openstack-ansible/playbooks/ceph-rgw-keystone-setup.yml

---
# Copyright 2017, Logan Vig <logan2211@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Configure keystone for radosgw
  hosts: "{{ openstack_service_setup_host | default('localhost') }}"
  user: root
  vars_files:
    - "defaults/{{ install_method }}_install.yml"
  vars:
    ansible_python_interpreter: >-
      {{ openstack_service_setup_host_python_interpreter |
         default((openstack_service_setup_host | default('localhost') == 'localhost') | ternary(ansible_playbook_python, ansible_python['executable'])) }}      
  tags:
    - ceph-rgw
    - ceph-rgw-setup
    - rgw-service-add
  tasks:
    - name: Add service to the keystone service catalog
      openstack.cloud.os_keystone_service:
        cloud: default
        state: present
        name: "{{ radosgw_service_name }}"
        service_type: "{{ radosgw_service_type }}"
        description: "{{ radosgw_service_description }}"
        interface: admin
        verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
      register: add_service
      until: add_service is success
      retries: 5
      delay: 10
      tags:
        - ceph-rgw-setup
        - rgw-service-add

    - name: Add service user
      openstack.cloud.os_user:
        cloud: default
        state: present
        name: "{{ radosgw_admin_user }}"
        password: "{{ radosgw_admin_password }}"
        domain: default
        default_project: "{{ radosgw_admin_tenant }}"
        interface: admin
        verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
      register: add_user
      until: add_user is success
      retries: 5
      delay: 10
      no_log: True

    - name: Add service user to roles
      openstack.cloud.os_user_role:
        cloud: default
        state: present
        user: "{{ radosgw_admin_user }}"
        role: "{{ radosgw_role_name | default('admin') }}"
        project: "{{ radosgw_admin_tenant }}"
        interface: admin
        verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
      register: add_user_role
      until: add_user_role is success
      retries: 5
      delay: 10

    - name: Add service role
      openstack.cloud.os_keystone_role:
        cloud: default
        state: present
        name: "swiftoperator"
        interface: admin
        verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
      register: add_role
      until: add_role is success
      retries: 5
      delay: 10

    - name: Add endpoints to keystone endpoint catalog
      openstack.cloud.os_keystone_endpoint:
        cloud: default
        state: present
        service: "{{ radosgw_service_name }}"
        endpoint_interface: "{{ item.interface }}"
        url: "{{ item.url }}"
        region: "{{ radosgw_service_region }}"
        interface: admin
        verify: "{{ not (keystone_service_adminuri_insecure | bool) }}"
      register: add_service
      until: add_service is success
      retries: 5
      delay: 10
      with_items:
        - interface: "public"
          url: "{{ radosgw_service_publicurl }}"
        - interface: "internal"
          url: "{{ radosgw_service_internalurl }}"
        - interface: "admin"
          url: "{{ radosgw_service_adminurl }}"