Glance user should belong to service project, not admin

Service-specific users should have admin role in "service" project
and should not belong to user-facing "admin" project. This patch
reconfigures glance services accordingly.

Change-Id: Ib3e6ee09c2c21005191626f05553e24d67e1e1bf
Closes-bug: 1648459
This commit is contained in:
Ilya Shakhat 2016-12-09 12:55:59 +04:00
parent ca63052ed0
commit c2f0783799
3 changed files with 3 additions and 3 deletions

View File

@ -27,7 +27,7 @@ auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = {{ openstack.project_name }}
project_name = service
username = {{ glance.user }}
password = {{ glance.password }}
memcached_servers = {{ address('memcached', memcached.port) }}

View File

@ -1,7 +1,7 @@
[swift]
auth_version = 3
auth_address = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
user = {{ openstack.project_name }}:{{ glance.user }}
user = service:{{ glance.user }}
key = {{ glance.password }}
project_domain_id = default
user_domain_id = default

View File

@ -36,7 +36,7 @@ service:
dependencies:
- glance-user-create
type: single
command: openstack role add --project {{ openstack.project_name }} --user {{ glance.user }} admin
command: openstack role add --project service --user {{ glance.user }} admin
- name: glance-service-create
dependencies:
- keystone