Add new RBAC parameters which are necessary from 2024.1
See https://review.opendev.org/c/openstack/ironic/+/907148 Ironic enables oslo policy RBAC changes from 2024.1 by default. Once enabled, in theory system scoped tokens are required for various actions, but in practice this doesn't necessarily work when interacting with other services. New Ironic variables provide the means to continue with a relatively standard deployment without having to make far-reaching policy changes. Change-Id: I2cb53414cce3a899a0db5f74e56798de95c6c4b1
This commit is contained in:
parent
8d9997d103
commit
aa2e8c319a
@ -122,6 +122,11 @@ ironic_service_token_roles:
|
|||||||
ironic_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
|
ironic_service_token_roles_required: "{{ openstack_service_token_roles_required | default(True) }}"
|
||||||
ironic_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"
|
ironic_service_in_ldap: "{{ service_ldap_backend_enabled | default(False) }}"
|
||||||
|
|
||||||
|
# Enable interaction with Nova and Neutron from 2024.1 with default policy
|
||||||
|
# If more than one service project name is necessary, then you may need to
|
||||||
|
# override Ironic 'service_role' policy.
|
||||||
|
ironic_service_role_elevated_access: True
|
||||||
|
|
||||||
# The name of the entry in container_networks for the bmaas network
|
# The name of the entry in container_networks for the bmaas network
|
||||||
# This is the default provisioning / inspection / cleaning network for this role
|
# This is the default provisioning / inspection / cleaning network for this role
|
||||||
ironic_container_network_name: "bmaas_address"
|
ironic_container_network_name: "bmaas_address"
|
||||||
|
@ -26,6 +26,10 @@ enabled_power_interfaces = {{ filtered_ironic_drivers | json_query('[*].power')
|
|||||||
enabled_console_interfaces = {{ filtered_ironic_drivers | json_query('[*].console') | unique | join(',') }}
|
enabled_console_interfaces = {{ filtered_ironic_drivers | json_query('[*].console') | unique | join(',') }}
|
||||||
enabled_raid_interfaces = {{ filtered_ironic_drivers | json_query('[*].raid') | unique | join(',') }}
|
enabled_raid_interfaces = {{ filtered_ironic_drivers | json_query('[*].raid') | unique | join(',') }}
|
||||||
|
|
||||||
|
# rbac
|
||||||
|
rbac_service_role_elevated_access = {{ ironic_service_role_elevated_access }}
|
||||||
|
rbac_service_project_name = {{ ironic_service_project_name }}
|
||||||
|
|
||||||
[agent]
|
[agent]
|
||||||
|
|
||||||
[amt]
|
[amt]
|
||||||
|
Loading…
Reference in New Issue
Block a user