diff options
author | Jenkins <jenkins@review.openstack.org> | 2014-02-03 20:21:23 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2014-02-03 20:21:23 +0000 |
commit | daa0ce2f052eeeae2ee0b2dc1265279e4528f880 (patch) | |
tree | b2740fbf79de3f6944e010754611af6bd0e8a6cf | |
parent | 792490b68b764513c1695a7ff05a733deaaa5777 (diff) | |
parent | 85a85f87f814446dd2364eea1b6d976d50500203 (diff) |
Merge "Use service role with glance service"
-rwxr-xr-x | files/keystone_data.sh | 24 | ||||
-rw-r--r-- | lib/glance | 2 |
2 files changed, 20 insertions, 6 deletions
diff --git a/files/keystone_data.sh b/files/keystone_data.sh index d477c42..9a34c76 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -2,12 +2,14 @@ # # Initial data for Keystone using python-keystoneclient # -# Tenant User Roles +# Tenant User Roles # ------------------------------------------------------------------ -# service glance admin -# service heat service # if enabled +# service glance service +# service glance-swift ResellerAdmin +# service heat service # if enabled +# service ceilometer admin # if enabled # Tempest Only: -# alt_demo alt_demo Member +# alt_demo alt_demo Member # # Variables set before calling this script: # SERVICE_TOKEN - aka admin_token in keystone.conf @@ -96,7 +98,19 @@ if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then keystone user-role-add \ --tenant $SERVICE_TENANT_NAME \ --user glance \ - --role admin + --role service + # required for swift access + if [[ "$ENABLED_SERVICES" =~ "s-proxy" ]]; then + keystone user-create \ + --name=glance-swift \ + --pass="$SERVICE_PASSWORD" \ + --tenant $SERVICE_TENANT_NAME \ + --email=glance-swift@example.com + keystone user-role-add \ + --tenant $SERVICE_TENANT_NAME \ + --user glance-swift \ + --role ResellerAdmin + fi if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then keystone service-create \ --name=glance \ @@ -124,7 +124,7 @@ function configure_glance() { if is_service_enabled s-proxy; then iniset $GLANCE_API_CONF DEFAULT default_store swift iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ - iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance + iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True |