openstack/kolla-ansible
Code Issues Proposed changes

Merge "Refactor service, endpoint and user registration"

Browse Source
This commit is contained in:
Zuul 2019-09-18 17:34:14 +00:00 committed by Gerrit Code Review
commit a21b9b5430
82 changed files with 1156 additions and 1452 deletions
ansible/roles
aodh
defaults
main.yml
tasks
register.yml
barbican
defaults
main.yml
tasks
register.yml
blazar
defaults
main.yml
tasks
register.yml
ceilometer
defaults
main.yml
tasks
register.yml
ceph
defaults
main.yml
tasks
start_rgw_keystone.yml
cinder
defaults
main.yml
tasks
register.yml
cloudkitty
defaults
main.yml
tasks
register.yml
congress
defaults
main.yml
tasks
register.yml
cyborg
defaults
main.yml
tasks
register.yml
designate
defaults
main.yml
tasks
register.yml
freezer
defaults
main.yml
tasks
register.yml
glance
defaults
main.yml
tasks
register.yml
gnocchi
defaults
main.yml
tasks
register.yml
heat
defaults
main.yml
tasks
register.yml
ironic
defaults
main.yml
tasks
register.yml
karbor
defaults
main.yml
tasks
register.yml
keystone
defaults
main.yml
tasks
register.yml
kuryr
defaults
main.yml
tasks
register.yml
magnum
defaults
main.yml
tasks
register.yml
manila
defaults
main.yml
tasks
register.yml
masakari
defaults
main.yml
tasks
register.yml
mistral
defaults
main.yml
tasks
register.yml
monasca
defaults
main.yml
tasks
register.yml
murano
defaults
main.yml
tasks
register.yml
neutron
defaults
main.yml
tasks
register.yml
nova
defaults
main.yml
tasks
register.yml
octavia
defaults
main.yml
tasks
register.yml
panko
defaults
main.yml
tasks
register.yml
placement
defaults
main.yml
tasks
register.yml
qinling
defaults
main.yml
tasks
register.yml
sahara
defaults
main.yml
tasks
register.yml
searchlight
defaults
main.yml
tasks
register.yml
senlin
defaults
main.yml
tasks
register.yml
service-ks-register
defaults
main.yml
tasks
main.yml
solum
defaults
main.yml
tasks
register.yml
swift
defaults
main.yml
tasks
register.yml
tacker
defaults
main.yml
tasks
register.yml
trove
defaults
main.yml
tasks
register.yml
vitrage
defaults
main.yml
tasks
register.yml
watcher
defaults
main.yml
tasks
register.yml
zun
defaults
main.yml
tasks
register.yml

18
ansible/roles/aodh/defaults/main.yml

@ -147,3 +147,21 @@ aodh_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
aodh_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
aodh_dev_mode: "{{ kolla_dev_mode }}"
aodh_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
aodh_ks_services:
- name: "aodh"
type: "alarming"
description: "OpenStack Alarming Service"
endpoints:
- {'interface': 'admin', 'url': '{{ aodh_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ aodh_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ aodh_public_endpoint }}'}
aodh_ks_users:
- project: "service"
user: "{{ aodh_keystone_user }}"
password: "{{ aodh_keystone_password }}"
role: "admin"

42
ansible/roles/aodh/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the aodh service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "aodh"
service_type: "alarming"
description: "OpenStack Alarming Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_aodh_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ aodh_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ aodh_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ aodh_public_endpoint }}'}
- name: Creating the aodh project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ aodh_keystone_user }}"
password: "{{ aodh_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_aodh_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_aodh_auth }}"
service_ks_register_services: "{{ aodh_ks_services }}"
service_ks_register_users: "{{ aodh_ks_users }}"
tags: always

18
ansible/roles/barbican/defaults/main.yml

@ -115,3 +115,21 @@ barbican_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
barbican_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
barbican_dev_mode: "{{ kolla_dev_mode }}"
barbican_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
barbican_ks_services:
- name: "barbican"
type: "key-manager"
description: "Barbican Key Management Service"
endpoints:
- {'interface': 'admin', 'url': '{{ barbican_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ barbican_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ barbican_public_endpoint }}'}
barbican_ks_users:
- project: "service"
user: "{{ barbican_keystone_user }}"
password: "{{ barbican_keystone_password }}"
role: "admin"

42
ansible/roles/barbican/tasks/register.yml

@ -1,39 +1,11 @@
---
- name: Creating the barbican service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "barbican"
service_type: "key-manager"
description: "Barbican Key Management Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_barbican_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ barbican_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ barbican_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ barbican_public_endpoint }}'}
- name: Creating the barbican project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ barbican_keystone_user }}"
password: "{{ barbican_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_barbican_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_barbican_auth }}"
service_ks_register_services: "{{ barbican_ks_services }}"
service_ks_register_users: "{{ barbican_ks_users }}"
tags: always
- name: Creating default barbican roles
become: true

18
ansible/roles/blazar/defaults/main.yml

@ -105,3 +105,21 @@ blazar_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
blazar_enabled_notification_topics: "{{ blazar_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
blazar_ks_services:
- name: "blazar"
type: "reservation"
description: "OpenStack Reservation Service"
endpoints:
- {'interface': 'admin', 'url': '{{ blazar_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ blazar_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ blazar_public_endpoint }}'}
blazar_ks_users:
- project: "service"
user: "{{ blazar_keystone_user }}"
password: "{{ blazar_keystone_password }}"
role: "admin"

42
ansible/roles/blazar/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the blazar service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "blazar"
service_type: "reservation"
description: "OpenStack Reservation Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_blazar_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ blazar_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ blazar_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ blazar_public_endpoint }}'}
- name: Creating the blazar project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ blazar_keystone_user }}"
password: "{{ blazar_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_blazar_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_blazar_auth }}"
service_ks_register_services: "{{ blazar_ks_services }}"
service_ks_register_users: "{{ blazar_ks_users }}"
tags: always

10
ansible/roles/ceilometer/defaults/main.yml

@ -111,3 +111,13 @@ ceilometer_dev_mode: "{{ kolla_dev_mode }}"
ceilometer_source_version: "{{ kolla_source_version }}"
ceilometer_custom_meters_local_folder: "meters.d"
####################
# Keystone
####################
ceilometer_ks_users:
- project: "service"
user: "{{ ceilometer_keystone_user }}"
password: "{{ ceilometer_keystone_password }}"
role: "admin"

20
ansible/roles/ceilometer/tasks/register.yml

@ -1,18 +1,10 @@
---
- name: Creating the Ceilometer project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ ceilometer_keystone_user }}"
password: "{{ ceilometer_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ceilometer_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_ceilometer_auth }}"
service_ks_register_users: "{{ ceilometer_ks_users }}"
tags: always
- name: Associate the ResellerAdmin role and ceilometer user
become: true

19
ansible/roles/ceph/defaults/main.yml

@ -128,3 +128,22 @@ cephfs_metadata_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
# Kolla
####################
kolla_ceph_use_udev: True
####################
# Keystone
####################
ceph_rgw_ks_services:
- name: "swift"
type: "object-store"
description: "Openstack Object Storage"
endpoints:
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
ceph_rgw_ks_users:
- project: "service"
user: "{{ ceph_rgw_keystone_user }}"
password: "{{ ceph_rgw_keystone_password }}"
role: "admin"

