hpc-cloud/roles/keystone/tasks/main.yml
Egon Rijpkema b727857dae Previously the keystone image was build here
But we since switched to separate repo's for the dockerfiles.
These are built with jenkins.
2017-07-24 13:47:31 +02:00

53 lines
2.1 KiB
YAML

# Build and install a docker image for keystone.
---
- name: Make persistent directories
file:
path: /srv/keystone/fernet-keys
state: directory
mode: 0777
- name: install service file.
template:
src: templates/keystone.service
dest: /etc/systemd/system/keystone.service
mode: 644
owner: root
group: root
- name: install service file
command: systemctl daemon-reload
- name: Initialize db
script: scripts/initialize_db.sh {{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
- name: keystone manage commands to setup db
command: >
/usr/bin/docker run --rm
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
hpc/keystone keystone-manage {{ item }}
with_items:
- db_sync
- fernet_setup --keystone-user keystone --keystone-group keystone
- credential_setup --keystone-user keystone --keystone-group keystone
- >
bootstrap --bootstrap-password geheim
--bootstrap-admin-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-internal-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:35357/v3/
--bootstrap-public-url http://{{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}:5000/v3/
--bootstrap-region-id RegionOne
- name: Create a domain, projects users and roles
command: >
/usr/bin/docker run --rm
--add-host=mariadb:{{ hostvars[groups['databases'][0]]['ansible_default_ipv4']['address'] }}
-v /srv/keystone/fernet-keys:/etc/keystone/fernet-keys
-e "KEYSTONE_HOST={{ hostvars[groups['keystone'][0]]['ansible_default_ipv4']['address'] }}"
hpc/keystone bash /etc/bootstrap.sh
- name: make sure service is started
systemd:
name: keystone.service
state: restarted