From 3522d235bd13cf689a3a3762d83fa190836f0572 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Tue, 31 Jul 2018 19:24:02 +0100 Subject: [PATCH] Refactor service, endpoint and user registration Use upstream Ansible modules for registration of services, endpoints, users, projects, roles, and role grants. Change-Id: I7c9138d422cc91c177fd8992347176bb54156b5a --- ansible/roles/aodh/defaults/main.yml | 18 +++ ansible/roles/aodh/tasks/register.yml | 42 ++----- ansible/roles/barbican/defaults/main.yml | 18 +++ ansible/roles/barbican/tasks/register.yml | 42 ++----- ansible/roles/blazar/defaults/main.yml | 18 +++ ansible/roles/blazar/tasks/register.yml | 42 ++----- ansible/roles/ceilometer/defaults/main.yml | 10 ++ ansible/roles/ceilometer/tasks/register.yml | 20 +--- ansible/roles/ceph/defaults/main.yml | 19 ++++ .../roles/ceph/tasks/start_rgw_keystone.yml | 42 ++----- ansible/roles/cinder/defaults/main.yml | 25 ++++ ansible/roles/cinder/tasks/register.yml | 45 ++------ ansible/roles/cloudkitty/defaults/main.yml | 18 +++ ansible/roles/cloudkitty/tasks/register.yml | 42 ++----- ansible/roles/congress/defaults/main.yml | 18 +++ ansible/roles/congress/tasks/register.yml | 42 ++----- ansible/roles/cyborg/defaults/main.yml | 18 +++ ansible/roles/cyborg/tasks/register.yml | 42 ++----- ansible/roles/designate/defaults/main.yml | 18 +++ ansible/roles/designate/tasks/register.yml | 42 ++----- ansible/roles/freezer/defaults/main.yml | 18 +++ ansible/roles/freezer/tasks/register.yml | 42 ++----- ansible/roles/glance/defaults/main.yml | 18 +++ ansible/roles/glance/tasks/register.yml | 42 ++----- ansible/roles/gnocchi/defaults/main.yml | 18 +++ ansible/roles/gnocchi/tasks/register.yml | 42 ++----- ansible/roles/heat/defaults/main.yml | 25 ++++ ansible/roles/heat/tasks/register.yml | 45 ++------ ansible/roles/ironic/defaults/main.yml | 29 +++++ ansible/roles/ironic/tasks/register.yml | 82 ++------------ ansible/roles/karbor/defaults/main.yml | 18 +++ ansible/roles/karbor/tasks/register.yml | 42 ++----- ansible/roles/keystone/defaults/main.yml | 13 +++ ansible/roles/keystone/tasks/register.yml | 27 +---- ansible/roles/kuryr/defaults/main.yml | 9 ++ ansible/roles/kuryr/tasks/register.yml | 20 +--- ansible/roles/magnum/defaults/main.yml | 19 ++++ ansible/roles/magnum/tasks/register.yml | 42 ++----- ansible/roles/manila/defaults/main.yml | 26 +++++ ansible/roles/manila/tasks/register.yml | 45 ++------ ansible/roles/masakari/defaults/main.yml | 18 +++ ansible/roles/masakari/tasks/register.yml | 42 ++----- ansible/roles/mistral/defaults/main.yml | 18 +++ ansible/roles/mistral/tasks/register.yml | 42 ++----- ansible/roles/monasca/defaults/main.yml | 29 +++++ ansible/roles/monasca/tasks/register.yml | 77 ++----------- ansible/roles/murano/defaults/main.yml | 18 +++ ansible/roles/murano/tasks/register.yml | 42 ++----- ansible/roles/neutron/defaults/main.yml | 18 +++ ansible/roles/neutron/tasks/register.yml | 42 ++----- ansible/roles/nova/defaults/main.yml | 25 ++++ ansible/roles/nova/tasks/register.yml | 45 ++------ ansible/roles/octavia/defaults/main.yml | 18 +++ ansible/roles/octavia/tasks/register.yml | 42 ++----- ansible/roles/panko/defaults/main.yml | 18 +++ ansible/roles/panko/tasks/register.yml | 42 ++----- ansible/roles/placement/defaults/main.yml | 18 +++ ansible/roles/placement/tasks/register.yml | 42 ++----- ansible/roles/qinling/defaults/main.yml | 18 +++ ansible/roles/qinling/tasks/register.yml | 42 ++----- ansible/roles/sahara/defaults/main.yml | 18 +++ ansible/roles/sahara/tasks/register.yml | 42 ++----- ansible/roles/searchlight/defaults/main.yml | 18 +++ ansible/roles/searchlight/tasks/register.yml | 42 ++----- ansible/roles/senlin/defaults/main.yml | 18 +++ ansible/roles/senlin/tasks/register.yml | 42 ++----- .../service-ks-register/defaults/main.yml | 14 +++ .../roles/service-ks-register/tasks/main.yml | 107 ++++++++++++++++++ ansible/roles/solum/defaults/main.yml | 25 ++++ ansible/roles/solum/tasks/register.yml | 63 ++--------- ansible/roles/swift/defaults/main.yml | 18 +++ ansible/roles/swift/tasks/register.yml | 42 ++----- ansible/roles/tacker/defaults/main.yml | 18 +++ ansible/roles/tacker/tasks/register.yml | 42 ++----- ansible/roles/trove/defaults/main.yml | 18 +++ ansible/roles/trove/tasks/register.yml | 42 ++----- ansible/roles/vitrage/defaults/main.yml | 18 +++ ansible/roles/vitrage/tasks/register.yml | 42 ++----- ansible/roles/watcher/defaults/main.yml | 18 +++ ansible/roles/watcher/tasks/register.yml | 42 ++----- ansible/roles/zun/defaults/main.yml | 18 +++ ansible/roles/zun/tasks/register.yml | 42 ++----- 82 files changed, 1156 insertions(+), 1452 deletions(-) create mode 100644 ansible/roles/service-ks-register/defaults/main.yml create mode 100644 ansible/roles/service-ks-register/tasks/main.yml diff --git a/ansible/roles/aodh/defaults/main.yml b/ansible/roles/aodh/defaults/main.yml index d04fe605c1..fd58d635fc 100644 --- a/ansible/roles/aodh/defaults/main.yml +++ b/ansible/roles/aodh/defaults/main.yml @@ -147,3 +147,21 @@ aodh_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" aodh_dev_repos_pull: "{{ kolla_dev_repos_pull }}" aodh_dev_mode: "{{ kolla_dev_mode }}" aodh_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +aodh_ks_services: + - name: "aodh" + type: "alarming" + description: "OpenStack Alarming Service" + endpoints: + - {'interface': 'admin', 'url': '{{ aodh_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ aodh_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ aodh_public_endpoint }}'} + +aodh_ks_users: + - project: "service" + user: "{{ aodh_keystone_user }}" + password: "{{ aodh_keystone_password }}" + role: "admin" diff --git a/ansible/roles/aodh/tasks/register.yml b/ansible/roles/aodh/tasks/register.yml index 4cc2bc1fb3..3a97d70b3b 100644 --- a/ansible/roles/aodh/tasks/register.yml +++ b/ansible/roles/aodh/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the aodh service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "aodh" - service_type: "alarming" - description: "OpenStack Alarming Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_aodh_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ aodh_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ aodh_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ aodh_public_endpoint }}'} - -- name: Creating the aodh project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ aodh_keystone_user }}" - password: "{{ aodh_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_aodh_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_aodh_auth }}" + service_ks_register_services: "{{ aodh_ks_services }}" + service_ks_register_users: "{{ aodh_ks_users }}" + tags: always diff --git a/ansible/roles/barbican/defaults/main.yml b/ansible/roles/barbican/defaults/main.yml index 4f4d58d6a2..c7349fb95c 100644 --- a/ansible/roles/barbican/defaults/main.yml +++ b/ansible/roles/barbican/defaults/main.yml @@ -115,3 +115,21 @@ barbican_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" barbican_dev_repos_pull: "{{ kolla_dev_repos_pull }}" barbican_dev_mode: "{{ kolla_dev_mode }}" barbican_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +barbican_ks_services: + - name: "barbican" + type: "key-manager" + description: "Barbican Key Management Service" + endpoints: + - {'interface': 'admin', 'url': '{{ barbican_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ barbican_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ barbican_public_endpoint }}'} + +barbican_ks_users: + - project: "service" + user: "{{ barbican_keystone_user }}" + password: "{{ barbican_keystone_password }}" + role: "admin" diff --git a/ansible/roles/barbican/tasks/register.yml b/ansible/roles/barbican/tasks/register.yml index 75f0855d7e..84cc5d7911 100644 --- a/ansible/roles/barbican/tasks/register.yml +++ b/ansible/roles/barbican/tasks/register.yml @@ -1,39 +1,11 @@ --- -- name: Creating the barbican service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "barbican" - service_type: "key-manager" - description: "Barbican Key Management Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_barbican_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ barbican_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ barbican_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ barbican_public_endpoint }}'} - -- name: Creating the barbican project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ barbican_keystone_user }}" - password: "{{ barbican_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_barbican_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_barbican_auth }}" + service_ks_register_services: "{{ barbican_ks_services }}" + service_ks_register_users: "{{ barbican_ks_users }}" + tags: always - name: Creating default barbican roles become: true diff --git a/ansible/roles/blazar/defaults/main.yml b/ansible/roles/blazar/defaults/main.yml index 831d4622ce..103b5ca05d 100644 --- a/ansible/roles/blazar/defaults/main.yml +++ b/ansible/roles/blazar/defaults/main.yml @@ -105,3 +105,21 @@ blazar_notification_topics: enabled: "{{ enable_ceilometer | bool }}" blazar_enabled_notification_topics: "{{ blazar_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +blazar_ks_services: + - name: "blazar" + type: "reservation" + description: "OpenStack Reservation Service" + endpoints: + - {'interface': 'admin', 'url': '{{ blazar_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ blazar_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ blazar_public_endpoint }}'} + +blazar_ks_users: + - project: "service" + user: "{{ blazar_keystone_user }}" + password: "{{ blazar_keystone_password }}" + role: "admin" diff --git a/ansible/roles/blazar/tasks/register.yml b/ansible/roles/blazar/tasks/register.yml index 73b2164984..515bac5a30 100644 --- a/ansible/roles/blazar/tasks/register.yml +++ b/ansible/roles/blazar/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the blazar service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "blazar" - service_type: "reservation" - description: "OpenStack Reservation Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_blazar_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ blazar_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ blazar_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ blazar_public_endpoint }}'} - -- name: Creating the blazar project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ blazar_keystone_user }}" - password: "{{ blazar_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_blazar_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_blazar_auth }}" + service_ks_register_services: "{{ blazar_ks_services }}" + service_ks_register_users: "{{ blazar_ks_users }}" + tags: always diff --git a/ansible/roles/ceilometer/defaults/main.yml b/ansible/roles/ceilometer/defaults/main.yml index 03cab768c6..327b736f58 100644 --- a/ansible/roles/ceilometer/defaults/main.yml +++ b/ansible/roles/ceilometer/defaults/main.yml @@ -111,3 +111,13 @@ ceilometer_dev_mode: "{{ kolla_dev_mode }}" ceilometer_source_version: "{{ kolla_source_version }}" ceilometer_custom_meters_local_folder: "meters.d" + +#################### +# Keystone +#################### + +ceilometer_ks_users: + - project: "service" + user: "{{ ceilometer_keystone_user }}" + password: "{{ ceilometer_keystone_password }}" + role: "admin" diff --git a/ansible/roles/ceilometer/tasks/register.yml b/ansible/roles/ceilometer/tasks/register.yml index 76ee2b0d7a..2a3225c9e4 100644 --- a/ansible/roles/ceilometer/tasks/register.yml +++ b/ansible/roles/ceilometer/tasks/register.yml @@ -1,18 +1,10 @@ --- -- name: Creating the Ceilometer project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ ceilometer_keystone_user }}" - password: "{{ ceilometer_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_ceilometer_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_ceilometer_auth }}" + service_ks_register_users: "{{ ceilometer_ks_users }}" + tags: always - name: Associate the ResellerAdmin role and ceilometer user become: true diff --git a/ansible/roles/ceph/defaults/main.yml b/ansible/roles/ceph/defaults/main.yml index 2c94b9da8a..04d6b9d77b 100644 --- a/ansible/roles/ceph/defaults/main.yml +++ b/ansible/roles/ceph/defaults/main.yml @@ -128,3 +128,22 @@ cephfs_metadata_pool_pgp_num: "{{ ceph_pool_pgp_num }}" # Kolla #################### kolla_ceph_use_udev: True + + +#################### +# Keystone +#################### +ceph_rgw_ks_services: + - name: "swift" + type: "object-store" + description: "Openstack Object Storage" + endpoints: + - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'} + +ceph_rgw_ks_users: + - project: "service" + user: "{{ ceph_rgw_keystone_user }}" + password: "{{ ceph_rgw_keystone_password }}" + role: "admin" diff --git a/ansible/roles/ceph/tasks/start_rgw_keystone.yml b/ansible/roles/ceph/tasks/start_rgw_keystone.yml index 4027d341ea..175e8614b1 100644 --- a/ansible/roles/ceph/tasks/start_rgw_keystone.yml +++ b/ansible/roles/ceph/tasks/start_rgw_keystone.yml @@ -1,39 +1,11 @@ --- -- name: Creating the Swift service and endpoint - become: true - kolla_toolbox: - module_name: kolla_keystone_service - module_args: - service_name: "swift" - service_type: "object-store" - description: "Openstack Object Storage" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_ceph_rgw_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'} - -- name: Registering keystone ceph_rgw user - become: true - kolla_toolbox: - module_name: kolla_keystone_user - module_args: - project: "service" - user: "{{ ceph_rgw_keystone_user }}" - password: "{{ ceph_rgw_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_ceph_rgw_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_ceph_rgw_auth }}" + service_ks_register_services: "{{ ceph_rgw_ks_services }}" + service_ks_register_users: "{{ ceph_rgw_ks_users }}" + tags: always - name: Creating the ResellerAdmin role become: true diff --git a/ansible/roles/cinder/defaults/main.yml b/ansible/roles/cinder/defaults/main.yml index 7df2547e53..5803f4d5d8 100644 --- a/ansible/roles/cinder/defaults/main.yml +++ b/ansible/roles/cinder/defaults/main.yml @@ -250,3 +250,28 @@ cinder_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" cinder_dev_repos_pull: "{{ kolla_dev_repos_pull }}" cinder_dev_mode: "{{ kolla_dev_mode }}" cinder_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +cinder_ks_services: + - name: "cinderv2" + type: "volumev2" + description: "Openstack Block Storage" + endpoints: + - {'interface': 'admin', 'url': '{{ cinder_v2_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ cinder_v2_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ cinder_v2_public_endpoint }}'} + - name: "cinderv3" + type: "volumev3" + description: "Openstack Block Storage" + endpoints: + - {'interface': 'admin', 'url': '{{ cinder_v3_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ cinder_v3_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ cinder_v3_public_endpoint }}'} + +cinder_ks_users: + - project: "service" + user: "{{ cinder_keystone_user }}" + password: "{{ cinder_keystone_password }}" + role: "admin" diff --git a/ansible/roles/cinder/tasks/register.yml b/ansible/roles/cinder/tasks/register.yml index 579b28b925..6ac5939430 100644 --- a/ansible/roles/cinder/tasks/register.yml +++ b/ansible/roles/cinder/tasks/register.yml @@ -1,39 +1,8 @@ --- -- name: Creating the Cinder service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "{{ item.service_name }}" - service_type: "{{ item.service_type }}" - description: "Openstack Block Storage" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_cinder_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ cinder_v2_admin_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'} - - {'interface': 'internal', 'url': '{{ cinder_v2_internal_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'} - - {'interface': 'public', 'url': '{{ cinder_v2_public_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'} - - {'interface': 'admin', 'url': '{{ cinder_v3_admin_endpoint }}', 'service_name': 'cinderv3', 'service_type': 'volumev3'} - - {'interface': 'internal', 'url': '{{ cinder_v3_internal_endpoint }}', 'service_name': 'cinderv3', 'service_type': 'volumev3'} - - {'interface': 'public', 'url': '{{ cinder_v3_public_endpoint }}', 'service_name': 'cinderv3', 'service_type': 'volumev3'} - -- name: Creating the Cinder project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ cinder_keystone_user }}" - password: "{{ cinder_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_cinder_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_cinder_auth }}" + service_ks_register_services: "{{ cinder_ks_services }}" + service_ks_register_users: "{{ cinder_ks_users }}" + tags: always diff --git a/ansible/roles/cloudkitty/defaults/main.yml b/ansible/roles/cloudkitty/defaults/main.yml index 342c7c4360..440a40a48c 100644 --- a/ansible/roles/cloudkitty/defaults/main.yml +++ b/ansible/roles/cloudkitty/defaults/main.yml @@ -122,3 +122,21 @@ cloudkitty_storage_backend: "sqlalchemy" # cloudkitty_influxdb_insecure_connections: false cloudkitty_influxdb_name: "cloudkitty" + +#################### +# Keystone +#################### +cloudkitty_ks_services: + - name: "cloudkitty" + type: "rating" + description: "OpenStack Rating" + endpoints: + - {'interface': 'admin', 'url': '{{ cloudkitty_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ cloudkitty_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ cloudkitty_public_endpoint }}'} + +cloudkitty_ks_users: + - project: "service" + user: "{{ cloudkitty_keystone_user }}" + password: "{{ cloudkitty_keystone_password }}" + role: "admin" diff --git a/ansible/roles/cloudkitty/tasks/register.yml b/ansible/roles/cloudkitty/tasks/register.yml index 7e487e68d6..639c48cfea 100644 --- a/ansible/roles/cloudkitty/tasks/register.yml +++ b/ansible/roles/cloudkitty/tasks/register.yml @@ -1,39 +1,11 @@ --- -- name: Creating the Cloudkitty service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "cloudkitty" - service_type: "rating" - description: "OpenStack Rating" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_cloudkitty_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ cloudkitty_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ cloudkitty_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ cloudkitty_public_endpoint }}'} - -- name: Creating the Cloudkitty project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ cloudkitty_keystone_user }}" - password: "{{ cloudkitty_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_cloudkitty_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_cloudkitty_auth }}" + service_ks_register_services: "{{ cloudkitty_ks_services }}" + service_ks_register_users: "{{ cloudkitty_ks_users }}" + tags: always - name: Creating the rating role become: true diff --git a/ansible/roles/congress/defaults/main.yml b/ansible/roles/congress/defaults/main.yml index 4675f656d1..fd1c0e92e5 100644 --- a/ansible/roles/congress/defaults/main.yml +++ b/ansible/roles/congress/defaults/main.yml @@ -108,3 +108,21 @@ congress_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" congress_dev_repos_pull: "{{ kolla_dev_repos_pull }}" congress_dev_mode: "{{ kolla_dev_mode }}" congress_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +congress_ks_services: + - name: "congress" + type: "policy" + description: "Congress Service" + endpoints: + - {'interface': 'admin', 'url': '{{ congress_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ congress_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ congress_public_endpoint }}'} + +congress_ks_users: + - project: "service" + user: "{{ congress_keystone_user }}" + password: "{{ congress_keystone_password }}" + role: "admin" diff --git a/ansible/roles/congress/tasks/register.yml b/ansible/roles/congress/tasks/register.yml index 8602471976..7afd6ad7c5 100644 --- a/ansible/roles/congress/tasks/register.yml +++ b/ansible/roles/congress/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the congress service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "congress" - service_type: "policy" - description: "Congress Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_congress_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ congress_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ congress_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ congress_public_endpoint }}'} - -- name: Creating the congress project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "congress" - password: "{{ congress_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_congress_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_congress_auth }}" + service_ks_register_services: "{{ congress_ks_services }}" + service_ks_register_users: "{{ congress_ks_users }}" + tags: always diff --git a/ansible/roles/cyborg/defaults/main.yml b/ansible/roles/cyborg/defaults/main.yml index 0da20352ed..e6af6ae413 100644 --- a/ansible/roles/cyborg/defaults/main.yml +++ b/ansible/roles/cyborg/defaults/main.yml @@ -96,3 +96,21 @@ cyborg_notification_topics: enabled: "{{ enable_ceilometer | bool }}" cyborg_enabled_notification_topics: "{{ cyborg_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +cyborg_ks_services: + - name: "cyborg" + type: "cyborg" + description: "OpenStack Cyborg Service" + endpoints: + - {'interface': 'admin', 'url': '{{ cyborg_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ cyborg_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ cyborg_public_endpoint }}'} + +cyborg_ks_users: + - project: "service" + user: "{{ cyborg_keystone_user }}" + password: "{{ cyborg_keystone_password }}" + role: "admin" diff --git a/ansible/roles/cyborg/tasks/register.yml b/ansible/roles/cyborg/tasks/register.yml index 88280ea156..c5b54f96fa 100644 --- a/ansible/roles/cyborg/tasks/register.yml +++ b/ansible/roles/cyborg/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the cyborg service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "cyborg" - service_type: "cyborg" - description: "OpenStack Cyborg Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_cyborg_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ cyborg_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ cyborg_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ cyborg_public_endpoint }}'} - -- name: Creating the cyborg project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ cyborg_keystone_user }}" - password: "{{ cyborg_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_cyborg_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_cyborg_auth }}" + service_ks_register_services: "{{ cyborg_ks_services }}" + service_ks_register_users: "{{ cyborg_ks_users }}" + tags: always diff --git a/ansible/roles/designate/defaults/main.yml b/ansible/roles/designate/defaults/main.yml index ee12db66e6..c99aabcbc2 100644 --- a/ansible/roles/designate/defaults/main.yml +++ b/ansible/roles/designate/defaults/main.yml @@ -218,3 +218,21 @@ designate_notification_topics: enabled: True designate_enabled_notification_topics: "{{ designate_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +designate_ks_services: + - name: "designate" + type: "dns" + description: "Designate DNS Service" + endpoints: + - {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ designate_public_endpoint }}'} + +designate_ks_users: + - project: "service" + user: "{{ designate_keystone_user }}" + password: "{{ designate_keystone_password }}" + role: "admin" diff --git a/ansible/roles/designate/tasks/register.yml b/ansible/roles/designate/tasks/register.yml