Merge "Use service role with glance service"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
daa0ce2f05
@ -2,12 +2,14 @@
|
|||||||
#
|
#
|
||||||
# Initial data for Keystone using python-keystoneclient
|
# Initial data for Keystone using python-keystoneclient
|
||||||
#
|
#
|
||||||
# Tenant User Roles
|
# Tenant User Roles
|
||||||
# ------------------------------------------------------------------
|
# ------------------------------------------------------------------
|
||||||
# service glance admin
|
# service glance service
|
||||||
# service heat service # if enabled
|
# service glance-swift ResellerAdmin
|
||||||
|
# service heat service # if enabled
|
||||||
|
# service ceilometer admin # if enabled
|
||||||
# Tempest Only:
|
# Tempest Only:
|
||||||
# alt_demo alt_demo Member
|
# alt_demo alt_demo Member
|
||||||
#
|
#
|
||||||
# Variables set before calling this script:
|
# Variables set before calling this script:
|
||||||
# SERVICE_TOKEN - aka admin_token in keystone.conf
|
# SERVICE_TOKEN - aka admin_token in keystone.conf
|
||||||
@ -96,7 +98,19 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
|
|||||||
keystone user-role-add \
|
keystone user-role-add \
|
||||||
--tenant $SERVICE_TENANT_NAME \
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
--user glance \
|
--user glance \
|
||||||
--role admin
|
--role service
|
||||||
|
# required for swift access
|
||||||
|
if [[ "$ENABLED_SERVICES" =~ "s-proxy" ]]; then
|
||||||
|
keystone user-create \
|
||||||
|
--name=glance-swift \
|
||||||
|
--pass="$SERVICE_PASSWORD" \
|
||||||
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
|
--email=glance-swift@example.com
|
||||||
|
keystone user-role-add \
|
||||||
|
--tenant $SERVICE_TENANT_NAME \
|
||||||
|
--user glance-swift \
|
||||||
|
--role ResellerAdmin
|
||||||
|
fi
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
keystone service-create \
|
keystone service-create \
|
||||||
--name=glance \
|
--name=glance \
|
||||||
|
|||||||
@ -124,7 +124,7 @@ function configure_glance() {
|
|||||||
if is_service_enabled s-proxy; then
|
if is_service_enabled s-proxy; then
|
||||||
iniset $GLANCE_API_CONF DEFAULT default_store swift
|
iniset $GLANCE_API_CONF DEFAULT default_store swift
|
||||||
iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/
|
iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/
|
||||||
iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance
|
iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift
|
||||||
iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
|
iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
|
||||||
iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
|
iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user