openstack.cloud.resource module – Manage a OpenStack cloud resource

Note

This module is part of the openstack.cloud collection (version 2.3.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install openstack.cloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: openstack.cloud.resource.

Synopsis

  • Create, update and delete a OpenStack cloud resource.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.6

  • openstacksdk >= 1.0.0

Parameters

Parameter

Comments

api_timeout

integer

How long should the socket layer wait before timing out for API calls. If this is omitted, nothing will be passed to the requests library.

attributes

dictionary / required

Resource attributes which are defined in openstacksdk’s resource classes.

attributes is a set of key-value pairs where each key is a attribute name such as id and value holds its corresponding attribute value such ddad2d86-02a6-444d-80ae-1cc2fb023784.

Define attribute keys id or name or any set of attribute keys which uniquely identify a resource. This module fails if multiple resources match the given set of attributes.

For a complete list of attributes open any resource class inside openstacksdk such as file openstack/compute/v2/server.py in https://opendev.org/openstack/openstacksdk/ for server attributes.

auth

dictionary

Dictionary containing auth information as needed by the cloud’s auth plugin strategy. For the default password plugin, this would contain auth_url, username, password, project_name and any information about domains (for example, user_domain_name or project_domain_name) if the cloud supports them. For other plugins, this param will need to contain whatever parameters that auth plugin requires. This parameter is not needed if a named cloud is provided or OpenStack OS_* environment variables are present.

auth_type

string

Name of the auth plugin to use. If the cloud uses something other than password authentication, the name of the plugin should be indicated here and the contents of the auth parameter should be updated accordingly.

ca_cert

aliases: cacert

string

A path to a CA Cert bundle that can be used as part of verifying SSL API requests.

client_cert

aliases: cert

string

A path to a client certificate to use as part of the SSL transaction.

client_key

aliases: key

string

A path to a client key to use as part of the SSL transaction.

cloud

any

Named cloud or cloud config to operate against. If cloud is a string, it references a named cloud config as defined in an OpenStack clouds.yaml file. Provides default values for auth and auth_type. This parameter is not needed if auth is provided or if OpenStack OS_* environment variables are present. If cloud is a dict, it contains a complete cloud configuration like would be in a section of clouds.yaml.

interface

aliases: endpoint_type

string

Endpoint URL type to fetch from the service catalog.

Choices:

  • "admin"

  • "internal"

  • "public" ← (default)

non_updateable_attributes

list / elements=string

List of attribute names which cannot be updated.

When non_updateable_attributes is not specified, then all attributes in attributes will be compared to an existing resource during updates.

When both updateable_attributes and non_updateable_attributes are specified, then only attributes which are listed in updateable_attributes but not in non_updateable_attributes will will be considered during updates.

region_name

string

Name of the region.

sdk_log_level

string

Log level of the OpenStackSDK

Choices:

  • "INFO" ← (default)

  • "DEBUG"

sdk_log_path

string

Path to the logfile of the OpenStackSDK. If empty no log is written

service

string / required

OpenStack service which this resource is part of.

Examples are block_storage, compute or network.

service must be a lowercase name of a OpenStack service as used in openstacksdk. For a list of available services visit https://opendev.org/openstack/openstacksdk: Most subdirectories in the openstack directory correspond to a OpenStack service, except cloud, common and other auxiliary directories.

state

string

Whether the resource should be present or absent.

Choices:

  • "present" ← (default)

  • "absent"

timeout

integer

How long should ansible wait for the requested resource.

Default: 180

type

string / required

Typename of the resource.

Examples are ip, network, router or server.

type must be a lowercase name of a openstacksdk resource class. Resource classes are defined in openstacksdk’s service folders. For example, visit https://opendev.org/openstack/openstacksdk, change to openstack directory, change to any service directory such as compute, choose a api version directory such as v2 and find all available resource classes such as Server inside *.py files.

updateable_attributes

list / elements=string

List of attribute names which can be updated.

When updateable_attributes is not specified, then all attributes in attributes will be compared to an existing resource during updates.

When both updateable_attributes and non_updateable_attributes are specified, then only attributes which are listed in updateable_attributes but not in non_updateable_attributes will will be considered during updates.

validate_certs

aliases: verify

boolean

Whether or not SSL API requests should be verified.

Before Ansible 2.3 this defaulted to true.

Choices:

  • false

  • true

wait

boolean

Whether Ansible should wait until the resource has reached its target state.

Only a subset of OpenStack resources report a status. Resources which do not support status processing will block indefinitely if wait is set to true.

Choices:

  • false ← (default)

  • true

Notes

Note

  • This module does not support all OpenStack cloud resources. Resource handling must follow openstacksdk’s CRUD structure using and providing <service>.<type>s, <service>.find_<type>, <service>.create_<type>, <service>.update_<type> and <service>.delete_<type> functions. The module will fail before applying any changes if these functions cannot be found.

  • The standard OpenStack environment variables, such as OS_USERNAME may be used instead of providing explicit values.