42
ansible/roles/ceph/tasks/start_rgw_keystone.yml

@ -1,39 +1,11 @@
---
- name: Creating the Swift service and endpoint
become: true
kolla_toolbox:
module_name: kolla_keystone_service
module_args:
service_name: "swift"
service_type: "object-store"
description: "Openstack Object Storage"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ceph_rgw_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
- name: Registering keystone ceph_rgw user
become: true
kolla_toolbox:
module_name: kolla_keystone_user
module_args:
project: "service"
user: "{{ ceph_rgw_keystone_user }}"
password: "{{ ceph_rgw_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ceph_rgw_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_ceph_rgw_auth }}"
service_ks_register_services: "{{ ceph_rgw_ks_services }}"
service_ks_register_users: "{{ ceph_rgw_ks_users }}"
tags: always
- name: Creating the ResellerAdmin role
become: true

25
ansible/roles/cinder/defaults/main.yml

@ -250,3 +250,28 @@ cinder_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
cinder_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
cinder_dev_mode: "{{ kolla_dev_mode }}"
cinder_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
cinder_ks_services:
- name: "cinderv2"
type: "volumev2"
description: "Openstack Block Storage"
endpoints:
- {'interface': 'admin', 'url': '{{ cinder_v2_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ cinder_v2_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ cinder_v2_public_endpoint }}'}
- name: "cinderv3"
type: "volumev3"
description: "Openstack Block Storage"
endpoints:
- {'interface': 'admin', 'url': '{{ cinder_v3_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ cinder_v3_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ cinder_v3_public_endpoint }}'}
cinder_ks_users:
- project: "service"
user: "{{ cinder_keystone_user }}"
password: "{{ cinder_keystone_password }}"
role: "admin"

45
ansible/roles/cinder/tasks/register.yml

@ -1,39 +1,8 @@
---
- name: Creating the Cinder service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "{{ item.service_name }}"
service_type: "{{ item.service_type }}"
description: "Openstack Block Storage"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_cinder_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ cinder_v2_admin_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'}
- {'interface': 'internal', 'url': '{{ cinder_v2_internal_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'}
- {'interface': 'public', 'url': '{{ cinder_v2_public_endpoint }}', 'service_name': 'cinderv2', 'service_type': 'volumev2'}
- {'interface': 'admin', 'url': '{{ cinder_v3_admin_endpoint }}', 'service_name': 'cinderv3', 'service_type': 'volumev3'}
- {'interface': 'internal', 'url': '{{ cinder_v3_internal_endpoint }}', 'service_name': 'cinderv3', 'service_type': 'volumev3'}
- {'interface': 'public', 'url': '{{ cinder_v3_public_endpoint }}', 'service_name': 'cinderv3', 'service_type': 'volumev3'}
- name: Creating the Cinder project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ cinder_keystone_user }}"
password: "{{ cinder_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_cinder_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_cinder_auth }}"
service_ks_register_services: "{{ cinder_ks_services }}"
service_ks_register_users: "{{ cinder_ks_users }}"
tags: always

18
ansible/roles/cloudkitty/defaults/main.yml

@ -122,3 +122,21 @@ cloudkitty_storage_backend: "sqlalchemy"
# cloudkitty_influxdb_insecure_connections: false
cloudkitty_influxdb_name: "cloudkitty"
####################
# Keystone
####################
cloudkitty_ks_services:
- name: "cloudkitty"
type: "rating"
description: "OpenStack Rating"
endpoints:
- {'interface': 'admin', 'url': '{{ cloudkitty_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ cloudkitty_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ cloudkitty_public_endpoint }}'}
cloudkitty_ks_users:
- project: "service"
user: "{{ cloudkitty_keystone_user }}"
password: "{{ cloudkitty_keystone_password }}"
role: "admin"

42
ansible/roles/cloudkitty/tasks/register.yml

@ -1,39 +1,11 @@
---
- name: Creating the Cloudkitty service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "cloudkitty"
service_type: "rating"
description: "OpenStack Rating"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_cloudkitty_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ cloudkitty_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ cloudkitty_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ cloudkitty_public_endpoint }}'}
- name: Creating the Cloudkitty project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ cloudkitty_keystone_user }}"
password: "{{ cloudkitty_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_cloudkitty_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_cloudkitty_auth }}"
service_ks_register_services: "{{ cloudkitty_ks_services }}"
service_ks_register_users: "{{ cloudkitty_ks_users }}"
tags: always
- name: Creating the rating role
become: true

18
ansible/roles/congress/defaults/main.yml

@ -108,3 +108,21 @@ congress_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
congress_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
congress_dev_mode: "{{ kolla_dev_mode }}"
congress_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
congress_ks_services:
- name: "congress"
type: "policy"
description: "Congress Service"
endpoints:
- {'interface': 'admin', 'url': '{{ congress_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ congress_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ congress_public_endpoint }}'}
congress_ks_users:
- project: "service"
user: "{{ congress_keystone_user }}"
password: "{{ congress_keystone_password }}"
role: "admin"

42
ansible/roles/congress/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the congress service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "congress"
service_type: "policy"
description: "Congress Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_congress_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ congress_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ congress_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ congress_public_endpoint }}'}
- name: Creating the congress project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "congress"
password: "{{ congress_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_congress_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_congress_auth }}"
service_ks_register_services: "{{ congress_ks_services }}"
service_ks_register_users: "{{ congress_ks_users }}"
tags: always

18
ansible/roles/cyborg/defaults/main.yml

@ -96,3 +96,21 @@ cyborg_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
cyborg_enabled_notification_topics: "{{ cyborg_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
cyborg_ks_services:
- name: "cyborg"
type: "cyborg"
description: "OpenStack Cyborg Service"
endpoints:
- {'interface': 'admin', 'url': '{{ cyborg_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ cyborg_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ cyborg_public_endpoint }}'}
cyborg_ks_users:
- project: "service"
user: "{{ cyborg_keystone_user }}"
password: "{{ cyborg_keystone_password }}"
role: "admin"

42
ansible/roles/cyborg/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the cyborg service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "cyborg"
service_type: "cyborg"
description: "OpenStack Cyborg Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_cyborg_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ cyborg_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ cyborg_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ cyborg_public_endpoint }}'}
- name: Creating the cyborg project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ cyborg_keystone_user }}"
password: "{{ cyborg_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_cyborg_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_cyborg_auth }}"
service_ks_register_services: "{{ cyborg_ks_services }}"
service_ks_register_users: "{{ cyborg_ks_users }}"
tags: always

18
ansible/roles/designate/defaults/main.yml

@ -214,3 +214,21 @@ designate_notification_topics:
enabled: True
designate_enabled_notification_topics: "{{ designate_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
designate_ks_services:
- name: "designate"
type: "dns"
description: "Designate DNS Service"
endpoints:
- {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
designate_ks_users:
- project: "service"
user: "{{ designate_keystone_user }}"
password: "{{ designate_keystone_password }}"
role: "admin"

42
ansible/roles/designate/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Designate service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "designate"
service_type: "dns"
description: "Designate DNS Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_designate_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ designate_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ designate_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ designate_public_endpoint }}'}
- name: Creating the Designate project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ designate_keystone_user }}"
password: "{{ designate_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_designate_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_designate_auth }}"
service_ks_register_services: "{{ designate_ks_services }}"
service_ks_register_users: "{{ designate_ks_users }}"
tags: always

18
ansible/roles/freezer/defaults/main.yml

@ -96,3 +96,21 @@ freezer_api_git_repository: "{{ kolla_dev_repos_git }}/freezer-api"
freezer_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
freezer_dev_mode: "{{ kolla_dev_mode }}"
freezer_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
freezer_ks_services:
- name: "freezer"
type: "backup"
description: "Openstack Freezer Backup Service"
endpoints:
- {'interface': 'admin', 'url': '{{ freezer_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ freezer_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ freezer_public_endpoint }}'}
freezer_ks_users:
- project: "service"
user: "{{ freezer_keystone_user }}"
password: "{{ freezer_keystone_password }}"
role: "admin"

