Blame - roles/keystone/tasks/main.yml - atmosphere

blob: c9e62295429f75bba9af35d874709c3bae4dce94 [file] [log] [blame]

Mohammed Naser	b7b97d6	2022-03-12 16:30:00 -0500	[diff] [blame]	1	# Copyright (c) 2022 VEXXHOST, Inc.
				2	#
				3	# Licensed under the Apache License, Version 2.0 (the "License"); you may
				4	# not use this file except in compliance with the License. You may obtain
				5	# a copy of the License at
				6	#
				7	# http://www.apache.org/licenses/LICENSE-2.0
				8	#
				9	# Unless required by applicable law or agreed to in writing, software
				10	# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
				11	# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
				12	# License for the specific language governing permissions and limitations
				13	# under the License.
				14
guilhermesteinmuller	4980b13	2023-01-24 18:50:14 +0000	[diff] [blame]	15	- name: Uninstall the legacy HelmRelease
				16	run_once: true
				17	block:
				18	- name: Suspend the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	19	failed_when: false
guilhermesteinmuller	4980b13	2023-01-24 18:50:14 +0000	[diff] [blame]	20	kubernetes.core.k8s:
				21	state: patched
				22	api_version: helm.toolkit.fluxcd.io/v2beta1
				23	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	24	name: "{{ keystone_helm_release_name }}"
				25	namespace: "{{ keystone_helm_release_namespace }}"
guilhermesteinmuller	4980b13	2023-01-24 18:50:14 +0000	[diff] [blame]	26	definition:
				27	spec:
				28	suspend: true
				29
				30	- name: Remove the existing HelmRelease
Mohammed Naser	f0314a8	2023-04-11 18:53:30 +0000	[diff] [blame]	31	failed_when: false
guilhermesteinmuller	4980b13	2023-01-24 18:50:14 +0000	[diff] [blame]	32	kubernetes.core.k8s:
				33	state: absent
				34	api_version: helm.toolkit.fluxcd.io/v2beta1
				35	kind: HelmRelease
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	36	name: "{{ keystone_helm_release_name }}"
				37	namespace: "{{ keystone_helm_release_namespace }}"
Mohammed Naser	b7b97d6	2022-03-12 16:30:00 -0500	[diff] [blame]	38
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	39	- name: Create Keycloak realms
				40	run_once: true
				41	delegate_to: localhost
				42	changed_when: false
				43	community.general.keycloak_realm:
				44	# Keycloak settings
				45	auth_keycloak_url: "{{ item.keycloak_server_url }}"
				46	auth_realm: "{{ item.keycloak_user_realm_name }}"
				47	auth_client_id: "{{ item.keycloak_admin_client_id }}"
				48	auth_username: "{{ item.keycloak_admin_user }}"
				49	auth_password: "{{ item.keycloak_admin_password }}"
				50	validate_certs: "{{ cluster_issuer_type != 'self-signed' }}"
				51	# Realm settings
				52	id: "{{ item.keycloak_realm }}"
				53	realm: "{{ item.keycloak_realm }}"
				54	display_name: "{{ item.label }}"
				55	enabled: true
				56	loop: "{{ keystone_domains }}"
				57	loop_control:
				58	label: "{{ item.name }}"
				59
				60	- name: Create ConfigMap with all OpenID connect configurations
				61	run_once: true
				62	kubernetes.core.k8s:
				63	template: configmap-openid-metadata.yml.j2
				64
				65	- name: Create Keycloak clients
				66	run_once: true
				67	delegate_to: localhost
				68	community.general.keycloak_client:
				69	# Keycloak settings
				70	auth_keycloak_url: "{{ item.keycloak_server_url }}"
				71	auth_realm: "{{ item.keycloak_user_realm_name }}"
				72	auth_client_id: "{{ item.keycloak_admin_client_id }}"
