat_project_domain_name }} \
--os-user-domain-name={{ heat_user_domain_name }} \
role \
add \
--user {{ heat_stack_domain_admin }} \
--domain {{ heat_stack_user_domain_name }} \
admin
tags:
- heat-domain
- heat-domain-setup
- heat-config