openstack/openstack-ansible-os_swift
Code Issues Proposed changes
5521ce66e7
openstack-ansible-os_swift/tasks/swift_service_setup.yml
Kevin Carter 77f6ab08b0 Enable SSL termination for all services 
This change makes it so that all services are expecting SSL termination
at the load balancer by default. This is more indicative of how a real
world deployment will be setup and is being added such that we can test
a more production like deployment system by default.

The AIO will now terminate SSL in HAProxy using a self-signed cert.

Change-Id: I6273ffa453b4e5eb8a33767974d390a126296c47
Re-Implementation-Of: https://review.openstack.org/#/c/277199/9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-03-03 10:46:36 -06:00

187 lines
5.5 KiB
YAML
Raw Blame History

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Create a service
- name: Ensure swift service
keystone:
command: "ensure_service"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
description: "{{ swift_service_description }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 2
tags:
- swift-api-setup
- swift-service-add
- swift-setup
# Create an admin user
- name: Ensure swift user
keystone:
command: "ensure_user"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ swift_service_user_name }}"
tenant_name: "{{ swift_service_project_name }}"
password: "{{ swift_service_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- swift-api-setup
- swift-service-add
- swift-setup
# Add a role to the user
- name: Ensure swift user to admin role
keystone:
command: "ensure_user_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ swift_service_user_name }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_service_role_name }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- swift-api-setup
- swift-service-add
- swift-setup
- name: Ensure swiftoperator role
keystone:
command: "ensure_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- swift-api-setup
- swift-service-add
- swift-setup
- name: "Create keystone user for swift-dispersion"
keystone:
command: "ensure_user"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
password: "{{ swift_dispersion_password }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
when: not swift_service_in_ldap | bool
until: add_service|success
retries: 5
delay: 10
tags:
- swift-api-setup
- swift-service-add
- swift-setup
- name: "Create keystone role for ResellerAdmin"
keystone:
command: "ensure_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
role_name: "ResellerAdmin"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_role
until: add_role|success
retries: 5
delay: 10
when: swift_ceilometer_enabled
tags:
- swift-ceilometer-setup
- swift-ceilometer-role
- name: "Add ResellerAdmin role to the service tenant and ceilometer user"
keystone:
command: "ensure_user_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ ceilometer_service_user_name }}"
tenant_name: "{{ ceilometer_service_tenant_name }}"
role_name: "{{ swift_reselleradmin_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: ensure_role
until: ensure_role|success
retries: 5
delay: 10
when: swift_ceilometer_enabled
tags:
- swift-ceilometer-setup
- swift-ceilometer-role
- name: "Add swiftoperator role to swift-dispersion user"
keystone:
command: "ensure_user_role"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
user_name: "{{ swift_dispersion_user }}"
tenant_name: "{{ swift_service_project_name }}"
role_name: "{{ swift_operator_role }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- swift-api-setup
- swift-service-add
- swift-setup
# Create an endpoint
- name: Ensure swift endpoint
keystone:
command: "ensure_endpoint"
token: "{{ keystone_auth_admin_token }}"
endpoint: "{{ keystone_service_adminurl }}"
region_name: "{{ swift_service_region }}"
service_name: "{{ swift_service_name }}"
service_type: "{{ swift_service_type }}"
insecure: "{{ keystone_service_adminuri_insecure }}"
endpoint_list:
- url: "{{ swift_service_publicurl }}"
interface: "public"
- url: "{{ swift_service_internalurl }}"
interface: "internal"
- url: "{{ swift_service_adminurl }}"
interface: "admin"
register: add_service
until: add_service|success
retries: 5
delay: 10
tags:
- swift-api-setup
- swift-service-add
- swift-setup
View Git Blame Copy Permalink