openstack/devstack
Code Issues Proposed changes

Merge "Use service role for neutron instead of admin"

Browse Source
This commit is contained in:
Jenkins 2014-10-04 12:52:18 +00:00 committed by Gerrit Code Review
commit 822b4cb2d1
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/neutron
View File

@ -457,13 +457,13 @@ function create_neutron_cache_dir {
function create_neutron_accounts { function create_neutron_accounts {
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") local service_role=$(openstack role list | awk "/ service / { print \$2 }")
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
local neutron_user=$(get_or_create_user "neutron" \ local neutron_user=$(get_or_create_user "neutron" \
"$SERVICE_PASSWORD" $service_tenant) "$SERVICE_PASSWORD" $service_tenant)
get_or_add_user_role $admin_role $neutron_user $service_tenant get_or_add_user_role $service_role $neutron_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
@ -889,6 +889,9 @@ function _configure_neutron_service {
cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
# allow neutron user to administer neutron to match neutron account
sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
# Update either configuration file with plugin # Update either configuration file with plugin
iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS