Glance user should belong to service project, not admin
Service-specific users should have admin role in "service" project and should not belong to user-facing "admin" project. This patch reconfigures glance services accordingly. Change-Id: Ib3e6ee09c2c21005191626f05553e24d67e1e1bf Closes-bug: 1648459
This commit is contained in:
parent
ca63052ed0
commit
c2f0783799
|
@ -27,7 +27,7 @@ auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
|||
auth_type = password
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_name = {{ openstack.project_name }}
|
||||
project_name = service
|
||||
username = {{ glance.user }}
|
||||
password = {{ glance.password }}
|
||||
memcached_servers = {{ address('memcached', memcached.port) }}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
[swift]
|
||||
auth_version = 3
|
||||
auth_address = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
|
||||
user = {{ openstack.project_name }}:{{ glance.user }}
|
||||
user = service:{{ glance.user }}
|
||||
key = {{ glance.password }}
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
|
|
|
@ -36,7 +36,7 @@ service:
|
|||
dependencies:
|
||||
- glance-user-create
|
||||
type: single
|
||||
command: openstack role add --project {{ openstack.project_name }} --user {{ glance.user }} admin
|
||||
command: openstack role add --project service --user {{ glance.user }} admin
|
||||
- name: glance-service-create
|
||||
dependencies:
|
||||
- keystone
|
||||
|
|
Loading…
Reference in New Issue