Fixes for Metacloud (WIP)

juledwar · Jan 31, 2017 · cd66841 · cd66841
1 parent f360c1b
commit cd66841
Show file tree

Hide file tree

Showing 7 changed files with 169 additions and 57 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -154,6 +154,7 @@ ironic_requires_pip_packages:
   - virtualenv-tools
   - python-keystoneclient # Keystoneclient needed for the OSA keystone lib
   - httplib2 # for Ansible's uri module
+ironic_requires_pip_packages: "virtualenv virtualenv-tools python-keystoneclient httplib2 keystoneauth1"
 
 ironic_pip_packages:
   - PyMySQL
@@ -162,6 +163,7 @@ ironic_pip_packages:
   - python-swiftclient
   - pycrypto
   - python-memcached
+ironic_pip_packages: "PyMySQL MySQL-python python-ironicclient python-swiftclient pycrypto python-memcached diskimage-builder"
 
 ## RabbitMQ info
 ironic_rabbitmq_userid: ironic
@@ -200,3 +202,11 @@ ironic_policy_overrides: {}
 
 # pxe boot
 ironic_pxe_append_params: "ipa-debug=1 systemd.journald.forward_to_console=yes"
+
+# keystone admin
+ironic_keystone_admin_token: "{{ keystone_admin_token }}"
+keystone_admin_user_name: "admin"
+keystone_auth_admin_password: "{{ secrets.keystone.users.admin_password }}"
+keystone_admin_tenant_name: "admin"
+keystone_service_adminurl: "{{ keystone_protocol }}://{{ keystone_hostname }}:{{ keystone_admin_port }}/v3"
+keystone_service_adminuri_insecure: true
diff --git a/meta/main.yml b/meta/main.yml
@@ -27,9 +27,9 @@ galaxy_info:
   - baremetal
   - system
 dependencies:
-  - pip_install
-  - role: apt_package_pinning
-    when:
-      - ansible_pkg_mgr == 'apt'
-  - galera_client
-  - openstack_openrc
+#  - pip_install
+#  - role: apt_package_pinning
+#    when:
+#      - ansible_pkg_mgr == 'apt'
+#  - galera_client
+#  - openstack_openrc
diff --git a/tasks/ironic_api_post_install.yml b/tasks/ironic_api_post_install.yml
@@ -20,39 +20,39 @@
     owner: "root"
     group: "root"
   with_items:
-    - { src: "ironic-ports.conf.j2", dest: "/etc/apache2/ports.conf" }
-    - { src: "ironic-httpd.conf.j2", dest: "/etc/apache2/sites-available/ironic-httpd.conf" }
+    - { src: "ironic-ports.conf.j2", dest: "/etc/httpd/conf/ironic-ports.conf" }
+    - { src: "ironic-httpd.conf.j2", dest: "/etc/httpd/conf/ironic.conf" }
   notify:
     - Restart ironic services
 
-- name: Disable default apache site
-  file:
-    path: "/etc/apache2/sites-enabled/000-default.conf"
-    state: "absent"
-  when: not ironic_standalone
-  notify:
-    - Restart ironic services
-
-- name: Enable default apache site vhost
-  file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    state: "{{ item.state }}"
-  with_items:
-    - { src: "/etc/apache2/sites-available/000-default.conf", dest: "/etc/apache2/sites-enabled/000-default.conf", state: "link" }
-  when: ironic_standalone
-  notify:
-    - Restart ironic services
+#- name: Disable default apache site
+#  file:
+#    path: "/etc/apache2/sites-enabled/000-default.conf"
+#    state: "absent"
+#  when: not ironic_standalone
+#  notify:
+#    - Restart ironic services
 
-- name: Enable ironic vhost
-  file:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
-    state: "{{ item.state }}"
-  with_items:
-    - { src: "/etc/apache2/sites-available/ironic-httpd.conf", dest: "/etc/apache2/sites-enabled/ironic-httpd.conf", state: "link" }
-  notify:
-    - Restart ironic services
+#- name: Enable default apache site vhost
+#  file:
+#    src: "{{ item.src }}"
+#    dest: "{{ item.dest }}"
+#    state: "{{ item.state }}"
+#  with_items:
+#    - { src: "/etc/apache2/sites-available/000-default.conf", dest: "/etc/apache2/sites-enabled/000-default.conf", state: "link" }
+#  when: ironic_standalone
+#  notify:
+#    - Restart ironic services
+#
+#- name: Enable ironic vhost
+#  file:
+#    src: "{{ item.src }}"
+#    dest: "{{ item.dest }}"
+#    state: "{{ item.state }}"
+#  with_items:
+#    - { src: "/etc/apache2/sites-available/ironic-httpd.conf", dest: "/etc/apache2/sites-enabled/ironic-httpd.conf", state: "link" }
+#  notify:
+#    - Restart ironic services
 
