swift/roles/additional-keystone-users/tasks/main.yaml
Tim Burke 95b7e16c7f CI: Include --domain in more openstack commands
Related-Bug: #2080600
Change-Id: Id5b0bf6efcb2c16e10334d2edb268194fa1ec008
2024-09-17 12:05:17 -07:00

135 lines
4.0 KiB
YAML

- name: Set S3 endpoint
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_storage_url
value: http://localhost:8080
become: true
- name: Create primary S3 user
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
credential create --type ec2 --project swiftprojecttest1 swiftusertest1
'{"access": "s3-user1", "secret": "s3-secret1"}'
- name: Add primary S3 user to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_access_key
value: s3-user1
become: true
- name: Add primary S3 user secret to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_secret_key
value: s3-secret1
become: true
- name: Clear secondary S3 user from test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_access_key2
value: ""
become: true
- name: Create restricted S3 user
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
credential create --type ec2 --project swiftprojecttest1 swiftusertest3
'{"access": "s3-user3", "secret": "s3-secret3"}'
- name: Add restricted S3 user to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_access_key3
value: s3-user3
become: true
- name: Add restricted S3 user secret to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_secret_key3
value: s3-secret3
become: true
- name: Create service role
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
role create swift_service
- name: Create service project
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
project create --domain default swiftprojecttest5
- name: Create service user
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
user create --domain default --project swiftprojecttest5 swiftusertest5 --password testing5
- name: Assign service role
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
role add --project swiftprojecttest5 --user swiftusertest5 swift_service
- name: Add service_roles to proxy-server.conf
ini_file:
path: /etc/swift/proxy-server.conf
section: filter:keystoneauth
option: SERVICE_KEY_service_roles
value: swift_service
become: true
- name: Update reseller prefixes in proxy-server.conf
ini_file:
path: /etc/swift/proxy-server.conf
section: filter:keystoneauth
option: reseller_prefix
value: AUTH, SERVICE_KEY
become: true
- name: Add service account to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: account5
value: swiftprojecttest5
become: true
- name: Add service user to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: username5
value: swiftusertest5
become: true
- name: Add service password to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: password5
value: testing5
become: true
- name: Add service prefix to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: service_prefix
value: SERVICE_KEY
become: true