blob: 546729bfe7bea5549e440780c9a7fc937949612d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
- name: Set S3 endpoint
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_storage_url
value: http://localhost:8080
become: true
- name: Create primary S3 user
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
credential create --type ec2 --project swiftprojecttest1 swiftusertest1
'{"access": "s3-user1", "secret": "s3-secret1"}'
- name: Add primary S3 user to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_access_key
value: s3-user1
become: true
- name: Add primary S3 user secret to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_secret_key
value: s3-secret1
become: true
- name: Clear secondary S3 user from test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_access_key2
value: ""
become: true
- name: Create restricted S3 user
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
credential create --type ec2 --project swiftprojecttest1 swiftusertest3
'{"access": "s3-user3", "secret": "s3-secret3"}'
- name: Add restricted S3 user to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_access_key3
value: s3-user3
become: true
- name: Add restricted S3 user secret to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: s3_secret_key3
value: s3-secret3
become: true
- name: Create service role
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
role create swift_service
- name: Create service project
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
project create swiftprojecttest5
- name: Create service user
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
user create --project swiftprojecttest5 swiftusertest5 --password testing5
- name: Assign service role
shell: >
openstack --os-auth-url http://localhost/identity
--os-project-domain-id default --os-project-name admin
--os-user-domain-id default --os-username admin
--os-password secretadmin
role add --project swiftprojecttest5 --user swiftusertest5 swift_service
- name: Add service_roles to proxy-server.conf
ini_file:
path: /etc/swift/proxy-server.conf
section: filter:keystoneauth
option: SERVICE_KEY_service_roles
value: swift_service
become: true
- name: Update reseller prefixes in proxy-server.conf
ini_file:
path: /etc/swift/proxy-server.conf
section: filter:keystoneauth
option: reseller_prefix
value: AUTH, SERVICE_KEY
become: true
- name: Add service account to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: account5
value: swiftprojecttest5
become: true
- name: Add service user to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: username5
value: swiftusertest5
become: true
- name: Add service password to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: password5
value: testing5
become: true
- name: Add service prefix to test.conf
ini_file:
path: /etc/swift/test.conf
section: func_test
option: service_prefix
value: SERVICE_KEY
become: true
|
