blazar/devstack
Pierre Riteau 3de6f73e92 Fix physical host reservation for non-admin users
Originally, Blazar was using its service user to manage objects for
physical host reservation, e.g. host aggregates, which by default
requires admin rights. Commit 16d5f67ba7
started using a dedicated account configured with values
climate_username, climate_password, and climate_tenant_name. Commit
c9b7307cf3 removed this dedicated account
and started using trusts instead, so that operations were performed on
behalf of the user creating the lease (with the trustee being the blazar
service user).

While this works well if users creating leases are admins, non-admin
users will get errors because the default Nova policy prevents them from
running required operations associated with aggregates and hypervisors.

Since it is not clear why a dedicated account for admin operations was
required, this patch brings back the approach used before commit
16d5f67ba7, which was to use the service
account for admin operations. This allows non-admin users to create
Blazar leases.

The nova client setup is updated to authenticate against Keystone v3.

Change-Id: Iad86bb549aec13edd662965d2f91b68c856ae06c
Closes-Bug: #1663204
2017-06-02 16:00:54 +09:00
..
plugin.sh Fix physical host reservation for non-admin users 2017-06-02 16:00:54 +09:00
settings Change keystone_authtoken configs 2017-05-16 10:13:41 +00:00