Merge "Add Trustee User and Domain Creation"

defaults/main.yml

@@ -81,6 +81,11 @@ magnum_service_project_domain_name: Default
 magnum_service_user_domain_name: default
 magnum_service_project_name: service
 
+# Trustee User
+magnum_trustee_domain_admin_name: trustee_domain_admin
+magnum_trustee_domain_name: magnum
+magnum_trustee_domain_admin_roles: ['admin']
+
 #Glance images
 magnum_glance_images: []
 ## Example Glance Image - Fedora Atomic

extras/user_secrets_magnum.yml

@@ -1,3 +1,4 @@
 magnum_service_password:
 magnum_galera_password:
 magnum_rabbitmq_password:
+magnum_trustee_password:

tasks/service-setup.yml

@@ -102,3 +102,61 @@
     - magnum-service-add
     - magnum-endpoints-add
     - magnum-setup
+
+- name: Ensure the magnum trustee domain exists
+  keystone:
+    command: "ensure_domain"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+    domain_name: "{{ magnum_trustee_domain_name }}"
+    domain_enabled: true
+  register: add_magnum_trustee_user
+  until: add_magnum_trustee_user |success
+  retries: 5
+  delay: 2
+  tags:
+    - magnum-domain-add
+    - magnum-setup
+
+- name: Ensure the magnum trustee user exists
+  keystone:
+    command: "ensure_user"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+    user_name: "{{ magnum_trustee_domain_admin_name }}"
+    domain_name: "{{ magnum_trustee_domain_name }}"
+    project_name: "{{ magnum_service_project_name }}"
+    password: "{{ magnum_trustee_password |default('changeme') }}"
+  register: add_magnum_trustee_user
+  until: add_magnum_trustee_user |success
+  retries: 5
+  delay: 2
+  tags:
+    - magnum-user-add
+    - magnum-setup
+
+- name: Ensure the magnum user has the admin role
+  keystone:
+    command: "ensure_user_role"
+    endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
+    user_name: "{{ magnum_trustee_domain_admin_name }}"
+    role_name: "{{ item }}"
+    domain_name: "{{ magnum_trustee_domain_name }}"
+    insecure: "{{ keystone_service_adminuri_insecure }}"
+  register: ensure_magnum_trustee_roles
+  until: ensure_magnum_trustee_roles |success
+  retries: 5
+  delay: 2
+  with_items: "{{ magnum_trustee_domain_admin_roles }}"
+  tags:
+    - magnum-role-setup
+    - magnum-setup

templates/magnum.conf.j2

@@ -54,3 +54,8 @@ rabbit_password = {{ magnum_rabbitmq_password }}
 rabbit_virtual_host = {{ magnum_rabbitmq_vhost }}
 rabbit_notification_exchange = magnum
 rabbit_notification_topic = notification
+
+[trust]
+trustee_domain_admin_password = {{ magnum_trustee_password }}
+trustee_domain_admin_name = {{ magnum_trustee_domain_admin_name }}
+trustee_domain_name = {{ magnum_trustee_domain_name }}