 - name: Setup Ironic WSGI Configs
   template:

diff --git a/tasks/ironic_install.yml b/tasks/ironic_install.yml
@@ -77,7 +77,7 @@
     name: "{{ ironic_pip_packages }}"
     state: "{{ ironic_pip_package_state }}"
     virtualenv: "{{ ironic_bin | dirname }}"
-    virtualenv_site_packages: "no"
+    virtualenv_site_packages: "yes"
     extra_args: >-
       {{ ironic_developer_mode | ternary('--constraint /opt/developer-pip-constraints.txt', '') }}
       {{ (pip_install_upper_constraints is defined) | ternary('--constraint ' + pip_install_upper_constraints | default(''),'') }}

diff --git a/tasks/ironic_post_install.yml b/tasks/ironic_post_install.yml
@@ -37,32 +37,59 @@
   tags:
     - always
 
-- name: Post swift tempURL secret key
+#- name: Post swift tempURL secret key
+#  command: >
+#        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
+#        --os-username "service:{{ glance_service_user_name }}"
+#        --os-password "{{ glance_service_password }}"
+#        --os-auth-url {{ keystone_service_internalurl }}
+#        --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
+#        post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }}
+#  environment:
+#    OS_ENDPOINT_TYPE: internalURL
+#  when:
+#    - inventory_hostname == groups['ironic_all'][0]
+#    - not ironic_standalone | bool
+#  tags:
+#    - always
+
+- name: Post Swift tempURL secret key via standalone auth
   command: >
-        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
-        --os-username "service:{{ glance_service_user_name }}"
-        --os-password "{{ glance_service_password }}"
-        --os-auth-url {{ keystone_service_internalurl }}
-        --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
-        post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }}
-  environment:
-    OS_ENDPOINT_TYPE: internalURL
+      {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
+      -A {{ swift_auth_url }}
+      -U {{ swift_admin_user }}
+      -K {{ swift_admin_password }}
+      post -m temp-url-key:{{ ironic_swift_temp_url_secret_key }}
   when:
     - inventory_hostname == groups['ironic_all'][0]
     - not ironic_standalone | bool
   tags:
     - always
 
-- name: Get swift account
+#- name: Get swift account
+#  shell: >
+#        {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
+#        --os-username "service:{{ glance_service_user_name }}"
+#        --os-password "{{ glance_service_password }}"
+#        --os-auth-url {{ keystone_service_internalurl }}
+#        --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
+#        stat -v | awk '/StorageURL\:/ {print $2}'
+#  environment:
+#    OS_ENDPOINT_TYPE: internalURL
+#  register: swift_storage_url
+#  when:
+#    - (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined)
+#    - not ironic_standalone | bool
+#  tags:
+#    - always
+
+- name: Get swift account via standalone auth
   shell: >
         {{ ironic_bin }}/swift {{ keystone_service_adminuri_insecure | bool | ternary('--insecure','') }}
-        --os-username "service:{{ glance_service_user_name }}"
-        --os-password "{{ glance_service_password }}"
-        --os-auth-url {{ keystone_service_internalurl }}
-        --os-identity-api-version {{ keystone_service_internalurl.split('/v')[-1] }}
+        -A {{ swift_auth_url  }}
+        -U {{ swift_admin_user }}
+        -K {{ swift_admin_password }}
         stat -v | awk '/StorageURL\:/ {print $2}'
-  environment:
-    OS_ENDPOINT_TYPE: internalURL
   register: swift_storage_url
   when:
     - (ironic_swift_auth_account is undefined) or (ironic_swift_endpoint is undefined)

diff --git a/tasks/ironic_service_setup.yml b/tasks/ironic_service_setup.yml
@@ -24,11 +24,29 @@
     service_name: "{{ ironic_service_name }}"
     service_type: "{{ ironic_service_type }}"
     description: "{{ ironic_service_description }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+    #insecure: "{{ keystone_service_adminuri_insecure |bool }}"
+    insecure: True
   register: add_service
   until: add_service|success
   retries: 5
   delay: 2
+  when: ironic_keystone_admin_token is not defined
+
+- name: Ensure ironic service (token)
+  keystone:
+    command: "ensure_service"
+    token: "{{ ironic_keystone_admin_token }}"
+    endpoint: "{{ keystone_service_adminurl }}"
+    service_name: "{{ ironic_service_name }}"
+    service_type: "{{ ironic_service_type }}"
+    description: "{{ ironic_service_description }}"
+    #insecure: "{{ keystone_service_adminuri_insecure |bool }}"
+    insecure: True
+  register: add_service
+  until: add_service|success
+  retries: 5
+  delay: 2
+  when: ironic_keystone_admin_token is defined
 