index 40f2ce4a4a..f73ebabba9 100644 --- a/ansible/roles/designate/tasks/register.yml +++ b/ansible/roles/designate/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Designate service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "designate" - service_type: "dns" - description: "Designate DNS Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_designate_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ designate_public_endpoint }}'} - -- name: Creating the Designate project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ designate_keystone_user }}" - password: "{{ designate_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_designate_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_designate_auth }}" + service_ks_register_services: "{{ designate_ks_services }}" + service_ks_register_users: "{{ designate_ks_users }}" + tags: always diff --git a/ansible/roles/freezer/defaults/main.yml b/ansible/roles/freezer/defaults/main.yml index 4dad18d517..9b4cb0d927 100644 --- a/ansible/roles/freezer/defaults/main.yml +++ b/ansible/roles/freezer/defaults/main.yml @@ -96,3 +96,21 @@ freezer_api_git_repository: "{{ kolla_dev_repos_git }}/freezer-api" freezer_dev_repos_pull: "{{ kolla_dev_repos_pull }}" freezer_dev_mode: "{{ kolla_dev_mode }}" freezer_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +freezer_ks_services: + - name: "freezer" + type: "backup" + description: "Openstack Freezer Backup Service" + endpoints: + - {'interface': 'admin', 'url': '{{ freezer_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ freezer_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ freezer_public_endpoint }}'} + +freezer_ks_users: + - project: "service" + user: "{{ freezer_keystone_user }}" + password: "{{ freezer_keystone_password }}" + role: "admin" diff --git a/ansible/roles/freezer/tasks/register.yml b/ansible/roles/freezer/tasks/register.yml index c0048f126d..c27427986a 100644 --- a/ansible/roles/freezer/tasks/register.yml +++ b/ansible/roles/freezer/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the freezer service and endpoint - become: true - kolla_toolbox: - module_name: kolla_keystone_service - module_args: - service_name: freezer - service_type: backup - description: 'Openstack Freezer Backup Service' - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_freezer_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ freezer_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ freezer_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ freezer_public_endpoint }}'} - -- name: Creating the freezer project, user, and role - become: true - kolla_toolbox: - module_name: kolla_keystone_user - module_args: - project: service - user: "{{ freezer_keystone_user }}" - password: "{{ freezer_keystone_password }}" - role: admin - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_freezer_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_freezer_auth }}" + service_ks_register_services: "{{ freezer_ks_services }}" + service_ks_register_users: "{{ freezer_ks_users }}" + tags: always diff --git a/ansible/roles/glance/defaults/main.yml b/ansible/roles/glance/defaults/main.yml index ead1a8fe77..1bd18accb7 100644 --- a/ansible/roles/glance/defaults/main.yml +++ b/ansible/roles/glance/defaults/main.yml @@ -39,6 +39,24 @@ glance_services: #################### haproxy_members: "{% for host in glance_api_hosts %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_listen_port }} check inter 2000 rise 2 fall 5;{% endfor %}" +#################### +# Keystone +#################### +glance_ks_services: + - name: "glance" + type: "image" + description: "Openstack Image" + endpoints: + - {'interface': 'admin', 'url': '{{ glance_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ glance_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ glance_public_endpoint }}'} + +glance_ks_users: + - project: "service" + user: "{{ glance_keystone_user }}" + password: "{{ glance_keystone_password }}" + role: "admin" + #################### # Notification #################### diff --git a/ansible/roles/glance/tasks/register.yml b/ansible/roles/glance/tasks/register.yml index 43d922fff1..7a1a715b4d 100644 --- a/ansible/roles/glance/tasks/register.yml +++ b/ansible/roles/glance/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Glance service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "glance" - service_type: "image" - description: "Openstack Image" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_glance_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ glance_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ glance_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ glance_public_endpoint }}'} - -- name: Creating the Glance project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ glance_keystone_user }}" - password: "{{ glance_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_glance_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_glance_auth }}" + service_ks_register_services: "{{ glance_ks_services }}" + service_ks_register_users: "{{ glance_ks_users }}" + tags: always diff --git a/ansible/roles/gnocchi/defaults/main.yml b/ansible/roles/gnocchi/defaults/main.yml index 4646a708d4..e8ebc13501 100644 --- a/ansible/roles/gnocchi/defaults/main.yml +++ b/ansible/roles/gnocchi/defaults/main.yml @@ -132,3 +132,21 @@ gnocchi_metricd_workers: "{{ openstack_service_workers }}" gnocchi_keystone_user: "gnocchi" openstack_gnocchi_auth: "{{ openstack_auth }}" + +#################### +# Keystone +#################### +gnocchi_ks_services: + - name: "gnocchi" + type: "metric" + description: "OpenStack Metric Service" + endpoints: + - {'interface': 'admin', 'url': '{{ gnocchi_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ gnocchi_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ gnocchi_public_endpoint }}'} + +gnocchi_ks_users: + - project: "service" + user: "{{ gnocchi_keystone_user }}" + password: "{{ gnocchi_keystone_password }}" + role: "admin" diff --git a/ansible/roles/gnocchi/tasks/register.yml b/ansible/roles/gnocchi/tasks/register.yml index 417a13dc2d..dcfbb03441 100644 --- a/ansible/roles/gnocchi/tasks/register.yml +++ b/ansible/roles/gnocchi/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the gnocchi service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "gnocchi" - service_type: "metric" - description: "OpenStack Metric Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_gnocchi_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ gnocchi_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ gnocchi_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ gnocchi_public_endpoint }}'} - -- name: Creating the gnocchi project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ gnocchi_keystone_user }}" - password: "{{ gnocchi_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_gnocchi_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_gnocchi_auth }}" + service_ks_register_services: "{{ gnocchi_ks_services }}" + service_ks_register_users: "{{ gnocchi_ks_users }}" + tags: always diff --git a/ansible/roles/heat/defaults/main.yml b/ansible/roles/heat/defaults/main.yml index 06761f170c..93d4884921 100644 --- a/ansible/roles/heat/defaults/main.yml +++ b/ansible/roles/heat/defaults/main.yml @@ -136,3 +136,28 @@ heat_notification_topics: enabled: "{{ enable_ceilometer | bool }}" heat_enabled_notification_topics: "{{ heat_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +heat_ks_services: + - name: "heat" + type: "orchestration" + description: "Orchestration" + endpoints: + - {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ heat_public_endpoint }}'} + - name: "heat-cfn" + type: "cloudformation" + description: "Orchestration" + endpoints: + - {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}'} + +heat_ks_users: + - project: "service" + user: "{{ heat_keystone_user }}" + password: "{{ heat_keystone_password }}" + role: "admin" diff --git a/ansible/roles/heat/tasks/register.yml b/ansible/roles/heat/tasks/register.yml index 1441b36ede..abb38cc6b2 100644 --- a/ansible/roles/heat/tasks/register.yml +++ b/ansible/roles/heat/tasks/register.yml @@ -1,42 +1,11 @@ --- -- name: Creating the Heat service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "{{ item.service_name }}" - service_type: "{{ item.service_type }}" - description: "{{ item.description }}" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_heat_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'} - - {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'} - - {'interface': 'public', 'url': '{{ heat_public_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'} - - {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'} - - {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'} - - {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'} - -- name: Creating the Heat project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ heat_keystone_user }}" - password: "{{ heat_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_heat_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_heat_auth }}" + service_ks_register_services: "{{ heat_ks_services }}" + service_ks_register_users: "{{ heat_ks_users }}" + tags: always - name: Creating the heat_stack_user role become: true diff --git a/ansible/roles/ironic/defaults/main.yml b/ansible/roles/ironic/defaults/main.yml index 1dbdd4077e..370157c791 100644 --- a/ansible/roles/ironic/defaults/main.yml +++ b/ansible/roles/ironic/defaults/main.yml @@ -221,3 +221,32 @@ ironic_notification_topics: enabled: "{{ enable_ceilometer | bool }}" ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +ironic_ks_services: + - name: "ironic" + type: "baremetal" + description: "Ironic baremetal provisioning service" + endpoints: + - {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'} + - name: "ironic-inspector" + type: "baremetal-introspection" + description: "Ironic Inspector baremetal introspection service" + endpoints: + - {'interface': 'admin', 'url': '{{ ironic_inspector_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'} + +ironic_ks_users: + - project: "service" + user: "{{ ironic_keystone_user }}" + password: "{{ ironic_keystone_password }}" + role: "admin" + - project: "service" + user: "{{ ironic_inspector_keystone_user }}" + password: "{{ ironic_inspector_keystone_password }}" + role: "admin" diff --git a/ansible/roles/ironic/tasks/register.yml b/ansible/roles/ironic/tasks/register.yml index 9183f8570d..044b267ee4 100644 --- a/ansible/roles/ironic/tasks/register.yml +++ b/ansible/roles/ironic/tasks/register.yml @@ -1,76 +1,8 @@ --- -- name: Creating the Ironic service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "ironic" - service_type: "baremetal" - description: "Ironic baremetal provisioning service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_ironic_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - when: inventory_hostname in groups['ironic-api'] - with_items: - - {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'} - -- name: Creating the Ironic project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ ironic_keystone_user }}" - password: "{{ ironic_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_ironic_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - when: inventory_hostname in groups['ironic-api'] - -- name: Creating the Ironic Inspector service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "ironic-inspector" - service_type: "baremetal-introspection" - description: "Ironic Inspector baremetal introspection service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_ironic_inspector_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - when: inventory_hostname in groups['ironic-inspector'] - with_items: - - {'interface': 'admin', 