From de758b359b8e7820fb042bb0d3584f3526fae417 Mon Sep 17 00:00:00 2001 From: Francisco Redondo Marchena Date: Mon, 13 Apr 2015 17:39:24 +0000 Subject: Keystone: Add Ansible scripts to setup services Change-Id: I524141a1b78e4bac01fb7b2fc5a5f3bdbf99a6cb --- openstack/usr/share/openstack/hosts | 1 + openstack/usr/share/openstack/keystone.yml | 188 +++++++++++++++++++++++++++++ 2 files changed, 189 insertions(+) create mode 100644 openstack/usr/share/openstack/hosts create mode 100644 openstack/usr/share/openstack/keystone.yml diff --git a/openstack/usr/share/openstack/hosts b/openstack/usr/share/openstack/hosts new file mode 100644 index 00000000..5b97818d --- /dev/null +++ b/openstack/usr/share/openstack/hosts @@ -0,0 +1 @@ +localhost ansible_connection=local diff --git a/openstack/usr/share/openstack/keystone.yml b/openstack/usr/share/openstack/keystone.yml new file mode 100644 index 00000000..20753a9c --- /dev/null +++ b/openstack/usr/share/openstack/keystone.yml @@ -0,0 +1,188 @@ +--- +- hosts: localhost + vars_files: + - "/etc/openstack/keystone.conf" + tasks: + + # RabbitMQ configuration, this may end up in a different playbook + - name: Create rabbitmq user + user: + name: rabbitmq + comment: Rabbitmq server daemon + shell: /sbin/nologin + home: /var/lib/rabbitmq + + - name: Create the rabbitmq directories + file: + path: "{{ item }}" + state: directory + owner: rabbitmq + group: rabbitmq + with_items: + - /var/run/rabbitmq + - /var/log/rabbitmq + - /etc/rabbitmq + + - name: Add the configuration needed for rabbitmq in /etc/rabbitmq using templates + template: + src: /usr/share/openstack/rabbitmq/{{ item }} + dest: /etc/rabbitmq/{{ item }} + owner: rabbitmq + group: rabbitmq + mode: 0644 + with_items: + - rabbitmq.config + - rabbitmq-env.conf + + - name: Enable and start rabbitmq services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - rabbitmq-server + + # Postgres configuration, this may end up in a different playbook + - name: Create postgres user + user: + name: postgres + comment: PostgreSQL Server + shell: /sbin/nologin + home: /var/lib/pgsql + + - name: Create the postgres directories + file: + path: "{{ item }}" + state: directory + owner: postgres + group: postgres + with_items: + - /var/run/postgresql + - /var/lib/pgsql/data + + - name: Initialise postgres database + command: pg_ctl -D /var/lib/pgsql/data initdb + args: + creates: /var/lib/pgsql/data/base + sudo: yes + sudo_user: postgres + + - name: Add the configuration needed for postgres for Openstack + template: + src: /usr/share/openstack/postgres/{{ item }} + dest: /var/lib/pgsql/data/{{ item }} + owner: postgres + group: postgres + mode: 0600 + with_items: + - postgresql.conf + - pg_hba.conf + + - name: Enable and start postgres services + service: + name: "{{ item }}" + enabled: yes + state: started + with_items: + - postgres-server + + + # Keystone configuration + - name: Create the keystone user. + user: + name: keystone + comment: Openstack Keystone Daemons + shell: /sbin/nologin + home: /var/lib/keystone + + - name: Create the /var folders for keystone + file: + path: "{{ item }}" + state: directory + owner: keystone + group: keystone + with_items: + - /var/run/keystone + - /var/lock/keystone + - /var/log/keystone + - /var/lib/keystone + + - name: Create /etc/keystone directory + file: + path: /etc/keystone + state: directory + + - name: Add the configuration needed for lorry in /etc using templates + template: + src: /usr/share/openstack/keystone/{{ item }} + dest: /etc/keystone/{{ item }} + with_lines: + - cd /usr/share/openstack/keystone && find -type f + + - name: Create postgresql user for keystone + postgresql_user: + name: "{{ KEYSTONE_DB_USER }}" + password: "{{ KEYSTONE_DB_PASSWORD }}" + sudo: yes + sudo_user: keystone + + - name: Create database for keystone services + postgresql_db: + name: keystone + owner: "{{ KEYSTONE_DB_USER }}" + sudo: yes + sudo_user: keystone + + - name: Initiatie keystone database + keystone_manage: + action: dbsync + sudo: yes + sudo_user: keystone + + - name: Enable and start openstack-keystone service + service: + name: openstack-keystone.service + enabled: yes + state: started + + - name: Create admin tenant + keystone_user: + tenant: admin + tenant_description: Admin Tenant + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Create admin user for the admin tenant + keystone_user: + user: admin + tenant: admin + password: "{{ KEYSTONE_ADMIN_PASSWORD }}" + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Create admin role for admin user in the admin tenant + keystone_user: + role: admin + user: admin + tenant: admin + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Create service tenant + keystone_user: + tenant: service + tenant_description: Service Tenant + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + + - name: Add kestone endpoint + keystone_service: + name: keystone + type: identity + description: Keystone Identity Service + publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 + adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 + region: regionOne + token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" + endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 -- cgit v1.2.1