openstack/usr/share/openstack/keystone.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

---
- hosts: localhost
  vars_files:
  - "/etc/openstack/keystone.conf"
  tasks:
  - name: Create the keystone user.
    user: name=keystone comment="Openstack Keystone Daemons" shell=/sbin/nologin home=/var/lib/keystone

  - name: Create the /var folders for keystone
    file: path={{ item }} state=directory owner=keystone group=keystone
    with_items:
    - /var/run/keystone
    - /var/lock/keystone
    - /var/log/keystone
    - /var/lib/keystone

  - file: path=/etc/keystone state=directory
  - name: Add the configuration needed for lorry in /etc using templates
    template: src=/usr/share/openstack/keystone/{{ item }} dest=/etc/keystone/{{ item }}
    with_lines:
    - (cd /usr/share/openstack/keystone && find -type f)

  - postgresql_user: name={{ KEYSTONE_DB_USER }} password={{ KEYSTONE_DB_PASSWORD }}
    sudo: yes
    sudo_user: keystone
  - postgresql_db: name=keystone owner={{ KEYSTONE_DB_USER }}
    sudo: yes
    sudo_user: keystone

  - keystone_manage: action=dbsync
    sudo: yes
    sudo_user: keystone

  - name: Enable and start openstack-keystone service
    service: name=openstack-keystone.service enabled=yes state=started

  - keystone_user: >
        tenant=admin
        tenant_description="Admin Tenant"
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint={{ KEYSTONE_ADMIN_URL }}

  - keystone_user: >
        user=admin
        tenant=admin
        password={{ KEYSTONE_ADMIN_PASSWORD }}
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint={{ KEYSTONE_ADMIN_URL }}

  - keystone_user: >
        role=admin
        user=admin
        tenant=admin
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint={{ KEYSTONE_ADMIN_URL }}

  - keystone_user: >
        tenant=service
        tenant_description="Service Tenant"
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint={{ KEYSTONE_ADMIN_URL }}

  - keystone_service: >
        name=keystone
        type=identity
        description="Keystone Identity Service"
        publicurl={{ KEYSTONE_PUBLIC_URL }}
        internalurl={{ KEYSTONE_INTERNAL_URL }}
        adminurl={{ KEYSTONE_ADMIN_URL }}
        region='RegionOne'
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint={{ KEYSTONE_ADMIN_URL }}