2017-04-25 14:47:04 +02:00
|
|
|
# Build and install a docker image for keystone.
|
|
|
|
---
|
2017-08-14 16:40:06 +02:00
|
|
|
- name: include secrets
|
|
|
|
include_vars:
|
|
|
|
file: ../../secrets.yml
|
|
|
|
name: secrets
|
|
|
|
|
2017-07-24 12:17:50 +02:00
|
|
|
- name: Make persistent directories
|
2017-04-25 14:47:04 +02:00
|
|
|
file:
|
2017-08-14 16:40:06 +02:00
|
|
|
path: "{{ item }}"
|
2017-04-25 14:47:04 +02:00
|
|
|
state: directory
|
2017-05-11 15:55:05 +02:00
|
|
|
mode: 0777
|
2017-08-14 16:40:06 +02:00
|
|
|
with_items:
|
|
|
|
- /srv
|
|
|
|
- /srv/keystone
|
|
|
|
- /srv/keystone/fernet-keys
|
|
|
|
- /srv/keystone/root
|
2018-08-16 16:27:45 +02:00
|
|
|
- /srv/keystone/certs
|
|
|
|
- /srv/keystone/shibboleth
|
|
|
|
|
|
|
|
- name: install ssl files
|
|
|
|
template:
|
|
|
|
src: templates/certs/{{ item }}
|
|
|
|
dest: /srv/keystone/certs/{{ item }}
|
|
|
|
mode: 400
|
|
|
|
with_items:
|
|
|
|
- merlin.hpc.rug.nl.key
|
|
|
|
- merlin.hpc.rug.nl.crt
|
|
|
|
- DigiCertCA.crt
|
2017-04-25 14:47:04 +02:00
|
|
|
|
2017-08-01 10:19:54 +02:00
|
|
|
- set_fact:
|
2018-08-16 16:27:45 +02:00
|
|
|
docker_image: registry.webhosting.rug.nl/hpc/openstack-keystone-merlin:latest
|
2017-08-01 10:19:54 +02:00
|
|
|
|
|
|
|
- name: pull docker image
|
2017-07-31 13:21:03 +02:00
|
|
|
docker_image:
|
2017-08-01 10:19:54 +02:00
|
|
|
name: "{{ docker_image }}"
|
2017-08-17 15:50:39 +02:00
|
|
|
force: True
|
2017-07-31 13:21:03 +02:00
|
|
|
tags: pull
|
|
|
|
|
2017-04-25 14:47:04 +02:00
|
|
|
- name: install service file.
|
|
|
|
template:
|
2017-05-11 16:47:03 +02:00
|
|
|
src: templates/keystone.service
|
2017-04-25 14:47:04 +02:00
|
|
|
dest: /etc/systemd/system/keystone.service
|
|
|
|
mode: 644
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
|
|
|
|
- name: install service file
|
|
|
|
command: systemctl daemon-reload
|
|
|
|
|
2017-08-31 15:02:47 +02:00
|
|
|
- name: start service at boot.
|
|
|
|
command: systemctl reenable keystone.service
|
|
|
|
|
2017-05-11 15:55:05 +02:00
|
|
|
- name: Initialize db
|
2017-08-14 16:40:06 +02:00
|
|
|
script: scripts/initialize_db.sh
|
|
|
|
environment:
|
|
|
|
MYSQL_ROOT_PASSWORD: "{{ secrets['MYSQL_ROOT_PASSWORD'] }}"
|
2017-08-31 15:02:47 +02:00
|
|
|
DB_HOST: "{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}"
