Make nova only use the nova account

Each service should only be using that service's user account within its
configuration, in order to reduce the possible impact of credential
leaks. Start with nova, other services will follow.

Change-Id: I6b3fef5de05d5e0cc032b83a2ed834f1c997a048
This commit is contained in:
Dr. Jens Harbott 2024-07-09 16:36:37 +02:00
parent b67c20eca5
commit 696dbdf045
2 changed files with 2 additions and 2 deletions

View File

@ -485,7 +485,7 @@ function create_nova_conf_neutron {
local conf=${1:-$NOVA_CONF} local conf=${1:-$NOVA_CONF}
iniset $conf neutron auth_type "password" iniset $conf neutron auth_type "password"
iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI" iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI"
iniset $conf neutron username "$Q_ADMIN_USERNAME" iniset $conf neutron username nova
iniset $conf neutron password "$SERVICE_PASSWORD" iniset $conf neutron password "$SERVICE_PASSWORD"
iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME" iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf neutron project_name "$SERVICE_PROJECT_NAME" iniset $conf neutron project_name "$SERVICE_PROJECT_NAME"

View File

@ -640,7 +640,7 @@ function configure_placement_nova_compute {
local conf=${1:-$NOVA_CONF} local conf=${1:-$NOVA_CONF}
iniset $conf placement auth_type "password" iniset $conf placement auth_type "password"
iniset $conf placement auth_url "$KEYSTONE_SERVICE_URI" iniset $conf placement auth_url "$KEYSTONE_SERVICE_URI"
iniset $conf placement username placement iniset $conf placement username nova
iniset $conf placement password "$SERVICE_PASSWORD" iniset $conf placement password "$SERVICE_PASSWORD"
iniset $conf placement user_domain_name "$SERVICE_DOMAIN_NAME" iniset $conf placement user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf placement project_name "$SERVICE_TENANT_NAME" iniset $conf placement project_name "$SERVICE_TENANT_NAME"