diff --git a/lib/glance b/lib/glance index 9bba938b9d..b94c06dc93 100644 --- a/lib/glance +++ b/lib/glance @@ -309,13 +309,13 @@ function configure_glance_quotas { iniset $GLANCE_API_CONF oslo_limit username glance iniset $GLANCE_API_CONF oslo_limit auth_type password iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI - iniset $GLANCE_API_CONF oslo_limit system_scope "'all'" + iniset $GLANCE_API_CONF oslo_limit system_scope all iniset $GLANCE_API_CONF oslo_limit endpoint_id \ $(openstack --os-cloud devstack-system-admin endpoint list --service glance -f value -c ID) # Allow the glance service user to read quotas - openstack --os-cloud devstack-system-admin role add --user glance --user-domain Default \ - --system all reader + openstack --os-cloud devstack-system-admin role add --user glance \ + --user-domain $SERVICE_DOMAIN_NAME --system all reader } # configure_glance() - Set config files, create data dirs, etc diff --git a/lib/nova b/lib/nova index 90289b139a..509cba6ff2 100644 --- a/lib/nova +++ b/lib/nova @@ -746,42 +746,33 @@ function configure_console_proxies { } function configure_nova_unified_limits { - # Default limits. Mirror the config-based default values. + # Registered limit resources in keystone are system-specific resources. + # Make sure we use a system-scoped token to interact with this API. + + # Default limits here mirror the legacy config-based default values. # Note: disk quota is new in nova as of unified limits. - bash -c "unset OS_USERNAME OS_TENANT_NAME OS_PROJECT_NAME; - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 10 --region $REGION_NAME \ - servers; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 20 --region $REGION_NAME \ - class:VCPU; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit $((50 * 1024)) --region $REGION_NAME \ - class:MEMORY_MB; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 20 --region $REGION_NAME \ - class:DISK_GB; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 128 --region $REGION_NAME \ - server_metadata_items; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 5 --region $REGION_NAME \ - server_injected_files; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 10240 --region $REGION_NAME \ - server_injected_file_content_bytes; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 255 --region $REGION_NAME \ - server_injected_file_path_bytes; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 100 --region $REGION_NAME \ - server_key_pairs; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 10 --region $REGION_NAME \ - server_groups; \ - openstack --os-cloud devstack-system-admin registered limit create \ - --service nova --default-limit 10 --region $REGION_NAME \ - server_group_members" + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 10 --region $REGION_NAME servers + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 20 --region $REGION_NAME class:VCPU + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit $((50 * 1024)) --region $REGION_NAME class:MEMORY_MB + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 20 --region $REGION_NAME class:DISK_GB + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 128 --region $REGION_NAME server_metadata_items + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 5 --region $REGION_NAME server_injected_files + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 10240 --region $REGION_NAME server_injected_file_content_bytes + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 255 --region $REGION_NAME server_injected_file_path_bytes + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 100 --region $REGION_NAME server_key_pairs + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 10 --region $REGION_NAME server_groups + openstack --os-cloud devstack-system-admin registered limit create \ + --service nova --default-limit 10 --region $REGION_NAME server_group_members # Tell nova to use these limits iniset $NOVA_CONF quota driver "nova.quota.UnifiedLimitsDriver" @@ -792,13 +783,13 @@ function configure_nova_unified_limits { iniset $NOVA_CONF oslo_limit username nova iniset $NOVA_CONF oslo_limit auth_type password iniset $NOVA_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI - iniset $NOVA_CONF oslo_limit system_scope "'all'" + iniset $NOVA_CONF oslo_limit system_scope all iniset $NOVA_CONF oslo_limit endpoint_id \ $(openstack endpoint list --service nova -f value -c ID) # Allow the nova service user to read quotas - openstack role add --user nova --user-domain Default --system all \ - reader + openstack --os-cloud devstack-system-admin role add --user nova \ + --user-domain $SERVICE_DOMAIN_NAME --system all reader } function init_nova_service_user_conf {