Glance user should belong to service project, not admin
Service-specific users should have admin role in "service" project and should not belong to user-facing "admin" project. This patch reconfigures glance services accordingly. Change-Id: Ib3e6ee09c2c21005191626f05553e24d67e1e1bf Closes-bug: 1648459
This commit is contained in:
parent
ca63052ed0
commit
c2f0783799
|
@ -27,7 +27,7 @@ auth_url = {{ address('keystone', keystone.admin_port, with_scheme=True) }}
|
||||||
auth_type = password
|
auth_type = password
|
||||||
project_domain_id = default
|
project_domain_id = default
|
||||||
user_domain_id = default
|
user_domain_id = default
|
||||||
project_name = {{ openstack.project_name }}
|
project_name = service
|
||||||
username = {{ glance.user }}
|
username = {{ glance.user }}
|
||||||
password = {{ glance.password }}
|
password = {{ glance.password }}
|
||||||
memcached_servers = {{ address('memcached', memcached.port) }}
|
memcached_servers = {{ address('memcached', memcached.port) }}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
[swift]
|
[swift]
|
||||||
auth_version = 3
|
auth_version = 3
|
||||||
auth_address = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
|
auth_address = {{ address('keystone', keystone.public_port, with_scheme=True) }}/v3
|
||||||
user = {{ openstack.project_name }}:{{ glance.user }}
|
user = service:{{ glance.user }}
|
||||||
key = {{ glance.password }}
|
key = {{ glance.password }}
|
||||||
project_domain_id = default
|
project_domain_id = default
|
||||||
user_domain_id = default
|
user_domain_id = default
|
||||||
|
|
|
@ -36,7 +36,7 @@ service:
|
||||||
dependencies:
|
dependencies:
|
||||||
- glance-user-create
|
- glance-user-create
|
||||||
type: single
|
type: single
|
||||||
command: openstack role add --project {{ openstack.project_name }} --user {{ glance.user }} admin
|
command: openstack role add --project service --user {{ glance.user }} admin
|
||||||
- name: glance-service-create
|
- name: glance-service-create
|
||||||
dependencies:
|
dependencies:
|
||||||
- keystone
|
- keystone
|
||||||
|
|
Loading…
Reference in New Issue