				73	auth_username: "{{ item.keycloak_admin_user }}"
				74	auth_password: "{{ item.keycloak_admin_password }}"
				75	validate_certs: "{{ cluster_issuer_type != 'self-signed' }}"
				76	# Realm settings
				77	realm: "{{ item.keycloak_realm }}"
				78	client_id: "{{ item.keycloak_client_id }}"
				79	secret: "{{ item.keycloak_client_secret }}"
				80	redirect_uris:
				81	- "{{ keystone_oidc_redirect_uri }}"
				82	- "https://{{ openstack_helm_endpoints_horizon_api_host }}/auth/logout/"
				83	loop: "{{ keystone_domains }}"
				84	loop_control:
				85	label: "{{ item.name }}"
				86
Mohammed Naser	b7b97d6	2022-03-12 16:30:00 -0500	[diff] [blame]	87	- name: Deploy Helm chart
guilhermesteinmuller	4980b13	2023-01-24 18:50:14 +0000	[diff] [blame]	88	run_once: true
				89	kubernetes.core.helm:
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	90	name: "{{ keystone_helm_release_name }}"
				91	chart_ref: "{{ keystone_helm_chart_ref }}"
				92	release_namespace: "{{ keystone_helm_release_namespace }}"
guilhermesteinmuller	4980b13	2023-01-24 18:50:14 +0000	[diff] [blame]	93	create_namespace: true
				94	kubeconfig: /etc/kubernetes/admin.conf
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	95	values: "{{ _keystone_helm_values \| combine(keystone_helm_values, recursive=True) }}"
Mohammed Naser	b7b97d6	2022-03-12 16:30:00 -0500	[diff] [blame]	96
				97	- name: Create Ingress
				98	ansible.builtin.include_role:
				99	name: openstack_helm_ingress
				100	vars:
				101	openstack_helm_ingress_endpoint: identity
				102	openstack_helm_ingress_service_name: keystone-api
				103	openstack_helm_ingress_service_port: 5000
Mohammed Naser	2145fc3	2023-01-29 23:23:03 +0000	[diff] [blame]	104	openstack_helm_ingress_annotations: "{{ keystone_ingress_annotations }}"
Oleksandr Kozachenko	b009349	2023-09-06 21:43:47 +0200	[diff] [blame]	105
				106	- name: Create Keystone domains
				107	run_once: true
				108	delegate_to: localhost
				109	vexxhost.atmosphere.identity_domain:
				110	name: "{{ item.name }}"
				111	register: keystone_domains_result
				112	loop: "{{ keystone_domains }}"
				113	loop_control:
				114	label: "{{ item.name }}"
				115
				116	- name: Create Keystone identity providers
				117	run_once: true
				118	delegate_to: localhost
				119	vexxhost.atmosphere.federation_idp:
				120	name: "{{ item.domain.name }}"
				121	domain_id: "{{ item.domain.id }}"
				122	remote_ids:
				123	- "{{ item.item \| vexxhost.atmosphere.issuer_from_domain }}"
				124	loop: "{{ keystone_domains_result.results }}"
				125	loop_control:
				126	label: "{{ item.domain.name }}"
				127
				128	- name: Create Keystone federation mappings
				129	run_once: true
				130	delegate_to: localhost
				131	vexxhost.atmosphere.federation_mapping:
				132	name: "{{ item.name }}-openid"
				133	rules:
				134	- local:
				135	- user:
				136	type: local
				137	id: "{0}"
				138	domain:
				139	name: "{{ item.name }}"
				140	remote:
				141	- type: OIDC-sub
				142	loop: "{{ keystone_domains }}"
				143	loop_control:
				144	label: "{{ item.name }}"
				145
				146	- name: Create Keystone federation protocols
				147	run_once: true
				148	delegate_to: localhost
				149	vexxhost.atmosphere.keystone_federation_protocol:
				150	name: openid
				151	idp_id: "{{ item.name }}"
				152	mapping_id: "{{ item.name }}-openid"
				153	loop: "{{ keystone_domains }}"
				154	loop_control:
				155	label: "{{ item.name }}"