Playbook #4
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml
Execution
Date 08 Dec 2025 13:39:52 +0000
Duration 00:35:02.03
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.12.3
Summary
2 Hosts
1377 Tasks
1365 Results
104 Plays
504 Files
0 Records
check:False tags:all

File: /etc/ansible/ansible_collections/openstack/osa/roles/service_setup/tasks/setup_roles.yml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
# Copyright 2022, City Network International AB
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Add keystone roles
  vars:
    role_mapping: "{{ (role is string) | ternary({'name': role, 'state': 'present'}, role) }}"
  openstack.cloud.identity_role:
    cloud: "{{ _service_cloud_name }}"
    state: present
    name: "{{ role_mapping['name'] }}"
    endpoint_type: admin
    validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
  register: add_role
  until: add_role is success
  retries: 5
  delay: 10
  no_log: "{{ _service_setup_nolog | default(True) }}"
  when:
    - role_mapping['state'] == 'present'
  loop: "{{ user_roles }}"
  loop_control:
    loop_var: role

- name: Add service users to roles
  vars:
    role_mapping: "{{ (role is string) | ternary({'name': role, 'state': 'present'}, role) }}"
    user_project: "{{ user.project | default(_service_project_name) }}"
  openstack.cloud.role_assignment:
    cloud: "{{ _service_cloud_name }}"
    state: "{{ role_mapping['state'] | default('present') }}"
    user: "{{ user.name }}"
    role: "{{ role_mapping['name'] }}"
    project: "{{ (user_project is truthy) | ternary(user_project, omit) }}"
    domain: "{{ user.domain | default('default') }}"
    endpoint_type: admin
    validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
  register: add_role_assignment
  until: add_role_assignment is success
  retries: 5
  delay: 10
  no_log: "{{ _service_setup_nolog | default(True) }}"
  loop: "{{ user_roles }}"
  loop_control:
    loop_var: role
  when:
    - "'name' in user"