Identity Role - Complete

openstack/ansible.cfg

@@ -1,3 +1,4 @@
 [defaults]
-remote_user = vagrant
+remote_user = ubuntu
 inventory   = myhosts.ini
+force_handlers = True

openstack/key/vibe.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEqAIBAAKCAQEAqMf/ZWM4nEHC0XzWVD1srWMmEyd3MHukJKSqhUADpEAfJoI/
+YxwBULSe9HX4s9eDKvHt4WwNCwghtR6N7mVSks5pFBhKpmtLt4t9HOL3Rk3cBbXx
+kdHNdp4rtU1lROABWzHgHhGFkAAQDe7DY5SA8mgxRzV0jkfiqc9pkyHlZapTB2XO
+jWiBayoXFwvT0cAdEB2k0JyJ7bfSXjiq5fT7B+vjdDgPHEOhSm5c6GiZR4aGSlqK
+CM8odjsqc1AzatGZgWpNGFduhrGG45dKg3atc/v5IG+WyGRpxbl4G/vuGYJ92No+
+Mgqj/0pQdWOHD+myYqRr2Gp2zgl+MQO2vLVd+wIDAQABAoIBAQCEGwZr9R16MH6s
+OWoIxYsqq1BB7cH80MnJZJmTcmdnSEkZexjiGiltYfKIpU3kderU0ke/CTOsTtET
+UrcEwYnAHo9giyLi31iEcUmcMooZHRf54E8UM4L+NQ9A+TMqlap6Fq+02UIRU/s8
+7IVCjBnhomvvsIdqVhmzkASyhPVofIDHkwVrLEQKaqKeX8Rhne8ZOqO6zGjZnnfi
+7MbUkV/Ls3uJXGf0U3s6hjn+k+g3WfyDQfD8e5aCR8kbSR2rc3WTgv4eD91S6htQ
+FHezF7XwmiP91yOAeY7NHo7O6kME0HlVxJyBuKbv4QG5StG8ZbTKFnujkTvWriHf
+NhT4OtEBAoIAgQC5r8eyrKuOaKY+kFs5pBKYeN2aihGXOoZbnkiT8grmvcLlOk03
+gWTR1im0uvhPKehOgYP1c1w2hPnqH3/8edW2HLkmOMR6HFLOEodIN9j/iDnn+2Mu
+SN+UFt5lnP9MloaStBX6y917nTXJ6nYU+ARhSn/OAIzD1vTbFwRmTk6krwKCAIEA
+6LFuIkZhC6Z0SjAeyCpQAnqdeurLSgauGkazrJXjv9KbnzhcTYpIxh8j+cKwdIo0
+E92bY+IK4p8tZD6kVQWo1r4Ab19DxCwMuXwF6LSfOzblk9HeaGFZo6nWnvcdwlWx
+BzhCp6jTXOHNDTLesrxuGCl+f9lmFhmGs1MM8p2YBnUCggCAaXHIlU44ncYPobeY
+FkN1y9/W98sv8hDp+10HGfx49E8OPd29u6de+UoEpP0HxOynXu1tYhUAaHVa9fit
+VVJaafAls+7IpA8xdpRO/lO4hmN1fqbiy4XWcOILqOhekb9o7CYX1TOvsmK0CNV7
++Kxe0GDd8r2dMhj/Mur/NJmDT0ECggCAITVZO2kB5pC93eyaKATp4ECxgt5JXuov
+JK7ca5AErdaXwRRhD+vhUO0WzEk9t5QVtJQW3h1fYlJHPxw1hbDGFMeO9lYJLNEA
+i+QoT7qfUusVvo/gBtOF4HaXm5420Ao8toQP9y9/4qyTAAQ3hhigObCKTiKvkA3a
+jHMY0PMuxBUCggCAUrFacRFdb2SzeZdRXulUNd1o2BRv/8FZRBzBq8Rh5jRrPHVv
+OPqwcgs7tD7kRNNNQS9N7qmwCpXNRkNxVh0ILPxtZS67CiMzF9SZSRDMEHE5+/De
+eOdhJSKOFLZ63hZVsvrRsL+Ns+V44+z1P8bow5Bp+xSRExAXewwDq7tyMAI=
+-----END RSA PRIVATE KEY-----

openstack/myhosts.ini

@@ -2,16 +2,16 @@
 localhost ansible_connection=local
 
 [controller]
-192.168.70.11
+192.168.0.54
 
 [controller:vars]
 ntp_server=3.in.pool.ntp.org
-cont_ip=192.168.70.11
+cont_ip=192.168.0.54
 ansible_nodename=controller
 rabbit_pass=password
 
