--- # Copyright 2019 Nokia # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - include_tasks: password_gen.yml with_items: - "admin" - "registry" - name: get admin password command: '/usr/bin/curl https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/admin --cacert /etc/etcd/ssl/ca.pem --cert /etc/etcd/ssl/etcd{{ nodeindex }}.pem --key /etc/etcd/ssl/etcd{{ nodeindex }}-key.pem' register: admin_pass become_user: "root" - name: get registry password command: '/usr/bin/curl https://{{ ansible_host }}:{{ caas.etcd_api_port }}/v2/keys/swift/registry --cacert /etc/etcd/ssl/ca.pem --cert /etc/etcd/ssl/etcd{{ nodeindex }}.pem --key /etc/etcd/ssl/etcd{{ nodeindex }}-key.pem' register: registry_pass become_user: "root" - name: decode registry pass shell: echo {{ (registry_pass.stdout|from_json).node.value }} | /usr/bin/openssl enc -d -aes-256-cbc -a -pass pass:{{ name }} register: registry_pass - name: set registry pass set_fact: swift_registry_pass: "{{ registry_pass.stdout }}" - name: decode admin pass shell: echo {{ (admin_pass.stdout|from_json).node.value }} | /usr/bin/openssl enc -d -aes-256-cbc -a -pass pass:{{ name }} register: admin_pass - name: set admin pass set_fact: swift_admin_pass: "{{ admin_pass.stdout }}" - name: create dirs file: mode: 0750 name: /etc/swift/usr/{{ item }} state: directory owner: swift group: swift with_items: - "admin" become_user: "root" - name: allowing cloud_admin_user to access /etc/swift folder acl: name: "/etc/swift" entity: "{{ users.admin_user_name }}" etype: user permissions: rx state: present become_user: "root" - name: allowing cloud_admin_user to access /etc/swift/usr folder acl: name: "/etc/swift/usr" entity: "{{ users.admin_user_name }}" etype: user permissions: rx state: present become_user: "root" - name: allowing cloud_admin_user to access /etc/swift/usr/admin folder acl: name: "/etc/swift/usr/admin" entity: "{{ users.admin_user_name }}" etype: user permissions: rx state: present become_user: "root" - name: copy admin env_file template: src: main/admin_envfile mode: 0640 dest: /etc/swift/usr/admin/env_file become_user: "root" - name: Copy admin.yml template: src: main/admin.yml mode: 0640 dest: /etc/swift/usr/admin/admin.yml become_user: "root" - name: allowing users.admin_user_name to access /etc/swift/usr/admin/env_file acl: name: "/etc/swift/usr/admin/env_file" entity: "{{ users.admin_user_name }}" etype: user permissions: r state: present become_user: "root" - name: allowing cloud_admin_user to access /etc/swift/usr/admin/admin.yml acl: name: "/etc/swift/usr/admin/admin.yml" entity: "{{ users.admin_user_name }}" etype: user permissions: r state: present become_user: "root"