42
ansible/roles/freezer/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the freezer service and endpoint
become: true
kolla_toolbox:
module_name: kolla_keystone_service
module_args:
service_name: freezer
service_type: backup
description: 'Openstack Freezer Backup Service'
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_freezer_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ freezer_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ freezer_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ freezer_public_endpoint }}'}
- name: Creating the freezer project, user, and role
become: true
kolla_toolbox:
module_name: kolla_keystone_user
module_args:
project: service
user: "{{ freezer_keystone_user }}"
password: "{{ freezer_keystone_password }}"
role: admin
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_freezer_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_freezer_auth }}"
service_ks_register_services: "{{ freezer_ks_services }}"
service_ks_register_users: "{{ freezer_ks_users }}"
tags: always

18
ansible/roles/glance/defaults/main.yml

@ -39,6 +39,24 @@ glance_services:
####################
haproxy_members: "{% for host in glance_api_hosts %}server {{ hostvars[host]['ansible_hostname'] }} {{ hostvars[host]['ansible_' + hostvars[host]['api_interface']]['ipv4']['address'] }}:{{ glance_api_listen_port }} check inter 2000 rise 2 fall 5;{% endfor %}"
####################
# Keystone
####################
glance_ks_services:
- name: "glance"
type: "image"
description: "Openstack Image"
endpoints:
- {'interface': 'admin', 'url': '{{ glance_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ glance_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ glance_public_endpoint }}'}
glance_ks_users:
- project: "service"
user: "{{ glance_keystone_user }}"
password: "{{ glance_keystone_password }}"
role: "admin"
####################
# Notification
####################

42
ansible/roles/glance/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Glance service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "glance"
service_type: "image"
description: "Openstack Image"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_glance_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ glance_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ glance_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ glance_public_endpoint }}'}
- name: Creating the Glance project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ glance_keystone_user }}"
password: "{{ glance_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_glance_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_glance_auth }}"
service_ks_register_services: "{{ glance_ks_services }}"
service_ks_register_users: "{{ glance_ks_users }}"
tags: always

18
ansible/roles/gnocchi/defaults/main.yml

@ -132,3 +132,21 @@ gnocchi_metricd_workers: "{{ openstack_service_workers }}"
gnocchi_keystone_user: "gnocchi"
openstack_gnocchi_auth: "{{ openstack_auth }}"
####################
# Keystone
####################
gnocchi_ks_services:
- name: "gnocchi"
type: "metric"
description: "OpenStack Metric Service"
endpoints:
- {'interface': 'admin', 'url': '{{ gnocchi_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ gnocchi_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ gnocchi_public_endpoint }}'}
gnocchi_ks_users:
- project: "service"
user: "{{ gnocchi_keystone_user }}"
password: "{{ gnocchi_keystone_password }}"
role: "admin"

42
ansible/roles/gnocchi/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the gnocchi service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "gnocchi"
service_type: "metric"
description: "OpenStack Metric Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_gnocchi_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ gnocchi_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ gnocchi_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ gnocchi_public_endpoint }}'}
- name: Creating the gnocchi project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ gnocchi_keystone_user }}"
password: "{{ gnocchi_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_gnocchi_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_gnocchi_auth }}"
service_ks_register_services: "{{ gnocchi_ks_services }}"
service_ks_register_users: "{{ gnocchi_ks_users }}"
tags: always

25
ansible/roles/heat/defaults/main.yml

@ -136,3 +136,28 @@ heat_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
heat_enabled_notification_topics: "{{ heat_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
heat_ks_services:
- name: "heat"
type: "orchestration"
description: "Orchestration"
endpoints:
- {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ heat_public_endpoint }}'}
- name: "heat-cfn"
type: "cloudformation"
description: "Orchestration"
endpoints:
- {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}'}
heat_ks_users:
- project: "service"
user: "{{ heat_keystone_user }}"
password: "{{ heat_keystone_password }}"
role: "admin"

45
ansible/roles/heat/tasks/register.yml

@ -1,42 +1,11 @@
---
- name: Creating the Heat service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "{{ item.service_name }}"
service_type: "{{ item.service_type }}"
description: "{{ item.description }}"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_heat_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ heat_admin_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'}
- {'interface': 'internal', 'url': '{{ heat_internal_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'}
- {'interface': 'public', 'url': '{{ heat_public_endpoint }}', 'service_name': 'heat', 'service_type': 'orchestration', 'description': 'Orchestration'}
- {'interface': 'admin', 'url': '{{ heat_cfn_admin_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'}
- {'interface': 'internal', 'url': '{{ heat_cfn_internal_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'}
- {'interface': 'public', 'url': '{{ heat_cfn_public_endpoint }}', 'service_name': 'heat-cfn', 'service_type': 'cloudformation', 'description': 'Orchestration'}
- name: Creating the Heat project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ heat_keystone_user }}"
password: "{{ heat_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_heat_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_heat_auth }}"
service_ks_register_services: "{{ heat_ks_services }}"
service_ks_register_users: "{{ heat_ks_users }}"
tags: always
- name: Creating the heat_stack_user role
become: true

29
ansible/roles/ironic/defaults/main.yml

@ -221,3 +221,32 @@ ironic_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
ironic_enabled_notification_topics: "{{ ironic_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
ironic_ks_services:
- name: "ironic"
type: "baremetal"
description: "Ironic baremetal provisioning service"
endpoints:
- {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}
- name: "ironic-inspector"
type: "baremetal-introspection"
description: "Ironic Inspector baremetal introspection service"
endpoints:
- {'interface': 'admin', 'url': '{{ ironic_inspector_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}
ironic_ks_users:
- project: "service"
user: "{{ ironic_keystone_user }}"
password: "{{ ironic_keystone_password }}"
role: "admin"
- project: "service"
user: "{{ ironic_inspector_keystone_user }}"
password: "{{ ironic_inspector_keystone_password }}"
role: "admin"

82
ansible/roles/ironic/tasks/register.yml

@ -1,76 +1,8 @@
---
- name: Creating the Ironic service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "ironic"
service_type: "baremetal"
description: "Ironic baremetal provisioning service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ironic_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
when: inventory_hostname in groups['ironic-api']
with_items:
- {'interface': 'admin', 'url': '{{ ironic_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ ironic_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ ironic_public_endpoint }}'}
- name: Creating the Ironic project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ ironic_keystone_user }}"
password: "{{ ironic_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ironic_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
when: inventory_hostname in groups['ironic-api']
- name: Creating the Ironic Inspector service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "ironic-inspector"
service_type: "baremetal-introspection"
description: "Ironic Inspector baremetal introspection service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ironic_inspector_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
when: inventory_hostname in groups['ironic-inspector']
with_items:
- {'interface': 'admin', 'url': '{{ ironic_inspector_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ ironic_inspector_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ ironic_inspector_public_endpoint }}'}
- name: Creating the Ironic Inspector project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ ironic_inspector_keystone_user }}"
password: "{{ ironic_inspector_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_ironic_inspector_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
when: inventory_hostname in groups['ironic-inspector']
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_ironic_auth }}"
service_ks_register_services: "{{ ironic_ks_services }}"
service_ks_register_users: "{{ ironic_ks_users }}"
tags: always