 [compute]
-192.168.70.12
+192.168.0.56
 
 [compute:vars]
 ntp_server=controller

openstack/openstack.retry

@@ -1 +1,2 @@
-192.168.70.11
+192.168.0.54
+192.168.0.56

openstack/openstack.yml

@@ -1,3 +1,3 @@
 ---
-#- include: environ.yml
+- include: environ.yml
 - include: keystone.yml

openstack/roles/environment/tasks/common.yml

@@ -1,4 +1,6 @@
 ---
+- name: Define Network Interfaces
+  template: src=interfaces.j2 dest=/etc/network/interfaces
 - name: Update the apt cache
   apt:  update_cache=yes
 - name: Install and Configure NTP
@@ -12,10 +14,10 @@
 - name: Install software properties
   apt: name=software-properties-common  state=installed
 - name: Add OpenStack Repository
-  apt_repository: repo='deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/liberty main'
+  command: add-apt-repository cloud-archive:liberty -y
 - name: Update the apt cache with OpenStack Repository
   apt:  update_cache=yes
 - name: Distro upgrade
-  command: apt-get dist-upgrade --allow-unauthenticated
+  apt: upgrade=dist allow_unauthenticated=yes
 - name: Install OpenStack Client
   apt: name=python-openstackclient state=installed allow_unauthenticated=yes

openstack/roles/environment/templates/hosts.j2

@@ -6,7 +6,7 @@ ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 
 # controller
-192.168.70.11 controller
+{{ cont_ip }} controller
 
 # compute
-192.168.70.12 compute
+{{ comp_ip }} compute

openstack/roles/environment/templates/interfaces.j2

@@ -0,0 +1,13 @@
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto {{ ansible_default_ipv4.interface }}
+iface {{ ansible_default_ipv4.interface }} inet static
+        address {{ ansible_default_ipv4.address }}
+        netmask {{ ansible_default_ipv4.netmask }}
+        broadcast {{ ansible_default_ipv4.broadcast }}
+        gateway {{ ansible_default_ipv4.gateway }}
+        dns-nameserver 8.8.8.8
+        up ip link set dev $IFACE up
+        down ip link set dev $IFACE down

openstack/roles/environment/vars/main.yml

@@ -1,2 +1,4 @@
 ---
 # vars file for environment
+cont_ip: 192.168.0.54
+comp_ip: 192.168.0.56

openstack/roles/keystone/files/keystone.sh

@@ -2,5 +2,4 @@
 openstack service create --name keystone --description "OpenStack Identity" identity &&
 openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0 &&
 openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0 &&
-openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0 &&
-openstack project create --domain default --description "Admin Project" admin
+openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0 

openstack/roles/keystone/handlers/main.yml

@@ -1,6 +1,10 @@
 ---
 # handlers file for keystone
+- name: restart keystone
+  service: name=keystone state=restarted
+
 - name: restart mysql
   service: name=mysql state=restarted
+
 - name: restart apache
   service: name=apache2 state=restarted