|
2017-08-02 15:22:10 +02:00
|
|
|
register: result
|
2018-07-20 11:49:20 +02:00
|
|
|
until: result is succeeded
|
2017-08-02 15:22:10 +02:00
|
|
|
# sometimes the initial connect fails.
|
|
|
|
# Retry until it succeeds.
|
|
|
|
retries: 7
|
|
|
|
delay: 3
|
|
|
|
ignore_errors: yes
|
2017-05-11 15:55:05 +02:00
|
|
|
|
2018-02-22 16:31:18 +01:00
|
|
|
- name: keystone manage commands to setup db_sync
|
2017-05-11 15:55:05 +02:00
|
|
|
command: >
|
2017-05-11 16:47:03 +02:00
|
|
|
/usr/bin/docker run --rm
|
2017-08-31 15:02:47 +02:00
|
|
|
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
|
2017-05-11 15:55:05 +02:00
|
|
|
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
|
2018-08-16 16:27:45 +02:00
|
|
|
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
2017-08-01 10:19:54 +02:00
|
|
|
{{ docker_image }} keystone-manage {{ item }}
|
2017-05-11 15:55:05 +02:00
|
|
|
with_items:
|
|
|
|
- db_sync
|
|
|
|
- fernet_setup --keystone-user keystone --keystone-group keystone
|
|
|
|
- credential_setup --keystone-user keystone --keystone-group keystone
|
|
|
|
- >
|
2017-08-14 16:40:06 +02:00
|
|
|
bootstrap --bootstrap-password {{ secrets['OS_PASSWORD'] }}
|
2018-08-16 16:27:45 +02:00
|
|
|
--bootstrap-admin-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
|
|
|
|
--bootstrap-internal-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:35357/v3/
|
|
|
|
--bootstrap-public-url https://{{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}:5000/v3/
|
2017-05-11 15:55:05 +02:00
|
|
|
--bootstrap-region-id RegionOne
|
2018-02-16 13:39:21 +01:00
|
|
|
# sometimes the initial connect fails.
|
|
|
|
# Retry until it succeeds.
|
|
|
|
retries: 7
|
|
|
|
delay: 3
|
|
|
|
ignore_errors: yes
|
2017-06-16 16:33:45 +02:00
|
|
|
|
2017-08-01 10:19:54 +02:00
|
|
|
- name: make sure service is started
|
|
|
|
systemd:
|
|
|
|
name: keystone.service
|
|
|
|
state: restarted
|
|
|
|
|
2017-07-12 10:19:45 +02:00
|
|
|
- name: Create a domain, projects users and roles
|
|
|
|
command: >
|
|
|
|
/usr/bin/docker run --rm
|
2017-08-31 15:02:47 +02:00
|
|
|
--add-host=mariadb:{{ listen_ip | default(hostvars[groups['databases'][0]]['ansible_default_ipv4']['address']) }}
|
2017-07-12 10:19:45 +02:00
|
|
|
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
|
2017-08-14 16:40:06 +02:00
|
|
|
-v /srv/keystone/root:/root
|
2018-08-16 16:27:45 +02:00
|
|
|
-e "KEYSTONE_HOST={{ keystone_external_fqdn | default(hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address']) }}"
|
|
|
|
-e "OS_AUTH_URL=https://${KEYSTONE_HOST}:35357/v3"
|
2017-08-14 16:40:06 +02:00
|
|
|
-e "OS_PASSWORD={{ secrets['OS_PASSWORD'] }}"
|
2017-08-01 10:19:54 +02:00
|
|
|
{{ docker_image }} bash /etc/bootstrap.sh
|
2018-02-20 15:29:14 +01:00
|
|
|
register: result
|
2018-02-20 14:24:41 +01:00
|
|
|
retries: 7
|
|
|
|
delay: 3
|
2017-08-31 15:02:47 +02:00
|
|
|
|
|
|
|
|
2018-02-22 16:31:18 +01:00
|
|
|
- name: install openstack repo key host.
|
|
|
|
command: apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA
|
|
|
|
tags: openstackclient
|
|
|
|
|
2017-08-31 15:02:47 +02:00
|
|
|
- name: install openstack repo on host.
|
2018-02-22 16:31:18 +01:00
|
|
|
apt_repository:
|
|
|
|
repo: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/ocata main"
|
|
|
|
filename: ocata
|
2017-08-31 15:02:47 +02:00
|
|
|
tags: openstackclient
|
|
|
|
|
|
|
|
- name: install openstack client for management
|
|
|
|
apt:
|
|
|
|
name: python-openstackclient
|
|
|
|
state: latest
|
|
|
|
update_cache: yes
|
|
|
|
tags: openstackclient
|
|
|
|
|
|
|
|
- name: source admin-openrc.sh in root .bashrc
|
|
|
|
lineinfile:
|
|
|
|
path: /root/.bashrc
|
|
|
|
line: 'source /srv/keystone/root/admin-openrc.sh'
|