Keystone variables in the commands

Walter Bentley, last year at AnsibleFest demonstrated a way to execute openstack commands.

- name: Create user environments
  command: keystone --os-username= --os-password= --os-tenant-name= --os-auth-url= tenant-create --name= --description=""
  with_items: tenantid

With this method you need to provide the OS_USERNAME, OS_AUTH_URL, OS_PASSWORD into the task. The recommendation is, of cause, to use Ansible Vault to encrypt this information in the git repository.

Use the raw Ansible keyword

Another way that I discovered was to use the raw keyword that Ansible provides. It executes the openrc or keystonerc file on the host itself then executes the OpenStack command.

 name: |
   add the neutron-lbaas migration if lbaasv2 agent is installed.
   Seems to produce an error when it executes. Just ignore the error.
   Only run on a single controller in the clustered env.
  raw:  "source /root/openrc && neutron-db-manage --service lbaas upgrade head"
    executable: "/bin/bash"
  register: lbaas_install.changed == True
  delegate_to: ""
  ignore_errors: yes

Write a module.

Ansible has some OpenStack configuration features using modules. A lot are deprecated. I have not used any OpenStack modules yet. I have yet to write any module for managing OpenStack. It would be interesting though to convert results from OpenStack Tempest into Ansible facts.