18
ansible/roles/karbor/defaults/main.yml

@ -106,3 +106,21 @@ karbor_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
karbor_enabled_notification_topics: "{{ karbor_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
karbor_ks_services:
- name: "karbor"
type: "data-protect"
description: "Application Data Protection Service"
endpoints:
- {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ karbor_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ karbor_public_endpoint }}'}
karbor_ks_users:
- project: "service"
user: "{{ karbor_keystone_user }}"
password: "{{ karbor_keystone_password }}"
role: "admin"

42
ansible/roles/karbor/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Karbor service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "karbor"
service_type: "data-protect"
description: "Application Data Protection Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_karbor_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ karbor_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ karbor_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ karbor_public_endpoint }}'}
- name: Creating the Karbor project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ karbor_keystone_user }}"
password: "{{ karbor_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_karbor_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_karbor_auth }}"
service_ks_register_services: "{{ karbor_ks_services }}"
service_ks_register_users: "{{ karbor_ks_users }}"
tags: always

13
ansible/roles/keystone/defaults/main.yml

@ -128,3 +128,16 @@ keystone_notification_topics:
enabled: "{{ enable_barbican | bool }}"
keystone_enabled_notification_topics: "{{ keystone_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
keystone_ks_services:
- name: "keystone"
type: "identity"
description: "Openstack Identity Service"
endpoints:
- {'interface': 'admin', 'url': '{{ keystone_admin_url }}'}
- {'interface': 'internal', 'url': '{{ keystone_internal_url }}'}
- {'interface': 'public', 'url': '{{ keystone_public_url }}'}

27
ansible/roles/keystone/tasks/register.yml

@ -8,28 +8,13 @@
run_once: True
with_items: "{{ multiple_regions_names }}"
# NOTE(jeffrey4l): Since keystone-manage bootstrap cloud not update the endpoint,
# run kolla_keystone_service module again.
- name: Creating the Keystone service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "keystone"
service_type: "identity"
description: "Openstack Identity Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_keystone_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_keystone_auth }}"
service_ks_register_services: "{{ keystone_ks_services }}"
tags: always
run_once: True
with_items:
- { interface: admin, url: "{{ keystone_admin_url }}" }
- { interface: internal, url: "{{ keystone_internal_url }}" }
- { interface: public, url: "{{ keystone_public_url }}" }
- name: Creating default user role
become: true

9
ansible/roles/kuryr/defaults/main.yml

@ -59,3 +59,12 @@ kuryr_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
kuryr_dev_mode: "{{ kolla_dev_mode }}"
kuryr_dimensions: "{{ default_container_dimensions }}"
kuryr_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
kuryr_ks_users:
- project: "service"
user: "{{ kuryr_keystone_user }}"
password: "{{ kuryr_keystone_password }}"
role: "admin"

20
ansible/roles/kuryr/tasks/register.yml

@ -1,15 +1,7 @@
---
- name: Creating the Kuryr project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ kuryr_keystone_user }}"
password: "{{ kuryr_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_kuryr_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_kuryr_auth }}"
service_ks_register_users: "{{ kuryr_ks_users }}"
tags: always

19
ansible/roles/magnum/defaults/main.yml

@ -115,3 +115,22 @@ magnum_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
magnum_enabled_notification_topics: "{{ magnum_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
magnum_ks_services:
- name: "magnum"
type: "container-infra"
description: "Container Infrastructure Management Service"
endpoints:
- {'interface': 'admin', 'url': '{{ magnum_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ magnum_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ magnum_public_endpoint }}'}
magnum_ks_users:
- project: "service"
user: "{{ magnum_keystone_user }}"
password: "{{ magnum_keystone_password }}"
role: "admin"

42
ansible/roles/magnum/tasks/register.yml

@ -1,39 +1,11 @@
---
- name: Creating the Magnum service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "magnum"
service_type: "container-infra"
description: "Container Infrastructure Management Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_magnum_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ magnum_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ magnum_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ magnum_public_endpoint }}'}
- name: Creating the Magnum project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ magnum_keystone_user }}"
password: "{{ magnum_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_magnum_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_magnum_auth }}"
service_ks_register_services: "{{ magnum_ks_services }}"
service_ks_register_users: "{{ magnum_ks_users }}"
tags: always
- name: Creating Magnum trustee domain
become: true

26
ansible/roles/manila/defaults/main.yml

@ -193,3 +193,29 @@ manila_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
manila_enabled_notification_topics: "{{ manila_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
manila_ks_services:
- name: "manila"
type: "share"
description: "Openstack Shared Filesystems"
endpoints:
- {'interface': 'admin', 'url': '{{ manila_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ manila_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ manila_public_endpoint }}'}
- name: "manilav2"
type: "sharev2"
description: "Openstack Shared Filesystems"
endpoints:
- {'interface': 'admin', 'url': '{{ manila_v2_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ manila_v2_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ manila_v2_public_endpoint }}'}
manila_ks_users:
- project: "service"
user: "{{ manila_keystone_user }}"
password: "{{ manila_keystone_password }}"
role: "admin"

45
ansible/roles/manila/tasks/register.yml

@ -1,39 +1,8 @@
---
- name: Creating the Manila service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "{{ item.service_name }}"
service_type: "{{ item.service_type }}"
description: "Openstack Shared Filesystems"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_manila_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ manila_admin_endpoint }}', 'service_name': 'manila', 'service_type': 'share'}
- {'interface': 'internal', 'url': '{{ manila_internal_endpoint }}', 'service_name': 'manila', 'service_type': 'share'}
- {'interface': 'public', 'url': '{{ manila_public_endpoint }}', 'service_name': 'manila', 'service_type': 'share'}
- {'interface': 'admin', 'url': '{{ manila_v2_admin_endpoint }}', 'service_name': 'manilav2', 'service_type': 'sharev2'}
- {'interface': 'internal', 'url': '{{ manila_v2_internal_endpoint }}', 'service_name': 'manilav2', 'service_type': 'sharev2'}
- {'interface': 'public', 'url': '{{ manila_v2_public_endpoint }}', 'service_name': 'manilav2', 'service_type': 'sharev2'}
- name: Creating the Manila project, user and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ manila_keystone_user }}"
password: "{{ manila_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_manila_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_manila_auth }}"
service_ks_register_services: "{{ manila_ks_services }}"
service_ks_register_users: "{{ manila_ks_users }}"
tags: always

18
ansible/roles/masakari/defaults/main.yml

@ -115,3 +115,21 @@ masakari_monitors_git_repository: "{{ kolla_dev_repos_git }}/masakarimonitors"
masakari_monitors_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
masakari_monitors_dev_mode: "{{ kolla_dev_mode }}"
masakari_monitors_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
masakari_ks_services:
- name: "masakari"
type: "instance-ha"
description: "OpenStack High Availability"
endpoints:
- {'interface': 'admin', 'url': '{{ masakari_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ masakari_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ masakari_public_endpoint }}'}
masakari_ks_users:
- project: "service"
user: "{{ masakari_keystone_user }}"
password: "{{ masakari_keystone_password }}"
role: "admin"

42
ansible/roles/masakari/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Masakari service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "masakari"
service_type: "instance-ha"
description: "OpenStack High Availability"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_masakari_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ masakari_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ masakari_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ masakari_public_endpoint }}'}
- name: Creating the Masakari project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ masakari_keystone_user }}"
password: "{{ masakari_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_masakari_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_masakari_auth }}"
service_ks_register_services: "{{ masakari_ks_services }}"
service_ks_register_users: "{{ masakari_ks_users }}"
tags: always