  • Auth information is driven by openstacksdk, which means that values can come from a yaml config file in /etc/ansible/openstack.yaml, /etc/openstack/clouds.yaml or ~/.config/openstack/clouds.yaml, then from standard environment variables, then finally by explicit parameters in plays. More information can be found at https://docs.openstack.org/openstacksdk/

Examples

- name: Create external network
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: network
    attributes:
      name: ansible_network_external
      is_router_external: true
    wait: true
  register: network_external

- name: Create external subnet
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: subnet
    attributes:
      cidr: 10.6.6.0/24
      ip_version: 4
      name: ansible_external_subnet
      network_id: "{{ network_external.resource.id }}"
  register: subnet_external

- name: Create external port
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: port
    attributes:
      name: ansible_port_external
      network_id: "{{ network_external.resource.id }}"
      fixed_ips:
        - ip_address: 10.6.6.50
    non_updateable_attributes:
      - fixed_ips

- name: Create internal network
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: network
    attributes:
      name: ansible_network_internal
      is_router_external: false
    wait: true
  register: network_internal

- name: Create internal subnet
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: subnet
    attributes:
      cidr: 10.7.7.0/24
      ip_version: 4
      name: ansible_internal_subnet
      network_id: "{{ network_internal.resource.id }}"
  register: subnet_internal

- name: Create internal port
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: port
    attributes:
      name: ansible_port_internal
      network_id: "{{ network_internal.resource.id }}"
      fixed_ips:
        - ip_address: 10.7.7.100
          subnet_id: "{{ subnet_internal.resource.id }}"
  register: port_internal

- name: Create router
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: router
    attributes:
      name: ansible_router
      external_gateway_info:
        enable_snat: true
        external_fixed_ips:
          - ip_address: 10.6.6.10
            subnet_id: "{{ subnet_external.resource.id }}"
        network_id: "{{ network_external.resource.id }}"
    wait: true

- name: Attach router to internal subnet
  openstack.cloud.router:
    cloud: devstack-admin
    name: ansible_router
    network: "{{ network_external.resource.id }}"
    external_fixed_ips:
      - ip: 10.6.6.10
        subnet: "{{ subnet_external.resource.id }}"
    interfaces:
      - net: "{{ network_internal.resource.id }}"
        subnet: "{{ subnet_internal.resource.id }}"
        portip: 10.7.7.1

- name: Create floating ip address
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: ip
    attributes:
      name: 10.6.6.150
      floating_ip_address: 10.6.6.150
      floating_network_id: "{{ network_external.resource.id }}"
      port_id: "{{ port_internal.resource.id }}"
  register: ip

- name: List images
  openstack.cloud.resources:
    cloud: devstack-admin
    service: image
    type: image
  register: images

- name: Identify CirrOS image id
  set_fact:
    image_id: "{{
      images.resources|community.general.json_query(query)|first }}"
  vars:
    query: "[?starts_with(name, 'cirros')].id"

- name: List compute flavors
  openstack.cloud.resources:
    cloud: devstack-admin
    service: compute
    type: flavor
  register: flavors

- name: Identify m1.tiny flavor id
  set_fact:
    flavor_id: "{{
      flavors.resources|community.general.json_query(query)|first }}"
  vars:
    query: "[?name == 'm1.tiny'].id"

- name: Create server
  openstack.cloud.resource:
    cloud: devstack-admin
    service: compute
    type: server
    attributes:
      name: ansible_server
      image_id: "{{ image_id }}"
      flavor_id: "{{ flavor_id }}"
      networks:
        - uuid: "{{ network_internal.resource.id }}"
          port: "{{ port_internal.resource.id }}"
    non_updateable_attributes:
      - name
      - image_id
      - flavor_id
      - networks
    wait: true

- name: Detach floating ip address
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: ip
    attributes:
      floating_ip_address: 10.6.6.150
      port_id: !!null

- name: Delete server
  openstack.cloud.resource:
    cloud: devstack-admin
    service: compute
    type: server
    attributes:
      name: ansible_server
    state: absent
    wait: true

- name: Delete floating ip address
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: ip
    attributes:
      floating_ip_address: 10.6.6.150
    state: absent

- name: Detach router from internal subnet
  openstack.cloud.router:
    cloud: devstack-admin
    name: ansible_router
    network: "{{ network_external.resource.id }}"
    external_fixed_ips:
      - ip: 10.6.6.10
        subnet: "{{ subnet_external.resource.id }}"
    interfaces: []

- name: Delete router
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: router
    attributes:
      name: ansible_router
    state: absent
    wait: true

- name: Delete internal port
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: port
    attributes:
      name: ansible_port_internal
    state: absent

- name: Delete internal subnet
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: subnet
    attributes:
      name: ansible_internal_subnet
    state: absent

- name: Delete internal network
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: network
    attributes:
      name: ansible_network_internal
    state: absent
    wait: true

- name: Delete external port
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: port
    attributes:
      name: ansible_port_external
    state: absent

- name: Delete external subnet
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: subnet
    attributes:
      name: ansible_external_subnet
    state: absent

- name: Delete external network
  openstack.cloud.resource:
    cloud: devstack-admin
    service: network
    type: network
    attributes:
      name: ansible_network_external
    state: absent
    wait: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

resource

dictionary

Dictionary describing the identified (and possibly modified) OpenStack cloud resource.

Returned: On success when state is present.

Authors

  • OpenStack Ansible SIG