openstack/roles/keystone/tasks/api.yml

@@ -22,11 +22,35 @@
 #  shell: source /root/.bashrc
 #  args:
 #     executable: /bin/bash
+- name: Create Openstack common folder
+  file: path=/openstack state=directory mode=0755
 - name: Create the service entity for the Identity service
-  copy: src=./files/keystone.sh  dest=/openstack/keystone.sh
+  copy: src=./files/keystone.sh  dest=/openstack/keystone.sh force=yes
 - name: Create the service entity for the Identity service
-  command: bash /openstack/keystone.sh
+  shell: bash /openstack/keystone.sh && touch /openstack/keystone.txt
+  args:
+    creates: /openstack/keystone.txt
   environment:
     OS_TOKEN: '{{admin_token}}'
     OS_URL: 'http://controller:35357/v3'
     OS_IDENTITY_API_VERSION: '3'
+- name: Copy Admin project script
+  template: src=project.sh.j2 dest=/openstack/project.sh
+- name: Create Admin project
+  shell: bash /openstack/project.sh && touch /openstack/admin-pro.txt
+  args:
+    creates: /openstack/admin-pro.txt
+  environment:
+    OS_TOKEN: '{{admin_token}}'
+    OS_URL: 'http://controller:35357/v3'
+    OS_IDENTITY_API_VERSION: '3'
+- name: Install Python pip
+  apt: name=python-pip  state=installed allow_unauthenticated=yes
+- name: Create OpenRC file
+  template: src=admin-openrc.sh.j2 dest=/openstack/admin-openrc.sh
+- name: Check the operation
+  shell: source /openstack/admin-openrc.sh && openstack token issue
+  args:
+   executable: /bin/bash
+  register: openrc
+- debug: msg="{{ openrc.stdout }}"

openstack/roles/keystone/tasks/install.yml

@@ -1,6 +1,6 @@
 ---
 - name: Disable Keystone start on boot
-  shell: echo "manual" > /etc/init/keystone.override
+  template: src=keystone.override.j2 dest=/etc/init/keystone.override
 - name: Install Keystone, Apache and Memcache
   apt: name={{item}}  state=installed allow_unauthenticated=yes
   with_items:
@@ -11,17 +11,20 @@
     - python-memcache
 - name: Keystone configuration
   template: src=keystone.conf.j2  dest=/etc/keystone/keystone.conf
+  notify:
+  - restart keystone
+- meta: flush_handlers
 - name: Populate the Identity service database
   shell: su -s /bin/sh -c "keystone-manage db_sync" keystone
   become: yes
   become_user: root
 - name: Apache main configuration
   template: src=apache2.conf.j2 dest=/etc/apache2.conf
   notify:
-    - restart apache
+  - restart apache
 - name: WSGI configuration
   template: src=wsgi-keystone.conf.j2 dest=/etc/apache2/sites-availablewsgi-keystone.conf
   notify:
-    - restart apache
+  - restart apache
 - name: Delete SQLite database
   file: path=/var/lib/keystone/keystone.db state=absent force=yes

openstack/roles/keystone/tasks/prerequisites.yml

@@ -11,4 +11,4 @@
               password={{ mysql_userpass }}
               state=present
               priv=keystone.*:ALL
-              host_all=yes
+              host={{ remote_host_ip }}

openstack/roles/keystone/templates/admin-openrc.sh.j2

@@ -3,7 +3,6 @@ export OS_USER_DOMAIN_ID=default
 export OS_PROJECT_NAME=admin
 export OS_TENANT_NAME=admin
 export OS_USERNAME=admin
-export OS_PASSWORD={{admin_pass}}
+export OS_PASSWORD={{ openstack_admin_pass }}
 export OS_AUTH_URL=http://controller:35357/v3
 export OS_IDENTITY_API_VERSION=3
-export OS_AUTH_TYPE=password

openstack/roles/keystone/templates/keystone.conf.j2

@@ -3,7 +3,6 @@
 #
 # From keystone
 #
-
 # A "shared secret" that can be used to bootstrap Keystone. This "token" does
 # not represent a user, and carries no explicit authorization. To disable in
 # production (highly recommended), remove AdminTokenAuthMiddleware from your

openstack/roles/keystone/templates/keystone.override.j2

@@ -0,0 +1 @@
+manual

openstack/roles/keystone/templates/project.sh.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+openstack project create --domain default --description "Admin Project" admin &&
+openstack user create --domain default --password={{ openstack_admin_pass }} admin &&
+openstack role create admin &&
+openstack role add --project admin --user admin admin

openstack/roles/keystone/vars/main.yml

@@ -6,3 +6,4 @@ mysql_userpass: password
 remote_host_ip: '%'
 admin_token: a5b2d59412a055cb9d7f
 admin_pass: password
+openstack_admin_pass: password