18
ansible/roles/mistral/defaults/main.yml

@ -135,3 +135,21 @@ mistral_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
mistral_enabled_notification_topics: "{{ mistral_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
mistral_ks_services:
- name: "mistral"
type: "workflowv2"
description: "Openstack Workflow"
endpoints:
- {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'}
mistral_ks_users:
- project: "service"
user: "{{ mistral_keystone_user }}"
password: "{{ mistral_keystone_password }}"
role: "admin"

42
ansible/roles/mistral/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Mistral service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "mistral"
service_type: "workflowv2"
description: "Openstack Workflow"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_mistral_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ mistral_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ mistral_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ mistral_public_endpoint }}'}
- name: Creating the Mistral project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ mistral_keystone_user }}"
password: "{{ mistral_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_mistral_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_mistral_auth }}"
service_ks_register_services: "{{ mistral_ks_services }}"
service_ks_register_users: "{{ mistral_ks_users }}"
tags: always

29
ansible/roles/monasca/defaults/main.yml

@ -338,3 +338,32 @@ monasca_log_api_internal_endpoint: "{{ internal_protocol }}://{{ kolla_internal_
monasca_log_api_public_endpoint: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ monasca_log_api_port }}"
monasca_logging_debug: "{{ openstack_logging_debug }}"
####################
# Keystone
####################
monasca_ks_services:
- name: "monasca-api"
type: "monitoring"
description: "Monasca monitoring as a service"
endpoints:
- {'interface': 'admin', 'url': '{{ monasca_api_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ monasca_api_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ monasca_api_public_endpoint }}'}
- name: "monasca-log-api"
type: "logging"
description: "Monasca logging as a service"
endpoints:
- {'interface': 'admin', 'url': '{{ monasca_log_api_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ monasca_log_api_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ monasca_log_api_public_endpoint }}'}
monasca_ks_users:
- project: "service"
user: "{{ monasca_keystone_user }}"
password: "{{ monasca_keystone_password }}"
role: "admin"
- project: "{{ monasca_control_plane_project }}"
user: "{{ monasca_agent_user }}"
password: "{{ monasca_agent_password }}"
role: "{{ monasca_agent_authorized_roles | first }}"

77
ansible/roles/monasca/tasks/register.yml

@ -1,60 +1,12 @@
---
- name: Creating monasca-api service and endpoints
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "monasca-api"
service_type: "monitoring"
description: "Monasca monitoring as a service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ monasca_openstack_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ monasca_api_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ monasca_api_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ monasca_api_public_endpoint }}'}
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ monasca_openstack_auth }}"
service_ks_register_services: "{{ monasca_ks_services }}"
service_ks_register_users: "{{ monasca_ks_users }}"
tags: always
- name: Creating monasca-log-api service and endpoints
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "monasca-log-api"
service_type: "logging"
description: "Monasca logging as a service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ monasca_openstack_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ monasca_log_api_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ monasca_log_api_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ monasca_log_api_public_endpoint }}'}
- name: Creating the monasca keystone user
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ monasca_keystone_user }}"
password: "{{ monasca_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ monasca_openstack_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- name: Creating monasca roles
become: true
@ -72,18 +24,3 @@
- "{{ monasca_agent_authorized_roles }}"
- "{{ monasca_read_only_authorized_roles }}"
- "{{ monasca_delegate_authorized_roles }}"
- name: Creating the monasca agent user
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "{{ monasca_control_plane_project }}"
user: "{{ monasca_agent_user }}"
password: "{{ monasca_agent_password }}"
role: "{{ monasca_agent_authorized_roles | first }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ monasca_openstack_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True

18
ansible/roles/murano/defaults/main.yml

@ -98,3 +98,21 @@ murano_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
murano_enabled_notification_topics: "{{ murano_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
murano_ks_services:
- name: "murano"
type: "application-catalog"
description: "Openstack Application Catalogue"
endpoints:
- {'interface': 'admin', 'url': '{{ murano_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ murano_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ murano_public_endpoint }}'}
murano_ks_users:
- project: "service"
user: "{{ murano_keystone_user }}"
password: "{{ murano_keystone_password }}"
role: "admin"

42
ansible/roles/murano/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Murano service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "murano"
service_type: "application-catalog"
description: "Openstack Application Catalogue"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_murano_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ murano_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ murano_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ murano_public_endpoint }}'}
- name: Creating the Murano project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ murano_keystone_user }}"
password: "{{ murano_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_murano_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_murano_auth }}"
service_ks_register_services: "{{ murano_ks_services }}"
service_ks_register_users: "{{ murano_ks_users }}"
tags: always

18
ansible/roles/neutron/defaults/main.yml

@ -488,3 +488,21 @@ neutron_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
neutron_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
neutron_dev_mode: "{{ kolla_dev_mode }}"
neutron_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
neutron_ks_services:
- name: "neutron"
type: "network"
description: "Openstack Networking"
endpoints:
- {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ neutron_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ neutron_public_endpoint }}'}
neutron_ks_users:
- project: "service"
user: "{{ neutron_keystone_user }}"
password: "{{ neutron_keystone_password }}"
role: "admin"

42
ansible/roles/neutron/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Neutron service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "neutron"
service_type: "network"
description: "Openstack Networking"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_neutron_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ neutron_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ neutron_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ neutron_public_endpoint }}'}
- name: Creating the Neutron project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ neutron_keystone_user }}"
password: "{{ neutron_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_neutron_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_neutron_auth }}"
service_ks_register_services: "{{ neutron_ks_services }}"
service_ks_register_users: "{{ neutron_ks_users }}"
tags: always

25
ansible/roles/nova/defaults/main.yml

@ -384,6 +384,31 @@ nova_services_require_nova_conf:
# around 10 seconds, but the default is 30 to allow room for slowness.
nova_compute_startup_delay: 30
####################
# Keystone
####################
nova_ks_services:
- name: "nova_legacy"
type: "compute_legacy"
description: "OpenStack Compute Service (Legacy 2.0)"
endpoints:
- {'interface': 'admin', 'url': '{{ nova_legacy_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ nova_legacy_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ nova_legacy_public_endpoint }}'}
- name: "nova"
type: "compute"
description: "OpenStack Compute Service"
endpoints:
- {'interface': 'admin', 'url': '{{ nova_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ nova_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ nova_public_endpoint }}'}
nova_ks_users:
- project: "service"
user: "{{ nova_keystone_user }}"
password: "{{ nova_keystone_password }}"
role: "admin"
####################
# Notification
####################

45
ansible/roles/nova/tasks/register.yml

@ -1,39 +1,8 @@
---
- name: Creating the Nova service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "{{ item.name }}"
service_type: "{{ item.service_type }}"
description: "{{ item.description }}"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_nova_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'name': 'nova_legacy', 'service_type': 'compute_legacy', 'interface': 'admin', 'url': '{{ nova_legacy_admin_endpoint }}', 'description': 'OpenStack Compute Service (Legacy 2.0)'}
- {'name': 'nova_legacy', 'service_type': 'compute_legacy', 'interface': 'internal', 'url': '{{ nova_legacy_internal_endpoint }}', 'description': 'OpenStack Compute Service (Legacy 2.0)'}
- {'name': 'nova_legacy', 'service_type': 'compute_legacy', 'interface': 'public', 'url': '{{ nova_legacy_public_endpoint }}', 'description': 'OpenStack Compute Service (Legacy 2.0)'}
- {'name': 'nova', 'service_type': 'compute', 'interface': 'admin', 'url': '{{ nova_admin_endpoint }}', 'description': 'OpenStack Compute Service'}
- {'name': 'nova', 'service_type': 'compute', 'interface': 'internal', 'url': '{{ nova_internal_endpoint }}', 'description': 'OpenStack Compute Service'}
- {'name': 'nova', 'service_type': 'compute', 'interface': 'public', 'url': '{{ nova_public_endpoint }}', 'description': 'OpenStack Compute Service'}
- name: Creating the Nova project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ nova_keystone_user }}"
password: "{{ nova_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_nova_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_nova_auth }}"
service_ks_register_services: "{{ nova_ks_services }}"
service_ks_register_users: "{{ nova_ks_users }}"
tags: always

