openstack/usr/share/openstack/keystone.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

---
- hosts: localhost
  vars_files:
  - "/etc/openstack/keystone.conf"
  tasks:

  # RabbitMQ configuration, this may end up in a different playbook
  - name: Create rabbitmq user
    user: name=rabbitmq comment="Rabbitmq server daemon" shell=/sbin/nologin home=/var/lib/rabbitmq

  - name: Create the rabbitmq directories
    file: path={{ item }} state=directory owner=rabbitmq group=rabbitmq
    with_items:
    - /var/run/rabbitmq
    - /var/log/rabbitmq
    - /etc/rabbitmq

  - name: Add the configuration needed for rabbitmq in /etc/rabbitmq using templates
    template: src=/usr/share/openstack/rabbitmq/{{ item }} dest=/etc/rabbitmq/{{ item }} owner=rabbitmq group=rabbitmq mode=0644
    with_items:
    - rabbitmq.config
    - rabbitmq-env.conf

  - name: Enable and start rabbitmq services
    service: name={{ item }} enabled=yes state=started
    with_items:
    - rabbitmq-server

  # Postgres configuration, this may end up in a different playbook
  - name: Create postgres user
    user: name=postgres comment="PostgreSQL Server" shell=/sbin/nologin home=/var/lib/pgsql

  - name: Create the postgres directories
    file: path={{ item }} state=directory owner=postgres group=postgres
    with_items:
    - /var/run/postgresql
    - /var/lib/pgsql/data

  - name: Initialise postgres database
    shell: pg_ctl -D  /var/lib/pgsql/data initdb creates=/var/lib/pgsql/data/base
    sudo: yes
    sudo_user: postgres

  - name: Add the configuration needed for postgres for Openstack
    template: src=/usr/share/openstack/postgres/{{ item }} dest=/var/lib/pgsql/data/{{ item }} owner=postgres group=postgres mode=0600
    with_items:
    - postgresql.conf
    - pg_hba.conf

  - name: Enable and start postgres services
    service: name={{ item }} enabled=yes state=started
    with_items:
    - postgres-server


  # Keystone configuration
  - name: Create the keystone user.
    user: name=keystone comment="Openstack Keystone Daemons" shell=/sbin/nologin home=/var/lib/keystone

  - name: Create the /var folders for keystone
    file: path={{ item }} state=directory owner=keystone group=keystone
    with_items:
    - /var/run/keystone
    - /var/lock/keystone
    - /var/log/keystone
    - /var/lib/keystone

  - file: path=/etc/keystone state=directory
  - name: Add the configuration needed for lorry in /etc using templates
    template: src=/usr/share/openstack/keystone/{{ item }} dest=/etc/keystone/{{ item }}
    with_lines:
    - (cd /usr/share/openstack/keystone && find -type f)

  - postgresql_user: name={{ KEYSTONE_DB_USER }} password={{ KEYSTONE_DB_PASSWORD }}
    sudo: yes
    sudo_user: keystone
  - postgresql_db: name=keystone owner={{ KEYSTONE_DB_USER }}
    sudo: yes
    sudo_user: keystone

  - keystone_manage: action=dbsync
    sudo: yes
    sudo_user: keystone

  - name: Enable and start openstack-keystone service
    service: name=openstack-keystone.service enabled=yes state=started

  - keystone_user: >
        tenant=admin
        tenant_description="Admin Tenant"
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0

  - keystone_user: >
        user=admin
        tenant=admin
        password={{ KEYSTONE_ADMIN_PASSWORD }}
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0

  - keystone_user: >
        role=admin
        user=admin
        tenant=admin
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0

  - keystone_user: >
        tenant=service
        tenant_description="Service Tenant"
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0

  - keystone_service: >
        name=keystone
        type=identity
        description="Keystone Identity Service"
        publicurl=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
        internalurl=http://{{ CONTROLLER_HOST_ADDRESS }}:5000/v2.0
        adminurl=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0
        region='regionOne'
        token={{ KEYSTONE_TEMPORARY_ADMIN_TOKEN }}
        endpoint=http://{{ CONTROLLER_HOST_ADDRESS }}:35357/v2.0