Merge "Use service role with glance service"

author: Jenkins <jenkins@review.openstack.org> 2014-02-03 20:21:23 +0000
committer: Gerrit Code Review <review@openstack.org> 2014-02-03 20:21:23 +0000
commit: daa0ce2f052eeeae2ee0b2dc1265279e4528f880 (patch)
tree: b2740fbf79de3f6944e010754611af6bd0e8a6cf
parent: 792490b68b764513c1695a7ff05a733deaaa5777 (diff)
parent: 85a85f87f814446dd2364eea1b6d976d50500203 (diff)
2 files changed, 20 insertions, 6 deletions
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index d477c42..9a34c76 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -2,12 +2,14 @@
 #
 # Initial data for Keystone using python-keystoneclient
 #
-# Tenant               User       Roles
+# Tenant               User         Roles
 # ------------------------------------------------------------------
-# service              glance     admin
-# service              heat       service        # if enabled
+# service              glance       service
+# service              glance-swift ResellerAdmin
+# service              heat         service        # if enabled
+# service              ceilometer   admin          # if enabled
 # Tempest Only:
-# alt_demo             alt_demo  Member
+# alt_demo             alt_demo     Member
 #
 # Variables set before calling this script:
 # SERVICE_TOKEN - aka admin_token in keystone.conf
@@ -96,7 +98,19 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
     keystone user-role-add \
         --tenant $SERVICE_TENANT_NAME \
         --user glance \
-        --role admin
+        --role service
+    # required for swift access
+    if [[ "$ENABLED_SERVICES" =~ "s-proxy" ]]; then
+        keystone user-create \
+            --name=glance-swift \
+            --pass="$SERVICE_PASSWORD" \
+            --tenant $SERVICE_TENANT_NAME \
+            --email=glance-swift@example.com
+        keystone user-role-add \
+            --tenant $SERVICE_TENANT_NAME \
+            --user glance-swift \
+            --role ResellerAdmin
+    fi
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
         keystone service-create \
             --name=glance \
diff --git a/lib/glance b/lib/glance
index 2d41ea4..00f499a 100644
--- a/lib/glance
+++ b/lib/glance
@@ -124,7 +124,7 @@ function configure_glance() {
     if is_service_enabled s-proxy; then
         iniset $GLANCE_API_CONF DEFAULT default_store swift
         iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/
-        iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance
+        iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift
         iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
         iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
author	Jenkins <jenkins@review.openstack.org>	2014-02-03 20:21:23 +0000
committer	Gerrit Code Review <review@openstack.org>	2014-02-03 20:21:23 +0000
commit	daa0ce2f052eeeae2ee0b2dc1265279e4528f880 (patch)
tree	b2740fbf79de3f6944e010754611af6bd0e8a6cf
parent	792490b68b764513c1695a7ff05a733deaaa5777 (diff)
parent	85a85f87f814446dd2364eea1b6d976d50500203 (diff)