18
ansible/roles/octavia/defaults/main.yml

@ -120,3 +120,21 @@ octavia_logging_debug: "{{ openstack_logging_debug }}"
octavia_keystone_user: "octavia"
openstack_octavia_auth: "{{ openstack_auth }}"
####################
# Keystone
####################
octavia_ks_services:
- name: "octavia"
type: "load-balancer"
description: "Octavia Load Balancing Service"
endpoints:
- {'interface': 'admin', 'url': '{{ octavia_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ octavia_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ octavia_public_endpoint }}'}
octavia_ks_users:
- project: "service"
user: "{{ octavia_keystone_user }}"
password: "{{ octavia_keystone_password }}"
role: "admin"

42
ansible/roles/octavia/tasks/register.yml

@ -1,39 +1,11 @@
---
- name: Creating the Octavia service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "octavia"
service_type: "load-balancer"
description: "Octavia Load Balancing Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_octavia_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ octavia_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ octavia_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ octavia_public_endpoint }}'}
- name: Creating the Octavia project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ octavia_keystone_user }}"
password: "{{ octavia_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_octavia_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_octavia_auth }}"
service_ks_register_services: "{{ octavia_ks_services }}"
service_ks_register_users: "{{ octavia_ks_users }}"
tags: always
- name: Adding octavia user into admin project
become: true

18
ansible/roles/panko/defaults/main.yml

@ -58,3 +58,21 @@ panko_logging_debug: "{{ openstack_logging_debug }}"
panko_keystone_user: "panko"
openstack_panko_auth: "{{ openstack_auth }}"
####################
# Keystone
####################
panko_ks_services:
- name: "panko"
type: "event"
description: "Panko Service"
endpoints:
- {'interface': 'admin', 'url': '{{ panko_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ panko_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ panko_public_endpoint }}'}
panko_ks_users:
- project: "service"
user: "{{ panko_keystone_user }}"
password: "{{ panko_keystone_password }}"
role: "admin"

42
ansible/roles/panko/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the panko service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "panko"
service_type: "event"
description: "Panko Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_panko_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ panko_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ panko_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ panko_public_endpoint }}'}
- name: Creating the panko project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ panko_keystone_user }}"
password: "{{ panko_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_panko_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_panko_auth }}"
service_ks_register_services: "{{ panko_ks_services }}"
service_ks_register_users: "{{ panko_ks_users }}"
tags: always

18
ansible/roles/placement/defaults/main.yml

@ -89,3 +89,21 @@ nova_api_database_name: "nova_api"
nova_api_database_user: "{% if use_preconfigured_databases | bool and use_common_mariadb_user | bool %}{{ database_user }}{% else %}nova_api{% endif %}"
nova_api_database_host: "{{ database_address }}"
placement_database_host: "{{ database_address }}"
####################
# Keystone
####################
placement_ks_services:
- name: "placement"
type: "placement"
description: "Placement Service"
endpoints:
- {'interface': 'admin', 'url': '{{ placement_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ placement_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ placement_public_endpoint }}'}
placement_ks_users:
- project: "service"
user: "{{ placement_keystone_user }}"
password: "{{ placement_keystone_password }}"
role: "admin"

42
ansible/roles/placement/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the placement service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "{{ item.name }}"
service_type: "{{ item.service_type }}"
description: "{{ item.description }}"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_placement_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'name': 'placement', 'service_type': 'placement', 'interface': 'admin', 'url': '{{ placement_admin_endpoint }}', 'description': 'Placement Service'}
- {'name': 'placement', 'service_type': 'placement', 'interface': 'internal', 'url': '{{ placement_internal_endpoint }}', 'description': 'Placement Service'}
- {'name': 'placement', 'service_type': 'placement', 'interface': 'public', 'url': '{{ placement_public_endpoint }}', 'description': 'Placement Service'}
- name: Creating the placement project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ placement_keystone_user }}"
password: "{{ placement_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_placement_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_placement_auth }}"
service_ks_register_services: "{{ placement_ks_services }}"
service_ks_register_users: "{{ placement_ks_users }}"
tags: always

18
ansible/roles/qinling/defaults/main.yml

@ -91,3 +91,21 @@ qinling_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
qinling_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
qinling_dev_mode: "{{ kolla_dev_mode }}"
qinling_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
qinling_ks_services:
- name: "qinling"
type: "function-engine"
description: "Function Service"
endpoints:
- {'interface': 'admin', 'url': '{{ qinling_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ qinling_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ qinling_public_endpoint }}'}
qinling_ks_users:
- project: "service"
user: "{{ qinling_keystone_user }}"
password: "{{ qinling_keystone_password }}"
role: "admin"

42
ansible/roles/qinling/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Qinling service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "qinling"
service_type: "function-engine"
description: "Function Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_qinling_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ qinling_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ qinling_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ qinling_public_endpoint }}'}
- name: Creating the Qinling project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ qinling_keystone_user }}"
password: "{{ qinling_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_qinling_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_qinling_auth }}"
service_ks_register_services: "{{ qinling_ks_services }}"
service_ks_register_users: "{{ qinling_ks_users }}"
tags: always

18
ansible/roles/sahara/defaults/main.yml

@ -103,3 +103,21 @@ sahara_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
sahara_enabled_notification_topics: "{{ sahara_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
sahara_ks_services:
- name: "sahara"
type: "data-processing"
description: "Sahara Data Processing"
endpoints:
- {'interface': 'admin', 'url': '{{ sahara_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ sahara_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ sahara_public_endpoint }}'}
sahara_ks_users:
- project: "service"
user: "{{ sahara_keystone_user }}"
password: "{{ sahara_keystone_password }}"
role: "admin"

42
ansible/roles/sahara/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Sahara service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "sahara"
service_type: "data-processing"
description: "Sahara Data Processing"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_sahara_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ sahara_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ sahara_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ sahara_public_endpoint }}'}
- name: Creating the Sahara project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ sahara_keystone_user }}"
password: "{{ sahara_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_sahara_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_sahara_auth }}"
service_ks_register_services: "{{ sahara_ks_services }}"
service_ks_register_users: "{{ sahara_ks_users }}"
tags: always

18
ansible/roles/searchlight/defaults/main.yml

@ -85,3 +85,21 @@ searchlight_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
searchlight_enabled_notification_topics: "{{ searchlight_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
searchlight_ks_services:
- name: "searchlight"
type: "search"
description: "Openstack Index Service"
endpoints:
- {'interface': 'admin', 'url': '{{ searchlight_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ searchlight_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ searchlight_public_endpoint }}'}
searchlight_ks_users:
- project: "service"
user: "{{ searchlight_keystone_user }}"
password: "{{ searchlight_keystone_password }}"
role: "admin"

42
ansible/roles/searchlight/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Searchlight service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "searchlight"
service_type: "search"
description: "Openstack Index Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_searchlight_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ searchlight_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ searchlight_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ searchlight_public_endpoint }}'}
- name: Creating the Searchlight project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ searchlight_keystone_user }}"
password: "{{ searchlight_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_searchlight_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_searchlight_auth }}"
service_ks_register_services: "{{ searchlight_ks_services }}"
service_ks_register_users: "{{ searchlight_ks_users }}"
tags: always