 # Create an admin user
 - name: Ensure ironic user
@@ -41,12 +59,29 @@
     user_name: "{{ ironic_service_user_name }}"
     project_name: "{{ ironic_service_project_name }}"
     password: "{{ ironic_service_password }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+    insecure: "{{ keystone_service_adminuri_insecure|bool  }}"
   register: add_service
   when: not ironic_service_in_ldap | bool
   until: add_service|success
   retries: 5
   delay: 10
+  when: ironic_keystone_admin_token is not defined
+
+- name: Ensure ironic user (token)
+  keystone:
+    command: "ensure_user"
+    endpoint: "{{ keystone_service_adminurl }}"
+    token: "{{ ironic_keystone_admin_token }}"
+    user_name: "{{ ironic_service_user_name }}"
+    project_name: "{{ ironic_service_project_name }}"
+    password: "{{ ironic_service_password }}"
+    insecure: "{{ keystone_service_adminuri_insecure|bool  }}"
+  register: add_service
+  when: not ironic_service_in_ldap | bool
+  until: add_service|success
+  retries: 5
+  delay: 10
+  when: ironic_keystone_admin_token is defined
 
 # Add a role to the user
 - name: Ensure ironic user to admin role
@@ -59,12 +94,29 @@
     user_name: "{{ ironic_service_user_name }}"
     project_name: "{{ ironic_service_project_name }}"
     role_name: "{{ ironic_service_role_name }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+    insecure: "{{ keystone_service_adminuri_insecure|bool  }}"
   register: add_service
   when: not ironic_service_in_ldap | bool
   until: add_service|success
   retries: 5
   delay: 10
+  when: ironic_keystone_admin_token is not defined
+
+- name: Ensure ironic user to admin role (token)
+  keystone:
+    command: "ensure_user_role"
+    token: "{{ ironic_keystone_admin_token }}"
+    endpoint: "{{ keystone_service_adminurl }}"
+    user_name: "{{ ironic_service_user_name }}"
+    project_name: "{{ ironic_service_project_name }}"
+    role_name: "{{ ironic_service_role_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure|bool  }}"
+  register: add_service
+  when: not ironic_service_in_ldap | bool
+  until: add_service|success
+  retries: 5
+  delay: 10
+  when: ironic_keystone_admin_token is defined
 
 # Create an endpoint
 - name: Ensure ironic endpoint
@@ -77,7 +129,29 @@
     region_name: "{{ ironic_service_region }}"
     service_name: "{{ ironic_service_name }}"
     service_type: "{{ ironic_service_type }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
+    insecure: "{{ keystone_service_adminuri_insecure|bool  }}"
+    endpoint_list:
+      - url: "{{ ironic_service_publicurl }}"
+        interface: "public"
+      - url: "{{ ironic_service_internalurl }}"
+        interface: "internal"
+      - url: "{{ ironic_service_adminurl }}"
+        interface: "admin"
+  register: add_service
+  until: add_service|success
+  retries: 5
+  delay: 10
+  when: ironic_keystone_admin_token is not defined
+
+- name: Ensure ironic endpoint (token)
+  keystone:
+    command: "ensure_endpoint"
+    token: "{{ ironic_keystone_admin_token }}"
+    endpoint: "{{ keystone_service_adminurl }}"
+    region_name: "{{ ironic_service_region }}"
+    service_name: "{{ ironic_service_name }}"
+    service_type: "{{ ironic_service_type }}"
+    insecure: "{{ keystone_service_adminuri_insecure|bool  }}"
     endpoint_list:
       - url: "{{ ironic_service_publicurl }}"
         interface: "public"
@@ -89,3 +163,4 @@
   until: add_service|success
   retries: 5
   delay: 10
+  when: ironic_keystone_admin_token is defined
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -33,7 +33,7 @@
     - ironic-install
 
 - include: ironic_api_install.yml
-  when: inventory_hostname in groups['ironic_api']
+  when: "inventory_hostname in groups['ironic_api']"
   tags:
     - ironic-install