'url': '{{ ironic_inspector_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'} - -- name: Creating the Ironic Inspector project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ ironic_inspector_keystone_user }}" - password: "{{ ironic_inspector_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_ironic_inspector_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - when: inventory_hostname in groups['ironic-inspector'] +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_ironic_auth }}" + service_ks_register_services: "{{ ironic_ks_services }}" + service_ks_register_users: "{{ ironic_ks_users }}" + tags: always diff --git a/ansible/roles/karbor/defaults/main.yml b/ansible/roles/karbor/defaults/main.yml index d745fdf548..83b0870dae 100644 --- a/ansible/roles/karbor/defaults/main.yml +++ b/ansible/roles/karbor/defaults/main.yml @@ -106,3 +106,21 @@ karbor_notification_topics: enabled: "{{ enable_ceilometer | bool }}" karbor_enabled_notification_topics: "{{ karbor_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +karbor_ks_services: + - name: "karbor" + type: "data-protect" + description: "Application Data Protection Service" + endpoints: + - {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ karbor_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ karbor_public_endpoint }}'} + +karbor_ks_users: + - project: "service" + user: "{{ karbor_keystone_user }}" + password: "{{ karbor_keystone_password }}" + role: "admin" diff --git a/ansible/roles/karbor/tasks/register.yml b/ansible/roles/karbor/tasks/register.yml index d62cc2eb0d..4c9e3d2919 100644 --- a/ansible/roles/karbor/tasks/register.yml +++ b/ansible/roles/karbor/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Karbor service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "karbor" - service_type: "data-protect" - description: "Application Data Protection Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_karbor_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ karbor_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ karbor_public_endpoint }}'} - -- name: Creating the Karbor project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ karbor_keystone_user }}" - password: "{{ karbor_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_karbor_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_karbor_auth }}" + service_ks_register_services: "{{ karbor_ks_services }}" + service_ks_register_users: "{{ karbor_ks_users }}" + tags: always diff --git a/ansible/roles/keystone/defaults/main.yml b/ansible/roles/keystone/defaults/main.yml index db738bab0b..c6ac1ad0b3 100644 --- a/ansible/roles/keystone/defaults/main.yml +++ b/ansible/roles/keystone/defaults/main.yml @@ -128,3 +128,16 @@ keystone_notification_topics: enabled: "{{ enable_barbican | bool }}" keystone_enabled_notification_topics: "{{ keystone_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + + +#################### +# Keystone +#################### +keystone_ks_services: + - name: "keystone" + type: "identity" + description: "Openstack Identity Service" + endpoints: + - {'interface': 'admin', 'url': '{{ keystone_admin_url }}'} + - {'interface': 'internal', 'url': '{{ keystone_internal_url }}'} + - {'interface': 'public', 'url': '{{ keystone_public_url }}'} diff --git a/ansible/roles/keystone/tasks/register.yml b/ansible/roles/keystone/tasks/register.yml index 457e89ddfe..69dffd9405 100644 --- a/ansible/roles/keystone/tasks/register.yml +++ b/ansible/roles/keystone/tasks/register.yml @@ -8,28 +8,13 @@ run_once: True with_items: "{{ multiple_regions_names }}" -# NOTE(jeffrey4l): Since keystone-manage bootstrap cloud not update the endpoint, -# run kolla_keystone_service module again. -- name: Creating the Keystone service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "keystone" - service_type: "identity" - description: "Openstack Identity Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_keystone_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_keystone_auth }}" + service_ks_register_services: "{{ keystone_ks_services }}" + tags: always run_once: True - with_items: - - { interface: admin, url: "{{ keystone_admin_url }}" } - - { interface: internal, url: "{{ keystone_internal_url }}" } - - { interface: public, url: "{{ keystone_public_url }}" } - name: Creating default user role become: true diff --git a/ansible/roles/kuryr/defaults/main.yml b/ansible/roles/kuryr/defaults/main.yml index b16bce3c05..b76ef0d839 100644 --- a/ansible/roles/kuryr/defaults/main.yml +++ b/ansible/roles/kuryr/defaults/main.yml @@ -59,3 +59,12 @@ kuryr_dev_repos_pull: "{{ kolla_dev_repos_pull }}" kuryr_dev_mode: "{{ kolla_dev_mode }}" kuryr_dimensions: "{{ default_container_dimensions }}" kuryr_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +kuryr_ks_users: + - project: "service" + user: "{{ kuryr_keystone_user }}" + password: "{{ kuryr_keystone_password }}" + role: "admin" diff --git a/ansible/roles/kuryr/tasks/register.yml b/ansible/roles/kuryr/tasks/register.yml index 28b24b2e6e..a3b46bcef0 100644 --- a/ansible/roles/kuryr/tasks/register.yml +++ b/ansible/roles/kuryr/tasks/register.yml @@ -1,15 +1,7 @@ --- -- name: Creating the Kuryr project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ kuryr_keystone_user }}" - password: "{{ kuryr_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_kuryr_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_kuryr_auth }}" + service_ks_register_users: "{{ kuryr_ks_users }}" + tags: always diff --git a/ansible/roles/magnum/defaults/main.yml b/ansible/roles/magnum/defaults/main.yml index a5a6d8f09c..818c74cc66 100644 --- a/ansible/roles/magnum/defaults/main.yml +++ b/ansible/roles/magnum/defaults/main.yml @@ -115,3 +115,22 @@ magnum_notification_topics: enabled: "{{ enable_ceilometer | bool }}" magnum_enabled_notification_topics: "{{ magnum_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + + +#################### +# Keystone +#################### +magnum_ks_services: + - name: "magnum" + type: "container-infra" + description: "Container Infrastructure Management Service" + endpoints: + - {'interface': 'admin', 'url': '{{ magnum_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ magnum_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ magnum_public_endpoint }}'} + +magnum_ks_users: + - project: "service" + user: "{{ magnum_keystone_user }}" + password: "{{ magnum_keystone_password }}" + role: "admin" diff --git a/ansible/roles/magnum/tasks/register.yml b/ansible/roles/magnum/tasks/register.yml index 40e1a01d5d..2956bb0df4 100644 --- a/ansible/roles/magnum/tasks/register.yml +++ b/ansible/roles/magnum/tasks/register.yml @@ -1,39 +1,11 @@ --- -- name: Creating the Magnum service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "magnum" - service_type: "container-infra" - description: "Container Infrastructure Management Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_magnum_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ magnum_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ magnum_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ magnum_public_endpoint }}'} - -- name: Creating the Magnum project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ magnum_keystone_user }}" - password: "{{ magnum_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_magnum_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_magnum_auth }}" + service_ks_register_services: "{{ magnum_ks_services }}" + service_ks_register_users: "{{ magnum_ks_users }}" + tags: always - name: Creating Magnum trustee domain become: true diff --git a/ansible/roles/manila/defaults/main.yml b/ansible/roles/manila/defaults/main.yml index 03efea5040..a668c1f4e2 100644 --- a/ansible/roles/manila/defaults/main.yml +++ b/ansible/roles/manila/defaults/main.yml @@ -193,3 +193,29 @@ manila_notification_topics: enabled: "{{ enable_ceilometer | bool }}" manila_enabled_notification_topics: "{{ manila_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + + +#################### +# Keystone +#################### +manila_ks_services: + - name: "manila" + type: "share" + description: "Openstack Shared Filesystems" + endpoints: + - {'interface': 'admin', 'url': '{{ manila_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ manila_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ manila_public_endpoint }}'} + - name: "manilav2" + type: "sharev2" + description: "Openstack Shared Filesystems" + endpoints: + - {'interface': 'admin', 'url': '{{ manila_v2_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ manila_v2_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ manila_v2_public_endpoint }}'} + +manila_ks_users: + - project: "service" + user: "{{ manila_keystone_user }}" + password: "{{ manila_keystone_password }}" + role: "admin" diff --git a/ansible/roles/manila/tasks/register.yml b/ansible/roles/manila/tasks/register.yml index 944bb52f50..e3fca2540b 100644 --- a/ansible/roles/manila/tasks/register.yml +++ b/ansible/roles/manila/tasks/register.yml @@ -1,39 +1,8 @@ --- -- name: Creating the Manila service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "{{ item.service_name }}" - service_type: "{{ item.service_type }}" - description: "Openstack Shared Filesystems" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_manila_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ manila_admin_endpoint }}', 'service_name': 'manila', 'service_type': 'share'} - - {'interface': 'internal', 'url': '{{ manila_internal_endpoint }}', 'service_name': 'manila', 'service_type': 'share'} - - {'interface': 'public', 'url': '{{ manila_public_endpoint }}', 'service_name': 'manila', 'service_type': 'share'} - - {'interface': 'admin', 'url': '{{ manila_v2_admin_endpoint }}', 'service_name': 'manilav2', 'service_type': 'sharev2'} - - {'interface': 'internal', 'url': '{{ manila_v2_internal_endpoint }}', 'service_name': 'manilav2', 'service_type': 'sharev2'} - - {'interface': 'public', 'url': '{{ manila_v2_public_endpoint }}', 'service_name': 'manilav2', 'service_type': 'sharev2'} - -- name: Creating the Manila project, user and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ manila_keystone_user }}" - password: "{{ manila_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_manila_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_manila_auth }}" + service_ks_register_services: "{{ manila_ks_services }}" + service_ks_register_users: "{{ manila_ks_users }}" + tags: always diff --git a/ansible/roles/masakari/defaults/main.yml b/ansible/roles/masakari/defaults/main.yml index 86032d0d85..7423749e7e 100644 --- a/ansible/roles/masakari/defaults/main.yml +++ b/ansible/roles/masakari/defaults/main.yml @@ -115,3 +115,21 @@ masakari_monitors_git_repository: "{{ kolla_dev_repos_git }}/masakarimonitors" masakari_monitors_dev_repos_pull: "{{ kolla_dev_repos_pull }}" masakari_monitors_dev_mode: "{{ kolla_dev_mode }}" masakari_monitors_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +masakari_ks_services: + - name: "masakari" + type: "instance-ha" + description: "OpenStack High Availability" + endpoints: + - {'interface': 'admin', 'url': '{{ masakari_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ masakari_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ masakari_public_endpoint }}'} + +masakari_ks_users: + - project: "service" + user: "{{ masakari_keystone_user }}" + password: "{{ masakari_keystone_password }}" + role: "admin" diff --git a/ansible/roles/masakari/tasks/register.yml b/ansible/roles/masakari/tasks/register.yml index b74150ab5c..6ee986d95f 100644 --- a/ansible/roles/masakari/tasks/register.yml +++ b/ansible/roles/masakari/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Masakari service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "masakari" - service_type: "instance-ha" - description: "OpenStack High Availability" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_masakari_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ masakari_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ masakari_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ masakari_public_endpoint }}'} - -- name: Creating the Masakari project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ masakari_keystone_user }}" - password: "{{ masakari_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_masakari_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_masakari_auth }}" + service_ks_register_services: "{{ masakari_ks_services }}" + service_ks_register_users: "{{ masakari_ks_users }}" + tags: always diff --git a/ansible/roles/mistral/defaults/main.yml b/ansible/roles/mistral/defaults/main.yml index 3bb98fbe87..b8f0dac904 100644 --- a/ansible/roles/mistral/defaults/main.yml +++ b/ansible/roles/mistral/defaults/main.yml @@ -135,3 +135,21 @@ mistral_notification_topics: enabled: "{{ enable_ceilometer | bool }}" mistral_enabled_notification_topics: "{{ mistral_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +mistral_ks_services: + - name: "mistral" + type: "workflowv2" + description: "Openstack Workflow" + endpoints: + - {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'} + +mistral_ks_users: + - project: "service" + user: "{{ mistral_keystone_user }}" + password: "{{ mistral_keystone_password }}" + role: "admin" diff --git a/ansible/roles/mistral/tasks/register.yml b/ansible/roles/mistral/tasks/register.yml index 8f3217dbc1..76f1640aab 100644 --- a/ansible/roles/mistral/tasks/register.yml +++ b/ansible/roles/mistral/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Mistral service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "mistral" - service_type: "workflowv2" - description: "Openstack Workflow" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_mistral_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'} - -- name: Creating the Mistral project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ mistral_keystone_user }}" - password: "{{ mistral_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_mistral_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_mistral_auth }}" + service_ks_register_services: "{{ mistral_ks_services }}" + service_ks_register_users: "{{ mistral_ks_users }}" + tags: always diff --git a/ansible/roles/monasca/defaults/main.yml b/ansible/roles/monasca/defaults/main.yml index 8cef921835..2fafe8dbed 100644 --- a/ansible/roles/monasca/defaults/main.yml +++ b/ansible/roles/monasca/defaults/main.yml @@ -338,3 +338,32 @@ monasca_log_api_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_ monasca_log_api_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ monasca_log_api_port }}" monasca_logging_debug: "{{ openstack_logging_debug }}" + +#################### +# Keystone +#################### +monasca_ks_services: + - name: "monasca-api" + type: "monitoring" + description: "Monasca monitoring as a service" + endpoints: + - {'interface': 'admin', 'url': '{{ monasca_api_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ monasca_api_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ monasca_api_public_endpoint }}'} + - name: "monasca-log-api" + type: "logging" + description: "Monasca logging as a service" + endpoints: + - {'interface': 'admin', 'url': '{{ monasca_log_api_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ monasca_log_api_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ monasca_log_api_public_endpoint }}'} + +monasca_ks_users: + - project: "service" + user: "{{ monasca_keystone_user }}" + password: "{{ monasca_keystone_password }}" + role: "admin" + - project: "{{ monasca_control_plane_project }}" + user: "{{ monasca_agent_user }}" + password: "{{ monasca_agent_password }}" + role: "{{ monasca_agent_authorized_roles | first }}" diff --git a/ansible/roles/monasca/tasks/register.yml b/ansible/roles/monasca/tasks/register.yml index f6db499ddd..538f5ca26e 100644 --- a/ansible/roles/monasca/tasks/register.yml +++ b/ansible/roles/monasca/tasks/register.yml @@ -1,60 +1,12 @@ --- -- name: Creating monasca-api service and endpoints - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "monasca-api" - service_type: "monitoring" - description: "Monasca monitoring as a service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ monasca_openstack_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ monasca_api_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ monasca_api_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ monasca_api_public_endpoint }}'} +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ monasca_openstack_auth }}" + service_ks_register_services: "{{ monasca_ks_services }}" + service_ks_register_users: "{{ monasca_ks_users }}" + tags: always -- name: Creating monasca-log-api service and endpoints - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "monasca-log-api" - service_type: "logging" - description: "Monasca logging as a service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ monasca_openstack_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ monasca_log_api_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ monasca_log_api_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ monasca_log_api_public_endpoint }}'} - -- name: Creating the monasca keystone user - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ monasca_keystone_user }}" - password: "{{ monasca_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ monasca_openstack_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - name: Creating monasca roles become: true @@ -72,18 +24,3 @@ - "{{ monasca_agent_authorized_roles }}" - "{{ monasca_read_only_authorized_roles }}" - "{{ monasca_delegate_authorized_roles }}" - -- name: Creating the monasca agent user - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "{{ monasca_control_plane_project }}" - user: "{{ monasca_agent_user }}" - password: "{{ monasca_agent_password }}" - role: "{{ monasca_agent_authorized_roles | first }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ monasca_openstack_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True diff --git a/ansible/roles/murano/defaults/main.yml b/ansible/roles/murano/defaults/main.yml index f19a5c74e3..11ad0d1ac4 100644 --- a/ansible/roles/murano/defaults/main.yml +++ b/ansible/roles/murano/defaults/main.yml @@ -98,3 +98,21 @@ murano_notification_topics: enabled: "{{ enable_ceilometer | bool }}" murano_enabled_notification_topics: "{{ murano_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +murano_ks_services: + - name: "murano" + type: "application-catalog" + description: "Openstack Application Catalogue" + endpoints: + - {'interface': 'admin', 'url': '{{ murano_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ murano_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ murano_public_endpoint }}'} + +murano_ks_users: + - project: "service" + user: "{{ murano_keystone_user }}" + password: "{{ murano_keystone_password }}" + role: "admin" diff --git a/ansible/roles/murano/tasks/register.yml b/ansible/roles/murano/tasks/register.yml index 2068a1843c..f27831dc21 100644 --- a/ansible/roles/murano/tasks/register.yml +++ b/ansible/roles/murano/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Murano service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "murano" - service_type: "application-catalog" - description: "Openstack Application Catalogue" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_murano_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ murano_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ murano_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ murano_public_endpoint }}'} - -- name: Creating the Murano project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ murano_keystone_user }}" - password: "{{ murano_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_murano_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_murano_auth }}" + service_ks_register_services: "{{ murano_ks_services }}" + service_ks_register_users: "{{ murano_ks_users }}" + tags: always diff --git a/ansible/roles/neutron/defaults/main.yml b/ansible/roles/neutron/defaults/main.yml index 6ca263b5ad..512da44a41 100644 --- a/ansible/roles/neutron/defaults/main.yml +++ b/ansible/roles/neutron/defaults/main.yml @@ -488,3 +488,21 @@ neutron_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" neutron_dev_repos_pull: "{{ kolla_dev_repos_pull }}" neutron_dev_mode: "{{ kolla_dev_mode }}" neutron_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +neutron_ks_services: + - name: "neutron" + type: "network" + description: "Openstack Networking" + endpoints: + - {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ neutron_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ neutron_public_endpoint }}'} + +neutron_ks_users: + - project: "service" + user: "{{ neutron_keystone_user }}" + password: "{{ neutron_keystone_password }}" + role: "admin" diff --git a/ansible/roles/neutron/tasks/register.yml b/ansible/roles/neutron/tasks/register.yml index dc575d9ba5..5495698084 100644 --- a/ansible/roles/neutron/tasks/register.yml +++ b/ansible/roles/neutron/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Neutron service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "neutron" - service_type: "network" - description: "Openstack Networking" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_neutron_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ neutron_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ neutron_public_endpoint }}'} - -- name: Creating the Neutron project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ neutron_keystone_user }}" - password: "{{ neutron_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_neutron_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_neutron_auth }}" + service_ks_register_services: "{{ neutron_ks_services }}" + service_ks_register_users: "{{ neutron_ks_users }}" + tags: always diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml index b805c36934..dab5ad4453 100644 --- a/ansible/roles/nova/defaults/main.yml +++ b/ansible/roles/nova/defaults/main.yml @@ -384,6 +384,31 @@ nova_services_require_nova_conf: # around 10 seconds, but the default is 30 to allow room for slowness. nova_compute_startup_delay: 30 +#################### +# Keystone +#################### +nova_ks_services: + - name: "nova_legacy" + type: "compute_legacy" + description: "OpenStack Compute Service (Legacy 2.0)" + endpoints: + - {'interface': 'admin', 'url': '{{ nova_legacy_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ nova_legacy_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ nova_legacy_public_endpoint }}'} + - name: "nova" + type: "compute" + description: "OpenStack Compute Service" + endpoints: + - {'interface': 'admin', 'url': '{{ nova_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ nova_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ nova_public_endpoint }}'} + +nova_ks_users: + - project: "service" + user: "{{ nova_keystone_user }}" + password: "{{ nova_keystone_password }}" + role: "admin" + #################### # Notification #################### diff --git a/ansible/roles/nova/tasks/register.yml b/ansible/roles/nova/tasks/register.yml index b80ff579d8..a6ed79ffb1 100644 --- a/ansible/roles/nova/tasks/register.yml +++ b/ansible/roles/nova/tasks/register.yml @@ -1,39 +1,8 @@ --- -- name: Creating the Nova service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "{{ item.name }}" - service_type: "{{ item.service_type }}" - description: "{{ item.description }}" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_nova_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'name': 