18
ansible/roles/senlin/defaults/main.yml

@ -101,3 +101,21 @@ senlin_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
senlin_enabled_notification_topics: "{{ senlin_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
senlin_ks_services:
- name: "senlin"
type: "clustering"
description: "Senlin Clustering Service"
endpoints:
- {'interface': 'admin', 'url': '{{ senlin_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ senlin_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ senlin_public_endpoint }}'}
senlin_ks_users:
- project: "service"
user: "{{ senlin_keystone_user }}"
password: "{{ senlin_keystone_password }}"
role: "admin"

42
ansible/roles/senlin/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Senlin service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "senlin"
service_type: "clustering"
description: "Senlin Clustering Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_senlin_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ senlin_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ senlin_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ senlin_public_endpoint }}'}
- name: Creating the Senlin project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ senlin_keystone_user }}"
password: "{{ senlin_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_senlin_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_senlin_auth }}"
service_ks_register_services: "{{ senlin_ks_services }}"
service_ks_register_users: "{{ senlin_ks_users }}"
tags: always

14
ansible/roles/service-ks-register/defaults/main.yml Normal file

@ -0,0 +1,14 @@
---
service_ks_register_region_name: "{{ openstack_region_name }}"
service_ks_register_auth: {}
service_ks_cacert: "{{ openstack_cacert }}"
service_ks_register_interface: "{{ openstack_interface }}"
service_ks_register_endpoint_region: "{{ openstack_region_name }}"
service_ks_register_domain: "default"
service_ks_register_delegate_host: "{{ groups['control'][0] }}"
# A list of services to register with Keystone. Each service definition should
# provide a description, service type, and a list of associated endpoints to be
# registered.
service_ks_register_services: []
# A list of users and associated roles for this service to register with Keystone
service_ks_register_users: []

107
ansible/roles/service-ks-register/tasks/main.yml Normal file

@ -0,0 +1,107 @@
---
- name: Creating the {{ project_name }} service
become: true
kolla_toolbox:
module_name: "os_keystone_service"
module_args:
name: "{{ item.name }}"
service_type: "{{ item.type }}"
description: "{{ item.description }}"
region_name: "{{ service_ks_register_region_name }}"
auth: "{{ service_ks_register_auth }}"
interface: "{{ service_ks_register_interface }}"
cacert: "{{ service_ks_cacert }}"
run_once: True
loop: "{{ service_ks_register_services }}"
delegate_to: "{{ service_ks_register_delegate_host }}"
- name: Creating the {{ project_name }} endpoints
become: true
kolla_toolbox:
module_name: "os_keystone_endpoint"
module_args:
service: "{{ item.0.name }}"
url: "{{ item.1.url }}"
endpoint_interface: "{{ item.1.interface }}"
region: "{{ service_ks_register_endpoint_region }}"
region_name: "{{ service_ks_register_region_name }}"
auth: "{{ service_ks_register_auth }}"
interface: "{{ service_ks_register_interface }}"
cacert: "{{ service_ks_cacert }}"
run_once: True
with_subelements:
- "{{ service_ks_register_services }}"
- endpoints
delegate_to: "{{ service_ks_register_delegate_host }}"
- name: Creating the {{ project_name }} service project
become: true
kolla_toolbox:
module_name: "os_project"
module_args:
name: "{{ item }}"
domain: "{{ service_ks_register_domain }}"
region_name: "{{ service_ks_register_region_name }}"
auth: "{{ service_ks_register_auth }}"
interface: "{{ service_ks_register_interface }}"
cacert: "{{ service_ks_cacert }}"
run_once: True
with_items: "{{ service_ks_register_users | map(attribute='project') | unique | list }}"
delegate_to: "{{ service_ks_register_delegate_host }}"
- name: Creating the {{ project_name }} service users
become: true
kolla_toolbox:
module_name: "os_user"
module_args:
default_project: "{{ item.project }}"
name: "{{ item.user }}"
password: "{{ item.password }}"
domain: "{{ service_ks_register_domain }}"
region_name: "{{ service_ks_register_region_name }}"
auth: "{{ service_ks_register_auth }}"
interface: "{{ service_ks_register_interface }}"
cacert: "{{ service_ks_cacert }}"
run_once: True
with_items: "{{ service_ks_register_users }}"
delegate_to: "{{ service_ks_register_delegate_host }}"
loop_control:
label:
user: "{{ item.user }}"
project: "{{ item.project }}"
- name: Creating the {{ project_name }} service roles
become: true
kolla_toolbox:
module_name: "os_keystone_role"
module_args:
name: "{{ item }}"
region_name: "{{ service_ks_register_region_name }}"
auth: "{{ service_ks_register_auth }}"
interface: "{{ service_ks_register_interface }}"
cacert: "{{ service_ks_cacert }}"
run_once: True
with_items: "{{ service_ks_register_users | map(attribute='role') | unique | list }}"
delegate_to: "{{ service_ks_register_delegate_host }}"
- name: Granting the {{ project_name }} service user roles
become: true
kolla_toolbox:
module_name: "os_user_role"
module_args:
user: "{{ item.user }}"
role: "{{ item.role }}"
project: "{{ item.project }}"
domain: "{{ service_ks_register_domain }}"
region_name: "{{ service_ks_register_region_name }}"
auth: "{{ service_ks_register_auth }}"
interface: "{{ service_ks_register_interface }}"
cacert: "{{ service_ks_cacert }}"
run_once: True
with_items: "{{ service_ks_register_users }}"
delegate_to: "{{ service_ks_register_delegate_host }}"
loop_control:
label:
user: "{{ item.user }}"
role: "{{ item.role }}"
project: "{{ item.project }}"

25
ansible/roles/solum/defaults/main.yml

@ -143,3 +143,28 @@ solum_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
solum_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
solum_dev_mode: "{{ kolla_dev_mode }}"
solum_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
solum_ks_services:
- name: "solum_image_builder"
type: "image_builder"
description: "Openstack Solum Image Builder"
endpoints:
- {'interface': 'admin', 'url': '{{ solum_image_builder_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ solum_image_builder_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ solum_image_builder_public_endpoint }}'}
- name: "solum_application_deployment"
type: "application_deployment"
description: "Openstack Solum Application Deployment"
endpoints:
- {'interface': 'admin', 'url': '{{ solum_application_deployment_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ solum_application_deployment_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ solum_application_deployment_public_endpoint }}'}
solum_ks_users:
- project: "service"
user: "{{ solum_keystone_user }}"
password: "{{ solum_keystone_password }}"
role: "admin"

63
ansible/roles/solum/tasks/register.yml

@ -1,57 +1,8 @@
---
- name: Creating the Solum image builder service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "solum_image_builder"
service_type: "image_builder"
description: "Openstack Solum Image Builder"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_solum_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ solum_image_builder_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ solum_image_builder_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ solum_image_builder_public_endpoint }}'}
- name: Creating the Solum application deployment service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "solum_application_deployment"
service_type: "application_deployment"
description: "Openstack Solum Application Deployment"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_solum_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ solum_application_deployment_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ solum_application_deployment_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ solum_application_deployment_public_endpoint }}'}
- name: Creating the Solum project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ solum_keystone_user }}"
password: "{{ solum_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_solum_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_solum_auth }}"
service_ks_register_services: "{{ solum_ks_services }}"
service_ks_register_users: "{{ solum_ks_users }}"
tags: always

