Merge "Use default user group consistently"

ansible/group_vars/all.yml

@@ -359,6 +359,7 @@ keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keyst
 keystone_token_provider: "uuid"
 fernet_token_expiry: 86400
 
+keystone_default_user_role: "_member_"
 
 #######################
 # Glance options

ansible/roles/ceph/templates/ceph.conf.j2

@@ -40,7 +40,7 @@ rgw_keystone_admin_password = {{ openstack_auth.password }}
 rgw_keystone_admin_project = {{ openstack_auth.project_name }}
 rgw_keystone_admin_domain = default
 rgw_keystone_api_version = 3
-rgw_keystone_accepted_roles = admin, _member_
+rgw_keystone_accepted_roles = admin, {{ keystone_default_user_role }}
 {% endif %}
 keyring = /etc/ceph/ceph.client.radosgw.keyring
 log file = /var/log/kolla/ceph/client.radosgw.gateway.log

ansible/roles/horizon/defaults/main.yml

@@ -22,9 +22,3 @@ horizon_image_full: "{{ horizon_image }}:{{ horizon_tag }}"
 openstack_horizon_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
 
 horizon_logging_debug: "{{ openstack_logging_debug }}"
-
-
-####################
-# Horizon
-####################
-horizon_openstack_keystone_default_role: "_member_"

ansible/roles/horizon/tasks/deploy.yml

 ---
 - include: config.yml
 
-- include: register.yml
-
 - include: bootstrap.yml
   when: horizon_backend_database | bool
 

ansible/roles/horizon/tasks/register.yml

----
-- name: Creating the _member_ role
-  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-    -m os_keystone_role
-    -a "name={{ horizon_openstack_keystone_default_role }}
-        auth={{ '{{ openstack_horizon_auth }}' }}"
-    -e "{'openstack_horizon_auth':{{ openstack_horizon_auth }}}"
-  register: horizon_role
-  changed_when: "{{ horizon_role.stdout.find('localhost | SUCCESS => ') != -1 and (horizon_role.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
-  until: horizon_role.stdout.split()[2] == 'SUCCESS'
-  retries: 10
-  delay: 5
-  run_once: True

ansible/roles/horizon/templates/local_settings.j2

@@ -193,7 +193,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 OPENSTACK_HOST = "{% if orchestration_engine == 'KUBERNETES' %}{{ api_interface_address }}{% else %}{{ kolla_internal_fqdn }}{% endif %}"
 
 OPENSTACK_KEYSTONE_URL = "{{ keystone_internal_url }}"
-OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ horizon_openstack_keystone_default_role }}"
+OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ keystone_default_user_role }}"
 
 # Enables keystone web single-sign-on if set to True.
 #WEBSSO_ENABLED = False

ansible/roles/keystone/tasks/register.yml

@@ -5,3 +5,16 @@
   changed_when: "{{ (keystone_bootstrap.stdout | from_json).changed }}"
   failed_when: "{{ (keystone_bootstrap.stdout | from_json).failed }}"
   run_once: True
+
+- name: Creating default user role
+  command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
+    -m os_keystone_role
+    -a "name={{ keystone_default_user_role }}
+        auth={{ '{{ openstack_keystone_auth }}' }}"
+    -e "{'openstack_keystone_auth':{{ openstack_keystone_auth }}}"
+  register: default_role
+  changed_when: "{{ default_role.stdout.find('localhost | SUCCESS => ') != -1 and (default_role.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
+  until: default_role.stdout.split()[2] == 'SUCCESS'
+  retries: 10
+  delay: 5
+  run_once: True

ansible/roles/swift/templates/proxy-server.conf.j2

@@ -46,7 +46,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
 
 [filter:keystoneauth]
 use = egg:swift#keystoneauth
-operator_roles = admin,user
+operator_roles = admin,{{ keystone_default_user_role }}
 
 [filter:container_sync]
 use = egg:swift#container_sync