Add keystone_authtoken.service_type
Fixes an issue where access rules failed to validate: Cannot validate request with restricted access rules. Set service_type in [keystone_authtoken] to allow access rule validation I've used the values from the endpoint. This was mostly a straight forward copy and paste, except: - versioned endpoints e.g cinderv3 where I stripped the version - monasca has multiple endpoints associated with a single service. For this, I concatenated logging and monitoring to be logging-monitoring. Closes-Bug: #1965111 Change-Id: Ic4b3ab60abad8c3dd96cd4923a67f2a8f9d195d7
This commit is contained in:
parent
ddd00ae9f0
commit
49006e56d9
@ -16,6 +16,7 @@ connection_recycle_time = {{ database_connection_recycle_time }}
|
||||
max_pool_size = {{ database_max_pool_size }}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = alarming
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
@ -53,6 +53,7 @@ topic = barbican_notifications
|
||||
{% endif %}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = key-manager
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
project_name = service
|
||||
|
@ -20,6 +20,7 @@ api_v2_controllers = oshosts,leases
|
||||
plugins = virtual.instance.plugin,physical.host.plugin
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = reservation
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_internal_url }}/v3
|
||||
auth_type = password
|
||||
|
@ -98,6 +98,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = volume
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -17,6 +17,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = rating
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -15,6 +15,7 @@ connection_recycle_time = {{ database_connection_recycle_time }}
|
||||
max_pool_size = {{ database_max_pool_size }}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = cyborg
|
||||
memcache_security_strategy = ENCRYPT
|
||||
memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
@ -19,6 +19,7 @@ enable_host_header = True
|
||||
enabled_extensions_admin = quotas, reports
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = dns
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -24,6 +24,7 @@ os_user_domain_name = {{ openstack_auth.user_domain_name }}
|
||||
|
||||
{% if service_name == 'freezer-api' %}
|
||||
[keystone_authtoken]
|
||||
service_type = backup
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -41,6 +41,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = image
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -44,6 +44,7 @@ workers = {{ gnocchi_metricd_workers }}
|
||||
url = mysql+pymysql://{{ gnocchi_database_user }}:{{ gnocchi_database_password }}@{{ gnocchi_database_address }}/{{ gnocchi_database_name }}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = metric
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
project_domain_id = {{ default_project_domain_id }}
|
||||
project_name = service
|
||||
|
@ -29,6 +29,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = orchestration
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -37,6 +37,7 @@ endpoint_override = {{ ironic_internal_endpoint }}
|
||||
|
||||
{% if ironic_enable_keystone_integration | bool %}
|
||||
[keystone_authtoken]
|
||||
service_type = baremetal-introspection
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -47,6 +47,7 @@ max_retries = -1
|
||||
|
||||
{% if ironic_enable_keystone_integration | bool %}
|
||||
[keystone_authtoken]
|
||||
service_type = baremetal
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -75,6 +75,7 @@ auth_type = password
|
||||
cafile = {{ openstack_cacert }}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = container-infra
|
||||
auth_version = v3
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
|
@ -31,6 +31,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = share
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -22,6 +22,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = instance-ha
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -39,6 +39,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = workflow
|
||||
www_authenticate_uri = {{ keystone_internal_url }}/v3
|
||||
auth_url = {{ keystone_internal_url }}/v3
|
||||
auth_type = password
|
||||
|
@ -31,6 +31,7 @@ read_only_authorized_roles = {{ monasca_read_only_authorized_roles|join(', ') }}
|
||||
delegate_authorized_roles = {{ monasca_delegate_authorized_roles|join(', ') }}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = logging-monitoring
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -21,6 +21,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = application-catalog
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -113,6 +113,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = network
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -110,6 +110,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = compute
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -58,6 +58,7 @@ memcache_secret_key = {{ memcache_secret_key }}
|
||||
memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address(host) | put_address_in_context('memcache') }}:{{ memcached_port }}{% if not loop.last %},{% endif %}{% endfor %}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = load-balancer
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -25,6 +25,7 @@ memcache_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_address
|
||||
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = placement
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -16,6 +16,7 @@ connection_recycle_time = {{ database_connection_recycle_time }}
|
||||
max_pool_size = {{ database_max_pool_size }}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = data-processing
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
user_domain_name = {{ default_project_domain_name }}
|
||||
|
@ -42,6 +42,7 @@ workers = {{ openstack_service_workers }}
|
||||
{% endif %}
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = clustering
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -48,6 +48,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = application_deployment
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -32,6 +32,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = nfv-orchestration
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -50,6 +50,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = database
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
project_domain_name = {{ default_project_domain_name }}
|
||||
project_name = service
|
||||
|
@ -27,6 +27,7 @@ types = {{ vitrage_datasources|map(attribute='name')|join(',') }}
|
||||
plugins = jaccard_correlation
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = rca
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -19,6 +19,7 @@ max_pool_size = {{ database_max_pool_size }}
|
||||
max_retries = -1
|
||||
|
||||
[keystone_authtoken]
|
||||
service_type = infra-optim
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -48,6 +48,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ 'api' | kolla_addres
|
||||
# keystone_authtoken sections are used and Zun internals may use either -
|
||||
# - best keep them both in sync
|
||||
[keystone_authtoken]
|
||||
service_type = container
|
||||
www_authenticate_uri = {{ keystone_internal_url }}
|
||||
auth_url = {{ keystone_internal_url }}
|
||||
auth_type = password
|
||||
|
@ -0,0 +1,6 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Adds configuration necessary for application credential access rules to
|
||||
properly function.
|
||||
`LP#1965111 <https://bugs.launchpad.net/kolla-ansible/+bug/1965111>`__
|
Loading…
Reference in New Issue
Block a user