diff options
Diffstat (limited to 'openstack/usr/share/openstack/keystone.yml')
-rw-r--r-- | openstack/usr/share/openstack/keystone.yml | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/openstack/usr/share/openstack/keystone.yml b/openstack/usr/share/openstack/keystone.yml new file mode 100644 index 00000000..b139b39f --- /dev/null +++ b/openstack/usr/share/openstack/keystone.yml @@ -0,0 +1,123 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/keystone.conf" + tasks: + + # RabbitMQ configuration, this may end up in a different playbook + - name: Create rabbitmq user + user: name=rabbitmq comment="Rabbitmq server daemon" shell=/sbin/nologin home=/var/lib/rabbitmq + + - name: Create the rabbitmq directories + file: path={{ item }} state=directory owner=rabbitmq group=rabbitmq + with_items: + - /var/run/rabbitmq + - /var/log/rabbitmq + - /etc/rabbitmq + + - name: Add the configuration needed for rabbitmq in /etc/rabbitmq using templates + template: src=/usr/share/openstack/rabbitmq/{{ item }} dest=/etc/rabbitmq/{{ item }} owner=rabbitmq group=rabbitmq mode=0644 + with_items: + - rabbitmq.config + - rabbitmq-env.conf + + - name: Enable and start rabbitmq services + service: name={{ item }} enabled=yes state=started + with_items: + - rabbitmq-server + + # Postgres configuration, this may end up in a different playbook + - name: Create postgres user + user: name=postgres comment="PostgreSQL Server" shell=/sbin/nologin home=/var/lib/pgsql + + - name: Create the postgres directories + file: path={{ item }} state=directory owner=postgres group=postgres + with_items: + - /var/run/postgresql + - /var/lib/pgsql/data + + - name: Initialise postgres database + shell: pg_ctl -D /var/lib/pgsql/data initdb creates=/var/lib/pgsql/data/base + sudo: yes + sudo_user: postgres + + - name: Add the configuration needed for postgres for Openstack + template: src=/usr/share/openstack/postgres/{{ item }} dest=/var/lib/pgsql/data/{{ item }} owner=postgres group=postgres mode=0600 + with_items: + - postgresql.conf + - pg_hba.conf + + - name: Enable and start postgres services + service: name={{ item }} enabled=yes state=started + with_items: + - postgres-server + + + # Keystone configuration + - name: Create the keystone user. + user: name=keystone comment="Openstack Keystone Daemons" shell=/sbin/nologin home=/var/lib/keystone + + - name: Create the /var folders for keystone + file: path={{ item }} state=directory owner=keystone group=keystone + with_items: + - /var/run/keystone + - /var/lock/keystone + - /var/log/keystone + - /var/lib/keystone + + - file: path=/etc/keystone state=directory + - name: Add the configuration needed for lorry in /etc using templates + template: src=/usr/share/openstack/keystone/{{ item }} dest=/etc/keystone/{{ item }} + with_lines: + - (cd /usr/share/openstack/keystone && find -type f) + + - postgresql_user: name={{ KEYSTONE_DB_USER }} password={{ KEYSTONE_DB_PASSWORD }} + sudo: yes + sudo_user: keystone + - postgresql_db: name=keystone owner={{ KEYSTONE_DB_USER }} + sudo: yes + sudo_user: keystone + + - keystone_manage: action=dbsync + sudo: yes + sudo_user: keystone + + - name: Enable and start openstack-keystone service + service: name=openstack-keystone.service enabled=yes state=started + + - keystone_user: > + tenant=admin + tenant_description="Admin Tenant" + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_user: > + user=admin + tenant=admin + password={{ KEYSTONE_ADMIN_PASSWORD }} + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_user: > + role=admin + user=admin + tenant=admin + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_user: > + tenant=service + tenant_description="Service Tenant" + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - keystone_service: > + name=keystone + type=identity + description="Keystone Identity Service" + publicurl=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + internalurl=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + adminurl=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + region='regionOne' + token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }} + endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 |