--- - hosts: localhost vars_files: - "/etc/openstack/keystone.conf" tasks: # RabbitMQ configuration, this may end up in a different playbook - name: Create rabbitmq user user: name: rabbitmq comment: Rabbitmq server daemon shell: /sbin/nologin home: /var/lib/rabbitmq - name: Create the rabbitmq directories file: path: "{{ item }}" state: directory owner: rabbitmq group: rabbitmq with_items: - /var/run/rabbitmq - /var/log/rabbitmq - /etc/rabbitmq - name: Add the configuration needed for rabbitmq in /etc/rabbitmq using templates template: src: /usr/share/openstack/rabbitmq/{{ item }} dest: /etc/rabbitmq/{{ item }} owner: rabbitmq group: rabbitmq mode: 0644 with_items: - rabbitmq.config - rabbitmq-env.conf - name: Enable and start rabbitmq services service: name: "{{ item }}" enabled: yes state: started with_items: - rabbitmq-server # Postgres configuration, this may end up in a different playbook - name: Create postgres user user: name: postgres comment: PostgreSQL Server shell: /sbin/nologin home: /var/lib/pgsql - name: Create the postgres directories file: path: "{{ item }}" state: directory owner: postgres group: postgres with_items: - /var/run/postgresql - /var/lib/pgsql/data - name: Initialise postgres database command: pg_ctl -D /var/lib/pgsql/data initdb args: creates: /var/lib/pgsql/data/base sudo: yes sudo_user: postgres - name: Add the configuration needed for postgres for Openstack template: src: /usr/share/openstack/postgres/{{ item }} dest: /var/lib/pgsql/data/{{ item }} owner: postgres group: postgres mode: 0600 with_items: - postgresql.conf - pg_hba.conf - name: Enable and start postgres services service: name: "{{ item }}" enabled: yes state: started with_items: - postgres-server # Keystone configuration - name: Create the keystone user. user: name: keystone comment: Openstack Keystone Daemons shell: /sbin/nologin home: /var/lib/keystone - name: Create the /var folders for keystone file: path: "{{ item }}" state: directory owner: keystone group: keystone with_items: - /var/run/keystone - /var/lock/keystone - /var/log/keystone - /var/lib/keystone - name: Create /etc/keystone directory file: path: /etc/keystone state: directory - name: Add the configuration needed for lorry in /etc using templates template: src: /usr/share/openstack/keystone/{{ item }} dest: /etc/keystone/{{ item }} with_lines: - cd /usr/share/openstack/keystone && find -type f - name: Create postgresql user for keystone postgresql_user: name: "{{ KEYSTONE_DB_USER }}" password: "{{ KEYSTONE_DB_PASSWORD }}" sudo: yes sudo_user: keystone - name: Create database for keystone services postgresql_db: name: keystone owner: "{{ KEYSTONE_DB_USER }}" sudo: yes sudo_user: keystone - name: Initiatie keystone database keystone_manage: action: dbsync sudo: yes sudo_user: keystone - name: Enable and start openstack-keystone service service: name: openstack-keystone.service enabled: yes state: started - name: Create admin tenant keystone_user: tenant: admin tenant_description: Admin Tenant token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - name: Create admin user for the admin tenant keystone_user: user: admin tenant: admin password: "{{ KEYSTONE_ADMIN_PASSWORD }}" token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - name: Create admin role for admin user in the admin tenant keystone_user: role: admin user: admin tenant: admin token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - name: Create service tenant keystone_user: tenant: service tenant_description: Service Tenant token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 - name: Add kestone endpoint keystone_service: name: keystone type: identity description: Keystone Identity Service publicurl: http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 internalurl: http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0 adminurl: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0 region: regionOne token: "{{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}" endpoint: http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0