summaryrefslogtreecommitdiff
path: root/roles/additional-keystone-users/tasks/main.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/additional-keystone-users/tasks/main.yaml')
-rw-r--r--roles/additional-keystone-users/tasks/main.yaml134
1 files changed, 134 insertions, 0 deletions
diff --git a/roles/additional-keystone-users/tasks/main.yaml b/roles/additional-keystone-users/tasks/main.yaml
new file mode 100644
index 000000000..546729bfe
--- /dev/null
+++ b/roles/additional-keystone-users/tasks/main.yaml
@@ -0,0 +1,134 @@
+- name: Set S3 endpoint
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: s3_storage_url
+ value: http://localhost:8080
+ become: true
+
+- name: Create primary S3 user
+ shell: >
+ openstack --os-auth-url http://localhost/identity
+ --os-project-domain-id default --os-project-name admin
+ --os-user-domain-id default --os-username admin
+ --os-password secretadmin
+ credential create --type ec2 --project swiftprojecttest1 swiftusertest1
+ '{"access": "s3-user1", "secret": "s3-secret1"}'
+- name: Add primary S3 user to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: s3_access_key
+ value: s3-user1
+ become: true
+- name: Add primary S3 user secret to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: s3_secret_key
+ value: s3-secret1
+ become: true
+
+- name: Clear secondary S3 user from test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: s3_access_key2
+ value: ""
+ become: true
+
+- name: Create restricted S3 user
+ shell: >
+ openstack --os-auth-url http://localhost/identity
+ --os-project-domain-id default --os-project-name admin
+ --os-user-domain-id default --os-username admin
+ --os-password secretadmin
+ credential create --type ec2 --project swiftprojecttest1 swiftusertest3
+ '{"access": "s3-user3", "secret": "s3-secret3"}'
+- name: Add restricted S3 user to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: s3_access_key3
+ value: s3-user3
+ become: true
+- name: Add restricted S3 user secret to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: s3_secret_key3
+ value: s3-secret3
+ become: true
+
+- name: Create service role
+ shell: >
+ openstack --os-auth-url http://localhost/identity
+ --os-project-domain-id default --os-project-name admin
+ --os-user-domain-id default --os-username admin
+ --os-password secretadmin
+ role create swift_service
+- name: Create service project
+ shell: >
+ openstack --os-auth-url http://localhost/identity
+ --os-project-domain-id default --os-project-name admin
+ --os-user-domain-id default --os-username admin
+ --os-password secretadmin
+ project create swiftprojecttest5
+- name: Create service user
+ shell: >
+ openstack --os-auth-url http://localhost/identity
+ --os-project-domain-id default --os-project-name admin
+ --os-user-domain-id default --os-username admin
+ --os-password secretadmin
+ user create --project swiftprojecttest5 swiftusertest5 --password testing5
+- name: Assign service role
+ shell: >
+ openstack --os-auth-url http://localhost/identity
+ --os-project-domain-id default --os-project-name admin
+ --os-user-domain-id default --os-username admin
+ --os-password secretadmin
+ role add --project swiftprojecttest5 --user swiftusertest5 swift_service
+
+- name: Add service_roles to proxy-server.conf
+ ini_file:
+ path: /etc/swift/proxy-server.conf
+ section: filter:keystoneauth
+ option: SERVICE_KEY_service_roles
+ value: swift_service
+ become: true
+- name: Update reseller prefixes in proxy-server.conf
+ ini_file:
+ path: /etc/swift/proxy-server.conf
+ section: filter:keystoneauth
+ option: reseller_prefix
+ value: AUTH, SERVICE_KEY
+ become: true
+
+- name: Add service account to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: account5
+ value: swiftprojecttest5
+ become: true
+- name: Add service user to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: username5
+ value: swiftusertest5
+ become: true
+- name: Add service password to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: password5
+ value: testing5
+ become: true
+- name: Add service prefix to test.conf
+ ini_file:
+ path: /etc/swift/test.conf
+ section: func_test
+ option: service_prefix
+ value: SERVICE_KEY
+ become: true
View Lorry Controller Status