18
ansible/roles/swift/defaults/main.yml

@ -77,3 +77,21 @@ syslog_server: "{{ api_interface_address }}"
syslog_swift_facility: "local0"
swift_enable_rolling_upgrade: "yes"
####################
# Keystone
####################
swift_ks_services:
- name: "swift"
type: "object-store"
description: "Openstack Object Storage"
endpoints:
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
swift_ks_users:
- project: "service"
user: "{{ swift_keystone_user }}"
password: "{{ swift_keystone_password }}"
role: "admin"

42
ansible/roles/swift/tasks/register.yml

@ -1,39 +1,11 @@
---
- name: Creating the Swift service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "swift"
service_type: "object-store"
description: "Openstack Object Storage"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_swift_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ swift_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ swift_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ swift_public_endpoint }}'}
- name: Creating the Swift project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ swift_keystone_user }}"
password: "{{ swift_keystone_password }}"
role: "{{ swift_admin_tenant_name }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_swift_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_swift_auth }}"
service_ks_register_services: "{{ swift_ks_services }}"
service_ks_register_users: "{{ swift_ks_users }}"
tags: always
- name: Creating the ResellerAdmin role
become: true

18
ansible/roles/tacker/defaults/main.yml

@ -96,3 +96,21 @@ tacker_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
tacker_enabled_notification_topics: "{{ tacker_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
tacker_ks_services:
- name: "tacker"
type: "nfv-orchestration"
description: "Tacker Service"
endpoints:
- {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ tacker_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ tacker_public_endpoint }}'}
tacker_ks_users:
- project: "service"
user: "{{ tacker_keystone_user }}"
password: "{{ tacker_keystone_password }}"
role: "admin"

42
ansible/roles/tacker/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Tacker service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "tacker"
service_type: "nfv-orchestration"
description: "Tacker Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_tacker_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ tacker_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ tacker_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ tacker_public_endpoint }}'}
- name: Creating the Tacker project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ tacker_keystone_user }}"
password: "{{ tacker_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_tacker_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_tacker_auth }}"
service_ks_register_services: "{{ tacker_ks_services }}"
service_ks_register_users: "{{ tacker_ks_users }}"
tags: always

18
ansible/roles/trove/defaults/main.yml

@ -120,3 +120,21 @@ trove_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
trove_enabled_notification_topics: "{{ trove_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
trove_ks_services:
- name: "trove"
type: "database"
description: "Trove Database Service"
endpoints:
- {'interface': 'admin', 'url': '{{ trove_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ trove_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ trove_public_endpoint }}'}
trove_ks_users:
- project: "service"
user: "{{ trove_keystone_user }}"
password: "{{ trove_keystone_password }}"
role: "admin"

42
ansible/roles/trove/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Trove service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "trove"
service_type: "database"
description: "Trove Database Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_trove_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ trove_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ trove_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ trove_public_endpoint }}'}
- name: Creating the Trove project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ trove_keystone_user }}"
password: "{{ trove_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_trove_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_trove_auth }}"
service_ks_register_services: "{{ trove_ks_services }}"
service_ks_register_users: "{{ trove_ks_users }}"
tags: always

18
ansible/roles/vitrage/defaults/main.yml

@ -171,3 +171,21 @@ vitrage_notification_topics:
enabled: True
vitrage_enabled_notification_topics: "{{ vitrage_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
vitrage_ks_services:
- name: "vitrage"
type: "rca"
description: "Root Cause Analysis Service"
endpoints:
- {'interface': 'admin', 'url': '{{ vitrage_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ vitrage_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ vitrage_public_endpoint }}'}
vitrage_ks_users:
- project: "service"
user: "{{ vitrage_keystone_user }}"
password: "{{ vitrage_keystone_password }}"
role: "admin"

42
ansible/roles/vitrage/tasks/register.yml

@ -1,39 +1,11 @@
---
- name: Creating the Vitrage service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "vitrage"
service_type: "rca"
description: "Root Cause Analysis Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_vitrage_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ vitrage_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ vitrage_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ vitrage_public_endpoint }}'}
- name: Creating the Vitrage project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ vitrage_keystone_user }}"
password: "{{ vitrage_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_vitrage_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_vitrage_auth }}"
service_ks_register_services: "{{ vitrage_ks_services }}"
service_ks_register_users: "{{ vitrage_ks_users }}"
tags: always
- name: Adding vitrage user into admin project
become: true

18
ansible/roles/watcher/defaults/main.yml

@ -118,3 +118,21 @@ watcher_notification_topics:
enabled: "{{ enable_ceilometer | bool }}"
watcher_enabled_notification_topics: "{{ watcher_notification_topics | selectattr('enabled', 'equalto', true) | list }}"
####################
# Keystone
####################
watcher_ks_services:
- name: "watcher"
type: "infra-optim"
description: "Infrastructure Optimization service"
endpoints:
- {'interface': 'admin', 'url': '{{ watcher_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ watcher_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ watcher_public_endpoint }}'}
watcher_ks_users:
- project: "service"
user: "{{ watcher_keystone_user }}"
password: "{{ watcher_keystone_password }}"
role: "admin"

42
ansible/roles/watcher/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Watcher service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "watcher"
service_type: "infra-optim"
description: "Infrastructure Optimization service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_watcher_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ watcher_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ watcher_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ watcher_public_endpoint }}'}
- name: Creating the Watcher project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ watcher_keystone_user }}"
password: "{{ watcher_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_watcher_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_watcher_auth }}"
service_ks_register_services: "{{ watcher_ks_services }}"
service_ks_register_users: "{{ watcher_ks_users }}"
tags: always

18
ansible/roles/zun/defaults/main.yml

@ -122,3 +122,21 @@ zun_git_repository: "{{ kolla_dev_repos_git }}/{{ project_name }}"
zun_dev_repos_pull: "{{ kolla_dev_repos_pull }}"
zun_dev_mode: "{{ kolla_dev_mode }}"
zun_source_version: "{{ kolla_source_version }}"
####################
# Keystone
####################
zun_ks_services:
- name: "zun"
type: "container"
description: "Container Service"
endpoints:
- {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ zun_public_endpoint }}'}
zun_ks_users:
- project: "service"
user: "{{ zun_keystone_user }}"
password: "{{ zun_keystone_password }}"
role: "admin"

42
ansible/roles/zun/tasks/register.yml

@ -1,36 +1,8 @@
---
- name: Creating the Zun service and endpoint
become: true
kolla_toolbox:
module_name: "kolla_keystone_service"
module_args:
service_name: "zun"
service_type: "container"
description: "Container Service"
endpoint_region: "{{ openstack_region_name }}"
url: "{{ item.url }}"
interface: "{{ item.interface }}"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_zun_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
with_items:
- {'interface': 'admin', 'url': '{{ zun_admin_endpoint }}'}
- {'interface': 'internal', 'url': '{{ zun_internal_endpoint }}'}
- {'interface': 'public', 'url': '{{ zun_public_endpoint }}'}
- name: Creating the Zun project, user, and role
become: true
kolla_toolbox:
module_name: "kolla_keystone_user"
module_args:
project: "service"
user: "{{ zun_keystone_user }}"
password: "{{ zun_keystone_password }}"
role: "admin"
region_name: "{{ openstack_region_name }}"
auth: "{{ openstack_zun_auth }}"
endpoint_type: "{{ openstack_interface }}"
cacert: "{{ openstack_cacert }}"
run_once: True
- import_role:
name: service-ks-register
vars:
service_ks_register_auth: "{{ openstack_zun_auth }}"
service_ks_register_services: "{{ zun_ks_services }}"
service_ks_register_users: "{{ zun_ks_users }}"
tags: always