'nova_legacy', 'service_type': 'compute_legacy', 'interface': 'admin', 'url': '{{ nova_legacy_admin_endpoint }}', 'description': 'OpenStack Compute Service (Legacy 2.0)'} - - {'name': 'nova_legacy', 'service_type': 'compute_legacy', 'interface': 'internal', 'url': '{{ nova_legacy_internal_endpoint }}', 'description': 'OpenStack Compute Service (Legacy 2.0)'} - - {'name': 'nova_legacy', 'service_type': 'compute_legacy', 'interface': 'public', 'url': '{{ nova_legacy_public_endpoint }}', 'description': 'OpenStack Compute Service (Legacy 2.0)'} - - {'name': 'nova', 'service_type': 'compute', 'interface': 'admin', 'url': '{{ nova_admin_endpoint }}', 'description': 'OpenStack Compute Service'} - - {'name': 'nova', 'service_type': 'compute', 'interface': 'internal', 'url': '{{ nova_internal_endpoint }}', 'description': 'OpenStack Compute Service'} - - {'name': 'nova', 'service_type': 'compute', 'interface': 'public', 'url': '{{ nova_public_endpoint }}', 'description': 'OpenStack Compute Service'} - -- name: Creating the Nova project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ nova_keystone_user }}" - password: "{{ nova_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_nova_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_nova_auth }}" + service_ks_register_services: "{{ nova_ks_services }}" + service_ks_register_users: "{{ nova_ks_users }}" + tags: always diff --git a/ansible/roles/octavia/defaults/main.yml b/ansible/roles/octavia/defaults/main.yml index 984f990fca..deae689dbd 100644 --- a/ansible/roles/octavia/defaults/main.yml +++ b/ansible/roles/octavia/defaults/main.yml @@ -120,3 +120,21 @@ octavia_logging_debug: "{{ openstack_logging_debug }}" octavia_keystone_user: "octavia" openstack_octavia_auth: "{{ openstack_auth }}" + +#################### +# Keystone +#################### +octavia_ks_services: + - name: "octavia" + type: "load-balancer" + description: "Octavia Load Balancing Service" + endpoints: + - {'interface': 'admin', 'url': '{{ octavia_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ octavia_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ octavia_public_endpoint }}'} + +octavia_ks_users: + - project: "service" + user: "{{ octavia_keystone_user }}" + password: "{{ octavia_keystone_password }}" + role: "admin" diff --git a/ansible/roles/octavia/tasks/register.yml b/ansible/roles/octavia/tasks/register.yml index cefead8ca5..7078006e05 100644 --- a/ansible/roles/octavia/tasks/register.yml +++ b/ansible/roles/octavia/tasks/register.yml @@ -1,39 +1,11 @@ --- -- name: Creating the Octavia service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "octavia" - service_type: "load-balancer" - description: "Octavia Load Balancing Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_octavia_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ octavia_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ octavia_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ octavia_public_endpoint }}'} - -- name: Creating the Octavia project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ octavia_keystone_user }}" - password: "{{ octavia_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_octavia_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_octavia_auth }}" + service_ks_register_services: "{{ octavia_ks_services }}" + service_ks_register_users: "{{ octavia_ks_users }}" + tags: always - name: Adding octavia user into admin project become: true diff --git a/ansible/roles/panko/defaults/main.yml b/ansible/roles/panko/defaults/main.yml index fca49b54e3..2716ce0b4e 100644 --- a/ansible/roles/panko/defaults/main.yml +++ b/ansible/roles/panko/defaults/main.yml @@ -58,3 +58,21 @@ panko_logging_debug: "{{ openstack_logging_debug }}" panko_keystone_user: "panko" openstack_panko_auth: "{{ openstack_auth }}" + +#################### +# Keystone +#################### +panko_ks_services: + - name: "panko" + type: "event" + description: "Panko Service" + endpoints: + - {'interface': 'admin', 'url': '{{ panko_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ panko_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ panko_public_endpoint }}'} + +panko_ks_users: + - project: "service" + user: "{{ panko_keystone_user }}" + password: "{{ panko_keystone_password }}" + role: "admin" diff --git a/ansible/roles/panko/tasks/register.yml b/ansible/roles/panko/tasks/register.yml index 115bbee835..75a881c5d0 100644 --- a/ansible/roles/panko/tasks/register.yml +++ b/ansible/roles/panko/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the panko service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "panko" - service_type: "event" - description: "Panko Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_panko_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ panko_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ panko_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ panko_public_endpoint }}'} - -- name: Creating the panko project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ panko_keystone_user }}" - password: "{{ panko_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_panko_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_panko_auth }}" + service_ks_register_services: "{{ panko_ks_services }}" + service_ks_register_users: "{{ panko_ks_users }}" + tags: always diff --git a/ansible/roles/placement/defaults/main.yml b/ansible/roles/placement/defaults/main.yml index bcc583124a..194661956c 100644 --- a/ansible/roles/placement/defaults/main.yml +++ b/ansible/roles/placement/defaults/main.yml @@ -89,3 +89,21 @@ nova_api_database_name: "nova_api" nova_api_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova_api{% endif %}" nova_api_database_host: "{{ database_address }}" placement_database_host: "{{ database_address }}" + +#################### +# Keystone +#################### +placement_ks_services: + - name: "placement" + type: "placement" + description: "Placement Service" + endpoints: + - {'interface': 'admin', 'url': '{{ placement_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ placement_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ placement_public_endpoint }}'} + +placement_ks_users: + - project: "service" + user: "{{ placement_keystone_user }}" + password: "{{ placement_keystone_password }}" + role: "admin" diff --git a/ansible/roles/placement/tasks/register.yml b/ansible/roles/placement/tasks/register.yml index ab0678511c..b136c729d7 100644 --- a/ansible/roles/placement/tasks/register.yml +++ b/ansible/roles/placement/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the placement service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "{{ item.name }}" - service_type: "{{ item.service_type }}" - description: "{{ item.description }}" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_placement_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'name': 'placement', 'service_type': 'placement', 'interface': 'admin', 'url': '{{ placement_admin_endpoint }}', 'description': 'Placement Service'} - - {'name': 'placement', 'service_type': 'placement', 'interface': 'internal', 'url': '{{ placement_internal_endpoint }}', 'description': 'Placement Service'} - - {'name': 'placement', 'service_type': 'placement', 'interface': 'public', 'url': '{{ placement_public_endpoint }}', 'description': 'Placement Service'} - -- name: Creating the placement project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ placement_keystone_user }}" - password: "{{ placement_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_placement_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_placement_auth }}" + service_ks_register_services: "{{ placement_ks_services }}" + service_ks_register_users: "{{ placement_ks_users }}" + tags: always diff --git a/ansible/roles/qinling/defaults/main.yml b/ansible/roles/qinling/defaults/main.yml index dc4a673025..bf626b6d0d 100644 --- a/ansible/roles/qinling/defaults/main.yml +++ b/ansible/roles/qinling/defaults/main.yml @@ -91,3 +91,21 @@ qinling_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" qinling_dev_repos_pull: "{{ kolla_dev_repos_pull }}" qinling_dev_mode: "{{ kolla_dev_mode }}" qinling_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +qinling_ks_services: + - name: "qinling" + type: "function-engine" + description: "Function Service" + endpoints: + - {'interface': 'admin', 'url': '{{ qinling_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ qinling_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ qinling_public_endpoint }}'} + +qinling_ks_users: + - project: "service" + user: "{{ qinling_keystone_user }}" + password: "{{ qinling_keystone_password }}" + role: "admin" diff --git a/ansible/roles/qinling/tasks/register.yml b/ansible/roles/qinling/tasks/register.yml index fc2ca0428a..661fcc79a6 100644 --- a/ansible/roles/qinling/tasks/register.yml +++ b/ansible/roles/qinling/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Qinling service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "qinling" - service_type: "function-engine" - description: "Function Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_qinling_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ qinling_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ qinling_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ qinling_public_endpoint }}'} - -- name: Creating the Qinling project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ qinling_keystone_user }}" - password: "{{ qinling_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_qinling_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_qinling_auth }}" + service_ks_register_services: "{{ qinling_ks_services }}" + service_ks_register_users: "{{ qinling_ks_users }}" + tags: always diff --git a/ansible/roles/sahara/defaults/main.yml b/ansible/roles/sahara/defaults/main.yml index 6080e7c53d..89c094cc69 100644 --- a/ansible/roles/sahara/defaults/main.yml +++ b/ansible/roles/sahara/defaults/main.yml @@ -103,3 +103,21 @@ sahara_notification_topics: enabled: "{{ enable_ceilometer | bool }}" sahara_enabled_notification_topics: "{{ sahara_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +sahara_ks_services: + - name: "sahara" + type: "data-processing" + description: "Sahara Data Processing" + endpoints: + - {'interface': 'admin', 'url': '{{ sahara_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ sahara_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ sahara_public_endpoint }}'} + +sahara_ks_users: + - project: "service" + user: "{{ sahara_keystone_user }}" + password: "{{ sahara_keystone_password }}" + role: "admin" diff --git a/ansible/roles/sahara/tasks/register.yml b/ansible/roles/sahara/tasks/register.yml index c4624d9f4f..8492e9d550 100644 --- a/ansible/roles/sahara/tasks/register.yml +++ b/ansible/roles/sahara/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Sahara service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "sahara" - service_type: "data-processing" - description: "Sahara Data Processing" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_sahara_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ sahara_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ sahara_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ sahara_public_endpoint }}'} - -- name: Creating the Sahara project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ sahara_keystone_user }}" - password: "{{ sahara_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_sahara_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_sahara_auth }}" + service_ks_register_services: "{{ sahara_ks_services }}" + service_ks_register_users: "{{ sahara_ks_users }}" + tags: always diff --git a/ansible/roles/searchlight/defaults/main.yml b/ansible/roles/searchlight/defaults/main.yml index bb063ef7b8..cf5f62f994 100644 --- a/ansible/roles/searchlight/defaults/main.yml +++ b/ansible/roles/searchlight/defaults/main.yml @@ -85,3 +85,21 @@ searchlight_notification_topics: enabled: "{{ enable_ceilometer | bool }}" searchlight_enabled_notification_topics: "{{ searchlight_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +searchlight_ks_services: + - name: "searchlight" + type: "search" + description: "Openstack Index Service" + endpoints: + - {'interface': 'admin', 'url': '{{ searchlight_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ searchlight_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ searchlight_public_endpoint }}'} + +searchlight_ks_users: + - project: "service" + user: "{{ searchlight_keystone_user }}" + password: "{{ searchlight_keystone_password }}" + role: "admin" diff --git a/ansible/roles/searchlight/tasks/register.yml b/ansible/roles/searchlight/tasks/register.yml index d227ebe138..9613cb5ed3 100644 --- a/ansible/roles/searchlight/tasks/register.yml +++ b/ansible/roles/searchlight/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Searchlight service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "searchlight" - service_type: "search" - description: "Openstack Index Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_searchlight_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ searchlight_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ searchlight_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ searchlight_public_endpoint }}'} - -- name: Creating the Searchlight project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ searchlight_keystone_user }}" - password: "{{ searchlight_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_searchlight_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_searchlight_auth }}" + service_ks_register_services: "{{ searchlight_ks_services }}" + service_ks_register_users: "{{ searchlight_ks_users }}" + tags: always diff --git a/ansible/roles/senlin/defaults/main.yml b/ansible/roles/senlin/defaults/main.yml index f93b3d673f..2b6d972e2f 100644 --- a/ansible/roles/senlin/defaults/main.yml +++ b/ansible/roles/senlin/defaults/main.yml @@ -101,3 +101,21 @@ senlin_notification_topics: enabled: "{{ enable_ceilometer | bool }}" senlin_enabled_notification_topics: "{{ senlin_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +senlin_ks_services: + - name: "senlin" + type: "clustering" + description: "Senlin Clustering Service" + endpoints: + - {'interface': 'admin', 'url': '{{ senlin_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ senlin_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ senlin_public_endpoint }}'} + +senlin_ks_users: + - project: "service" + user: "{{ senlin_keystone_user }}" + password: "{{ senlin_keystone_password }}" + role: "admin" diff --git a/ansible/roles/senlin/tasks/register.yml b/ansible/roles/senlin/tasks/register.yml index 8b22b84011..21267ea342 100644 --- a/ansible/roles/senlin/tasks/register.yml +++ b/ansible/roles/senlin/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Senlin service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "senlin" - service_type: "clustering" - description: "Senlin Clustering Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_senlin_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ senlin_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ senlin_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ senlin_public_endpoint }}'} - -- name: Creating the Senlin project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ senlin_keystone_user }}" - password: "{{ senlin_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_senlin_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_senlin_auth }}" + service_ks_register_services: "{{ senlin_ks_services }}" + service_ks_register_users: "{{ senlin_ks_users }}" + tags: always diff --git a/ansible/roles/service-ks-register/defaults/main.yml b/ansible/roles/service-ks-register/defaults/main.yml new file mode 100644 index 0000000000..c576091a6c --- /dev/null +++ b/ansible/roles/service-ks-register/defaults/main.yml @@ -0,0 +1,14 @@ +--- +service_ks_register_region_name: "{{ openstack_region_name }}" +service_ks_register_auth: {} +service_ks_cacert: "{{ openstack_cacert }}" +service_ks_register_interface: "{{ openstack_interface }}" +service_ks_register_endpoint_region: "{{ openstack_region_name }}" +service_ks_register_domain: "default" +service_ks_register_delegate_host: "{{ groups['control'][0] }}" +# A list of services to register with Keystone. Each service definition should +# provide a description, service type, and a list of associated endpoints to be +# registered. +service_ks_register_services: [] +# A list of users and associated roles for this service to register with Keystone +service_ks_register_users: [] diff --git a/ansible/roles/service-ks-register/tasks/main.yml b/ansible/roles/service-ks-register/tasks/main.yml new file mode 100644 index 0000000000..a11da103ae --- /dev/null +++ b/ansible/roles/service-ks-register/tasks/main.yml @@ -0,0 +1,107 @@ +--- +- name: Creating the {{ project_name }} service + become: true + kolla_toolbox: + module_name: "os_keystone_service" + module_args: + name: "{{ item.name }}" + service_type: "{{ item.type }}" + description: "{{ item.description }}" + region_name: "{{ service_ks_register_region_name }}" + auth: "{{ service_ks_register_auth }}" + interface: "{{ service_ks_register_interface }}" + cacert: "{{ service_ks_cacert }}" + run_once: True + loop: "{{ service_ks_register_services }}" + delegate_to: "{{ service_ks_register_delegate_host }}" + +- name: Creating the {{ project_name }} endpoints + become: true + kolla_toolbox: + module_name: "os_keystone_endpoint" + module_args: + service: "{{ item.0.name }}" + url: "{{ item.1.url }}" + endpoint_interface: "{{ item.1.interface }}" + region: "{{ service_ks_register_endpoint_region }}" + region_name: "{{ service_ks_register_region_name }}" + auth: "{{ service_ks_register_auth }}" + interface: "{{ service_ks_register_interface }}" + cacert: "{{ service_ks_cacert }}" + run_once: True + with_subelements: + - "{{ service_ks_register_services }}" + - endpoints + delegate_to: "{{ service_ks_register_delegate_host }}" + +- name: Creating the {{ project_name }} service project + become: true + kolla_toolbox: + module_name: "os_project" + module_args: + name: "{{ item }}" + domain: "{{ service_ks_register_domain }}" + region_name: "{{ service_ks_register_region_name }}" + auth: "{{ service_ks_register_auth }}" + interface: "{{ service_ks_register_interface }}" + cacert: "{{ service_ks_cacert }}" + run_once: True + with_items: "{{ service_ks_register_users | map(attribute='project') | unique | list }}" + delegate_to: "{{ service_ks_register_delegate_host }}" + +- name: Creating the {{ project_name }} service users + become: true + kolla_toolbox: + module_name: "os_user" + module_args: + default_project: "{{ item.project }}" + name: "{{ item.user }}" + password: "{{ item.password }}" + domain: "{{ service_ks_register_domain }}" + region_name: "{{ service_ks_register_region_name }}" + auth: "{{ service_ks_register_auth }}" + interface: "{{ service_ks_register_interface }}" + cacert: "{{ service_ks_cacert }}" + run_once: True + with_items: "{{ service_ks_register_users }}" + delegate_to: "{{ service_ks_register_delegate_host }}" + loop_control: + label: + user: "{{ item.user }}" + project: "{{ item.project }}" + +- name: Creating the {{ project_name }} service roles + become: true + kolla_toolbox: + module_name: "os_keystone_role" + module_args: + name: "{{ item }}" + region_name: "{{ service_ks_register_region_name }}" + auth: "{{ service_ks_register_auth }}" + interface: "{{ service_ks_register_interface }}" + cacert: "{{ service_ks_cacert }}" + run_once: True + with_items: "{{ service_ks_register_users | map(attribute='role') | unique | list }}" + delegate_to: "{{ service_ks_register_delegate_host }}" + +- name: Granting the {{ project_name }} service user roles + become: true + kolla_toolbox: + module_name: "os_user_role" + module_args: + user: "{{ item.user }}" + role: "{{ item.role }}" + project: "{{ item.project }}" + domain: "{{ service_ks_register_domain }}" + region_name: "{{ service_ks_register_region_name }}" + auth: "{{ service_ks_register_auth }}" + interface: "{{ service_ks_register_interface }}" + cacert: "{{ service_ks_cacert }}" + run_once: True + with_items: "{{ service_ks_register_users }}" + delegate_to: "{{ service_ks_register_delegate_host }}" + loop_control: + label: + user: "{{ item.user }}" + role: "{{ item.role }}" + project: "{{ item.project }}" diff --git a/ansible/roles/solum/defaults/main.yml b/ansible/roles/solum/defaults/main.yml index 6bbb337a28..a74a82e135 100644 --- a/ansible/roles/solum/defaults/main.yml +++ b/ansible/roles/solum/defaults/main.yml @@ -143,3 +143,28 @@ solum_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" solum_dev_repos_pull: "{{ kolla_dev_repos_pull }}" solum_dev_mode: "{{ kolla_dev_mode }}" solum_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +solum_ks_services: + - name: "solum_image_builder" + type: "image_builder" + description: "Openstack Solum Image Builder" + endpoints: + - {'interface': 'admin', 'url': '{{ solum_image_builder_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ solum_image_builder_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ solum_image_builder_public_endpoint }}'} + - name: "solum_application_deployment" + type: "application_deployment" + description: "Openstack Solum Application Deployment" + endpoints: + - {'interface': 'admin', 'url': '{{ solum_application_deployment_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ solum_application_deployment_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ solum_application_deployment_public_endpoint }}'} + +solum_ks_users: + - project: "service" + user: "{{ solum_keystone_user }}" + password: "{{ solum_keystone_password }}" + role: "admin" diff --git a/ansible/roles/solum/tasks/register.yml b/ansible/roles/solum/tasks/register.yml index 9ed1bb5039..3fd4b0f7e3 100644 --- a/ansible/roles/solum/tasks/register.yml +++ b/ansible/roles/solum/tasks/register.yml @@ -1,57 +1,8 @@ --- -- name: Creating the Solum image builder service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "solum_image_builder" - service_type: "image_builder" - description: "Openstack Solum Image Builder" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_solum_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ solum_image_builder_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ solum_image_builder_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ solum_image_builder_public_endpoint }}'} - -- name: Creating the Solum application deployment service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "solum_application_deployment" - service_type: "application_deployment" - description: "Openstack Solum Application Deployment" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_solum_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ solum_application_deployment_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ solum_application_deployment_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ solum_application_deployment_public_endpoint }}'} - -- name: Creating the Solum project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ solum_keystone_user }}" - password: "{{ solum_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_solum_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_solum_auth }}" + service_ks_register_services: "{{ solum_ks_services }}" + service_ks_register_users: "{{ solum_ks_users }}" + tags: always diff --git a/ansible/roles/swift/defaults/main.yml b/ansible/roles/swift/defaults/main.yml index 427dd1d52a..96ab2093e5 100644 --- a/ansible/roles/swift/defaults/main.yml +++ b/ansible/roles/swift/defaults/main.yml @@ -77,3 +77,21 @@ syslog_server: "{{ api_interface_address }}" syslog_swift_facility: "local0" swift_enable_rolling_upgrade: "yes" + +#################### +# Keystone +#################### +swift_ks_services: + - name: "swift" + type: "object-store" + description: "Openstack Object Storage" + endpoints: + - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'} + +swift_ks_users: + - project: "service" + user: "{{ swift_keystone_user }}" + password: "{{ swift_keystone_password }}" + role: "admin" diff --git a/ansible/roles/swift/tasks/register.yml b/ansible/roles/swift/tasks/register.yml index b6c709cb53..e17de92986 100644 --- a/ansible/roles/swift/tasks/register.yml +++ b/ansible/roles/swift/tasks/register.yml @@ -1,39 +1,11 @@ --- -- name: Creating the Swift service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "swift" - service_type: "object-store" - description: "Openstack Object Storage" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_swift_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ swift_public_endpoint }}'} - -- name: Creating the Swift project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ swift_keystone_user }}" - password: "{{ swift_keystone_password }}" - role: "{{ swift_admin_tenant_name }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_swift_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_swift_auth }}" + service_ks_register_services: "{{ swift_ks_services }}" + service_ks_register_users: "{{ swift_ks_users }}" + tags: always - name: Creating the ResellerAdmin role become: true diff --git a/ansible/roles/tacker/defaults/main.yml b/ansible/roles/tacker/defaults/main.yml index d1e2d79d90..4341145f1e 100644 --- a/ansible/roles/tacker/defaults/main.yml +++ b/ansible/roles/tacker/defaults/main.yml @@ -96,3 +96,21 @@ tacker_notification_topics: enabled: "{{ enable_ceilometer | bool }}" tacker_enabled_notification_topics: "{{ tacker_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +tacker_ks_services: + - name: "tacker" + type: "nfv-orchestration" + description: "Tacker Service" + endpoints: + - {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ tacker_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ tacker_public_endpoint }}'} + +tacker_ks_users: + - project: "service" + user: "{{ tacker_keystone_user }}" + password: "{{ tacker_keystone_password }}" + role: "admin" diff --git a/ansible/roles/tacker/tasks/register.yml b/ansible/roles/tacker/tasks/register.yml index f8336d11bb..8ae3eb36c2 100644 --- a/ansible/roles/tacker/tasks/register.yml +++ b/ansible/roles/tacker/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Tacker service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "tacker" - service_type: "nfv-orchestration" - description: "Tacker Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_tacker_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ tacker_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ tacker_public_endpoint }}'} - -- name: Creating the Tacker project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ tacker_keystone_user }}" - password: "{{ tacker_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_tacker_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_tacker_auth }}" + service_ks_register_services: "{{ tacker_ks_services }}" + service_ks_register_users: "{{ tacker_ks_users }}" + tags: always diff --git a/ansible/roles/trove/defaults/main.yml b/ansible/roles/trove/defaults/main.yml index 5211cd7393..4e001d9e4e 100644 --- a/ansible/roles/trove/defaults/main.yml +++ b/ansible/roles/trove/defaults/main.yml @@ -120,3 +120,21 @@ trove_notification_topics: enabled: "{{ enable_ceilometer | bool }}" trove_enabled_notification_topics: "{{ trove_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +trove_ks_services: + - name: "trove" + type: "database" + description: "Trove Database Service" + endpoints: + - {'interface': 'admin', 'url': '{{ trove_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ trove_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ trove_public_endpoint }}'} + +trove_ks_users: + - project: "service" + user: "{{ trove_keystone_user }}" + password: "{{ trove_keystone_password }}" + role: "admin" diff --git a/ansible/roles/trove/tasks/register.yml b/ansible/roles/trove/tasks/register.yml index 996e0c7529..21d8b6d67d 100644 --- a/ansible/roles/trove/tasks/register.yml +++ b/ansible/roles/trove/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Trove service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "trove" - service_type: "database" - description: "Trove Database Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_trove_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ trove_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ trove_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ trove_public_endpoint }}'} - -- name: Creating the Trove project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ trove_keystone_user }}" - password: "{{ trove_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_trove_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_trove_auth }}" + service_ks_register_services: "{{ trove_ks_services }}" + service_ks_register_users: "{{ trove_ks_users }}" + tags: always diff --git a/ansible/roles/vitrage/defaults/main.yml b/ansible/roles/vitrage/defaults/main.yml index 3dd012f197..423ef1226b 100644 --- a/ansible/roles/vitrage/defaults/main.yml +++ b/ansible/roles/vitrage/defaults/main.yml @@ -171,3 +171,21 @@ vitrage_notification_topics: enabled: True vitrage_enabled_notification_topics: "{{ vitrage_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +vitrage_ks_services: + - name: "vitrage" + type: "rca" + description: "Root Cause Analysis Service" + endpoints: + - {'interface': 'admin', 'url': '{{ vitrage_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ vitrage_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ vitrage_public_endpoint }}'} + +vitrage_ks_users: + - project: "service" + user: "{{ vitrage_keystone_user }}" + password: "{{ vitrage_keystone_password }}" + role: "admin" diff --git a/ansible/roles/vitrage/tasks/register.yml b/ansible/roles/vitrage/tasks/register.yml index 53afab62ad..936e8c6c0f 100644 --- a/ansible/roles/vitrage/tasks/register.yml +++ b/ansible/roles/vitrage/tasks/register.yml @@ -1,39 +1,11 @@ --- -- name: Creating the Vitrage service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "vitrage" - service_type: "rca" - description: "Root Cause Analysis Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_vitrage_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ vitrage_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ vitrage_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ vitrage_public_endpoint }}'} - -- name: Creating the Vitrage project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ vitrage_keystone_user }}" - password: "{{ vitrage_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_vitrage_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_vitrage_auth }}" + service_ks_register_services: "{{ vitrage_ks_services }}" + service_ks_register_users: "{{ vitrage_ks_users }}" + tags: always - name: Adding vitrage user into admin project become: true diff --git a/ansible/roles/watcher/defaults/main.yml b/ansible/roles/watcher/defaults/main.yml index 5a764739b0..9e4db9844e 100644 --- a/ansible/roles/watcher/defaults/main.yml +++ b/ansible/roles/watcher/defaults/main.yml @@ -118,3 +118,21 @@ watcher_notification_topics: enabled: "{{ enable_ceilometer | bool }}" watcher_enabled_notification_topics: "{{ watcher_notification_topics | selectattr('enabled', 'equalto', true) | list }}" + +#################### +# Keystone +#################### +watcher_ks_services: + - name: "watcher" + type: "infra-optim" + description: "Infrastructure Optimization service" + endpoints: + - {'interface': 'admin', 'url': '{{ watcher_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ watcher_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ watcher_public_endpoint }}'} + +watcher_ks_users: + - project: "service" + user: "{{ watcher_keystone_user }}" + password: "{{ watcher_keystone_password }}" + role: "admin" diff --git a/ansible/roles/watcher/tasks/register.yml b/ansible/roles/watcher/tasks/register.yml index 619aab4514..be1fe0c113 100644 --- a/ansible/roles/watcher/tasks/register.yml +++ b/ansible/roles/watcher/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Watcher service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "watcher" - service_type: "infra-optim" - description: "Infrastructure Optimization service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_watcher_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ watcher_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ watcher_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ watcher_public_endpoint }}'} - -- name: Creating the Watcher project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ watcher_keystone_user }}" - password: "{{ watcher_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_watcher_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_watcher_auth }}" + service_ks_register_services: "{{ watcher_ks_services }}" + service_ks_register_users: "{{ watcher_ks_users }}" + tags: always diff --git a/ansible/roles/zun/defaults/main.yml b/ansible/roles/zun/defaults/main.yml index 4ed55c6bb3..3a4a62b6e5 100644 --- a/ansible/roles/zun/defaults/main.yml +++ b/ansible/roles/zun/defaults/main.yml @@ -122,3 +122,21 @@ zun_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}" zun_dev_repos_pull: "{{ kolla_dev_repos_pull }}" zun_dev_mode: "{{ kolla_dev_mode }}" zun_source_version: "{{ kolla_source_version }}" + +#################### +# Keystone +#################### +zun_ks_services: + - name: "zun" + type: "container" + description: "Container Service" + endpoints: + - {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'} + - {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'} + - {'interface': 'public', 'url': '{{ zun_public_endpoint }}'} + +zun_ks_users: + - project: "service" + user: "{{ zun_keystone_user }}" + password: "{{ zun_keystone_password }}" + role: "admin" diff --git a/ansible/roles/zun/tasks/register.yml b/ansible/roles/zun/tasks/register.yml index c5d402b38f..207ce21da7 100644 --- a/ansible/roles/zun/tasks/register.yml +++ b/ansible/roles/zun/tasks/register.yml @@ -1,36 +1,8 @@ --- -- name: Creating the Zun service and endpoint - become: true - kolla_toolbox: - module_name: "kolla_keystone_service" - module_args: - service_name: "zun" - service_type: "container" - description: "Container Service" - endpoint_region: "{{ openstack_region_name }}" - url: "{{ item.url }}" - interface: "{{ item.interface }}" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_zun_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True - with_items: - - {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'} - - {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'} - - {'interface': 'public', 'url': '{{ zun_public_endpoint }}'} - -- name: Creating the Zun project, user, and role - become: true - kolla_toolbox: - module_name: "kolla_keystone_user" - module_args: - project: "service" - user: "{{ zun_keystone_user }}" - password: "{{ zun_keystone_password }}" - role: "admin" - region_name: "{{ openstack_region_name }}" - auth: "{{ openstack_zun_auth }}" - endpoint_type: "{{ openstack_interface }}" - cacert: "{{ openstack_cacert }}" - run_once: True +- import_role: + name: service-ks-register + vars: + service_ks_register_auth: "{{ openstack_zun_auth }}" + service_ks_register_services: "{{ zun_ks_services }}" + service_ks_register_users: "{{ zun_ks_users }}" + tags: always