Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

enable SSL for keystone

Browse source
This commit is contained in:
Miroslav Suchý 2015-03-02 12:35:02 +00:00
parent ee27bc5155
commit 1dee9ba400
1 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml
View file

@ -123,6 +123,7 @@
- python-glanceclient
- rabbitmq-server
- ansible-openstack-modules
- openstack-keystone
- yum: name=* state=latest
- name: add ssl cert
@ -133,6 +134,12 @@
copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/ca-trust/source/anchors/ mode=600 owner=root group=root
- command: /usr/bin/update-ca-trust
- name: add ssl cert for keystone
copy: src={{ private }}/files/openstack/fed-cloud09.pem dest=/etc/pki/tls/certs/fed-cloud09-keystone.pem mode=600 owner=keystone group=root
- name: add ssl key for keystone
copy: src={{ private }}/files/openstack/fed-cloud09.key dest=/etc/pki/tls/private/fed-cloud09-keystone.key mode=600 owner=keystone group=root
# http://docs.openstack.org/trunk/install-guide/install/yum/content/basics-database-controller.html
- name: install mysql packages
action: yum state=present pkg={{ item }}
@ -279,7 +286,13 @@
register: SERVICE_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list | grep {{SERVICE_ID.stdout}} | awk '{print $2}'
register: ENDPOINT_ID
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone --os-token '{{ADMIN_TOKEN}}' --os-endpoint 'http://fed-cloud09.cloud.fedoraproject.org:35357/v2.0' endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'http://fed-cloud09.cloud.fedoraproject.org:5000/v2.0' --adminurl 'http://fed-cloud09.cloud.fedoraproject.org:35357/v2.0' --internalurl 'http://fed-cloud09.cloud.fedoraproject.org:5000/v2.0' ) || true
- ini_file: dest=/etc/keystone/keystone.conf section=ssl option=certfile value=/etc/pki/tls/certs/fed-cloud09-keystone.pem
- ini_file: dest=/etc/keystone/keystone.conf section=ssl option=keyfile value=/etc/pki/tls/private/fed-cloud09-keystone.key
- shell: source /root/keystonerc_admin && keystone endpoint-list |grep {{SERVICE_ID.stdout}} |grep -v fed-cloud09.cloud.fedoraproject.org && (keystone endpoint-delete {{ENDPOINT_ID.stdout}} && keystone --os-token '{{ADMIN_TOKEN}}' --os-endpoint 'http://fed-cloud09.cloud.fedoraproject.org:35357/v2.0' endpoint-create --region 'RegionOne' --service {{SERVICE_ID.stdout}} --publicurl 'https://fed-cloud09.cloud.fedoraproject.org:5000/v2.0' --adminurl 'https://fed-cloud09.cloud.fedoraproject.org:35357/v2.0' --internalurl 'https://fed-cloud09.cloud.fedoraproject.org:5000/v2.0' ) || true
- ini_file: dest=/etc/keystone/keystone.conf section=ssl option=enable value=True
- service: name=openstack-keystone state=restarted
- lineinfile: dest=/root/keystonerc_admin regexp="^export OS_AUTH_URL" line="export OS_AUTH_URL=https://fed-cloud09.cloud.fedoraproject.org:5000/v2.0/"
- lineinfile: dest=/root/keystonerc_admin line="export OS_CACERT=/etc/pki/tls/certs/fed-cloud09-keystone.pem"
# neutron
- shell: source /root/keystonerc_admin && keystone service-list | grep 'neutron' | awk '{print $2}'
register: SERVICE_ID