Ensure regular users are created for the Trove role

As per: http://docs.openstack.org/developer/trove/dev/manual_install.html We need the following: keystone --os-username <OpenStackAdminUsername> --os-password <OpenStackAdminPassword> --os-tenant-name <OpenStackAdminTenant> --os-auth-url http://<KeystoneIP>:<KeystonePort>/v2.0 tenant-create --user trove_for_trove_usage keystone --os-username <OpenStackAdminUsername> --os-password <OpenStackAdminPassword> --os-tenant-name <OpenStackAdminTenant> --os-auth-url http://<KeystoneIP>:<KeystonePort>/v2.0 user-create --user regular_trove_user --pass trove --tenant trove_for_trove_usage keystone --os-username <OpenStackAdminUsername> --os-password <OpenStackAdminPassword> --os-tenant-name <OpenStackAdminTenant> --os-auth-url http://<KeystoneIP>:<KeystonePort>/v2.0 user-create --user admin_trove_user --pass trove --tenant trove_for_trove_usage keystone --os-username <OpenStackAdminUsername> --os-password <OpenStackAdminPassword> --os-tenant-name <OpenStackAdminTenant> --os-auth-url http://<KeystoneIP>:<KeystonePort>/v2.0 user-role-add --user admin_trove_user --tenant trove_for_trove_usage --role admin keystone --os-username <OpenStackAdminUsername> --os-password <OpenStackAdminPassword> --os-tenant-name <OpenStackAdminTenant> --os-auth-url http://<KeystoneIP>:<KeystonePort>/v2.0 service-create --user trove --type database keystone --os-username <OpenStackAdminUsername> --os-password <OpenStackAdminPassword> --os-tenant-name <OpenStackAdminTenant> --os-auth-url http://<KeystoneIP>:<KeystonePort>/v2.0 endpoint-create --service trove --region RegionOne --publicurl 'http://<EnvironmentPublicIP>:<EnvironmentPort>/v1.0/$(tenant_id)s' --adminurl 'http://<EnvironmentPublicIP>:<EnvironmentPort>/v1.0/$(tenant_id)s' --internalurl 'http://<EnvironmentPublicIP>:<EnvironmentPort>/v1.0/$(tenant_id)s' Closes-Bug: #1626726 Change-Id: I30a5bf3b3a7f369527b87f8925b167cd47c52d5a
2016-09-23 10:42:04 +02:00 · 2016-09-23 10:42:04 +02:00 · cb8c069944
commit cb8c069944
parent 767682b6f4
4 changed files with 66 additions and 14 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -30,12 +30,15 @@ trove_api_program_name: trove-api
 trove_conductor_program_name: trove-conductor
 trove_taskmanager_program_name: trove-taskmanager

+trove_regular_user_name: regular_trove_user
+trove_admin_user_name: admin_trove_user
+
 trove_service_name: trove
-trove_service_user_name: trove
+trove_service_tenant_name: trove_for_trove_usage
 trove_service_type: database
 trove_service_description: "OpenStack DBaaS (Trove)"
 trove_service_project_name: service
-trove_service_role_names:
+trove_service_admin_role_names:
  - admin
 trove_service_region: RegionOne
 trove_service_host: "0.0.0.0"
--- a/extras/user_secrets.yml
+++ b/extras/user_secrets.yml
@ -2,3 +2,5 @@
 trove_galera_password:
 trove_rabbitmq_password:
 trove_service_password:
+trove_admin_user_password:
+trove_regular_user_password:
--- a/tasks/trove_service_setup.yml
+++ b/tasks/trove_service_setup.yml
@ -15,6 +15,27 @@
 #
 # (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
 # (c) 2016 Paul Stevens <paul.stevens@is.co.za>
+# Reference: http://docs.openstack.org/developer/trove/dev/manual_install.html
+- name: Ensure the trove tenant exists
+  keystone:
+    command: "ensure_tenant"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
+    project_name: "{{ trove_service_project_name }}"
+    description: "{{ trove_service_description }}"
+  register: add_trove_tenant
+  until: add_trove_tenant |success
+  retries: 5
+  delay: 2
+  tags:
+    - trove-api-setup
+    - trove-service-add
+    - trove-setup
+
 - name: Ensure the service for trove exists
  keystone:
    command: "ensure_service"
@ -35,7 +56,7 @@
    - trove-service-add
    - trove-setup

- name: Ensure the trove user exists
+- name: Ensure the trove regular user exists
  keystone:
    command: "ensure_user"
    endpoint: "{{ keystone_service_adminurl }}"
@ -43,11 +64,12 @@
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-    user_name: "{{ trove_service_user_name }}"
-    tenant_name: "{{ trove_service_project_name }}"
-    password: "{{ trove_service_password }}"
-  register: add_trove_user
-  until: add_trove_user |success
+    user_name: "{{ trove_regular_user_name }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
+    password: "{{ trove_regular_user_password }}"
+    project_name: "{{ trove_service_project_name }}"
+  register: add_trove_regular_user
+  until: add_trove_regular_user |success
  retries: 5
  delay: 2
  tags:
@ -56,22 +78,45 @@
    - trove-user-add
    - trove-setup

- name: Ensure the trove user has the admin role
+- name: Ensure the trove admin user exists
+  keystone:
+    command: "ensure_user"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+    user_name: "{{ trove_admin_user_name }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
+    password: "{{ trove_admin_user_password }}"
+    project_name: "{{ trove_service_project_name }}"
+  register: add_trove_admin_user
+  until: add_trove_admin_user |success
+  retries: 5
+  delay: 2
+  tags:
+    - trove-api-setup
+    - trove-service-add
+    - trove-user-add
+    - trove-setup
+
+- name: Ensure the trove admin user has the admin role
  keystone:
    command: "ensure_user_role"
    endpoint: "{{ keystone_service_adminurl }}"
    login_user: "{{ keystone_admin_user_name }}"
    login_password: "{{ keystone_auth_admin_password }}"
    login_project_name: "{{ keystone_admin_tenant_name }}"
-    user_name: "{{ trove_service_user_name }}"
-    tenant_name: "{{ trove_service_project_name }}"
+    user_name: "{{ trove_admin_user_name }}"
+    tenant_name: "{{ trove_service_tenant_name }}"
    role_name: "{{ item }}"
    insecure: "{{ keystone_service_adminuri_insecure }}"
-  register: ensure_trove_roles
-  until: ensure_trove_roles |success
+    project_name: "{{ trove_service_project_name }}"
+  register: ensure_trove_admin_roles
+  until: ensure_trove_admin_roles |success
  retries: 5
  delay: 2
-  with_items: "{{ trove_service_role_names }}"
+  with_items: "{{ trove_service_admin_role_names }}"

 - name: Ensure the trove endpoint is registered
  keystone:
--- a/tests/test-vars.yml
+++ b/tests/test-vars.yml
@ -29,6 +29,8 @@ trove_rabbitmq_userid: trove
 trove_rabbitmq_vhost: /trove
 trove_requirements_git_install_branch: master
 trove_service_password: "secrete"
+trove_regular_user_password: "secrete"
+trove_admin_user_password: "secrete"
 trove_service_project_domain_id: default
 trove_service_project_name: service
 trove_service_region: RegionOne