4388f00d26
Service user with name "designate" had only "service" role up to now but it seems that with oslo.policy 4.4.0 where "enforce_new_defaults" is set to True by default, this breaks integration between Neutron and Designate as e.g. Neutron's creation of the recordset fails with Forbidden exception as this seems to be allowed only for admin user or shared or primary zone. This patch adds also "admin" role for this "designate" service user to workaround that issue, at least until Designate will support "service" role usage with Secure RBAC policies. Closes-Bug: #2078518 Change-Id: I477cc96519e7396a614f92d109867222207ec388 |
||
---|---|---|
.. | ||
designate_plugins | ||
files | ||
gate | ||
lib | ||
upgrade | ||
exercise.sh | ||
plugin.sh | ||
README.rst | ||
settings |
Enabling in Devstack
WARNING: the stack.sh script must be run in a disposable VM that is not being created automatically, see the README.md file in the "devstack" repository. See contrib/vagrant to create a vagrant VM.
Download DevStack:
git clone https://opendev.org/openstack/devstack.git cd devstack
Add this repo as an external repository:
> cat local.conf [[local|localrc]] enable_plugin designate https://opendev.org/openstack/designate
Note: Running with a multipool option: Perform the above step, and in addition set the backend driver and scheduler filters:
SCHEDULER_FILTERS=attribute,pool_id_attributes,in_doubt_default_pool DESIGNATE_BACKEND_DRIVER=multipool-bind9
run
stack.sh