diff --git a/ansible/public-openrc.yml b/ansible/public-openrc.yml new file mode 100644 index 000000000..41285da88 --- /dev/null +++ b/ansible/public-openrc.yml @@ -0,0 +1,14 @@ +--- +# Generate an environment file for interacting with the public OpenStack APIs +# as the admin user in the admin project. + +- name: Ensure a public OpenStack API environment file exists + hosts: config-mgmt + vars: + external_api_proto: "{% if kolla_enable_tls_external | bool %}https{% else %}http{% endif %}" + external_api_vip_address: "{{ external_net_name | net_vip_address }}" + external_api_keystone_port: 5000 + roles: + - role: public-openrc + public_openrc_kolla_config_path: "{{ kolla_config_path }}" + public_openrc_auth_url: "{{ external_api_proto }}://{{ external_api_vip_address }}:{{ external_api_keystone_port }}" diff --git a/ansible/roles/public-openrc/defaults/main.yml b/ansible/roles/public-openrc/defaults/main.yml new file mode 100644 index 000000000..db15f1a61 --- /dev/null +++ b/ansible/roles/public-openrc/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Path to kolla configuration directory. +public_openrc_kolla_config_path: + +# URL of public keystone API to use for authentication. +public_openrc_auth_url: diff --git a/ansible/roles/public-openrc/tasks/main.yml b/ansible/roles/public-openrc/tasks/main.yml new file mode 100644 index 000000000..b805e8660 --- /dev/null +++ b/ansible/roles/public-openrc/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Read the admin OpenStack API environment file + slurp: + src: "{{ kolla_config_path }}/admin-openrc.sh" + register: admin_openrc + +- name: Ensure a public OpenStack API environment file exists + template: + src: public-openrc.sh.j2 + dest: "{{ public_openrc_kolla_config_path }}/public-openrc.sh" diff --git a/ansible/roles/public-openrc/templates/public-openrc.sh.j2 b/ansible/roles/public-openrc/templates/public-openrc.sh.j2 new file mode 100644 index 000000000..6e04ca764 --- /dev/null +++ b/ansible/roles/public-openrc/templates/public-openrc.sh.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +{% for line in (admin_openrc.content | b64decode).splitlines() %} +{% if "export OS_AUTH_URL" in line %} +export OS_AUTH_URL={{ public_openrc_auth_url }} +{% elif "export OS_INTERFACE" in line %} +export OS_INTERFACE=public +{% else %} +{{ line }} +{% endif %} +{% endfor %} diff --git a/doc/source/usage.rst b/doc/source/usage.rst index 55d11578c..7b8057753 100644 --- a/doc/source/usage.rst +++ b/doc/source/usage.rst @@ -369,15 +369,22 @@ Interacting with the Control Plane ---------------------------------- Kolla-ansible writes out an environment file that can be used to access the -OpenStack services:: +OpenStack admin endpoints as the admin user:: $ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/admin-openrc.sh +Kayobe also generates an environment file that can be used to access the +OpenStack public endpoints as the admin user which may be required if the +admin endpoints are not available from the control host:: + + $ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/public-openrc.sh + Performing Post-deployment Configuration ---------------------------------------- To perform post deployment configuration of the overcloud services:: + (kayobe-venv) $ source ${KOLLA_CONFIG_PATH:-/etc/kolla}/admin-openrc.sh (kayobe-venv) $ kayobe overcloud post configure This will perform the following tasks: diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py index 1444241a1..f7621ea6f 100644 --- a/kayobe/cli/commands.py +++ b/kayobe/cli/commands.py @@ -363,6 +363,10 @@ class OvercloudServiceDeploy(KollaAnsibleMixin, KayobeAnsibleMixin, Command): extra_vars = {"node_config_directory": parsed_args.kolla_config_path} self.run_kolla_ansible_overcloud(parsed_args, "post-deploy", extra_vars=extra_vars) + # Create an environment file for accessing the public API as the admin + # user. + playbooks = _build_playbook_list("public-openrc") + self.run_kayobe_playbooks(parsed_args, playbooks) class OvercloudContainerImagePull(KollaAnsibleMixin, Command):