Discoverd Swift objects not accessible by the admin user

Swift objects containing the Ironic extra data are not accessible by the admin user on the undercloud node. We need the nodes data for the Cloudforms integration where we are using the admin user to connect to the undercloud services. This patch gives the admin user the swiftoperator role on the undercloud service tenant. This will allow CFME to access this data by specifying the service tenant in API requests. Change-Id: I4e5bf4f130cd46e22156f75f52e6328bd1d62daa Resolves: rhbz#1237064
2015-07-01 15:31:40 -04:00 · 2015-07-01 15:31:40 -04:00 · e3c0eb9aa1
commit e3c0eb9aa1
parent 8d9b4cfc2a
2 changed files with 14 additions and 1 deletions
--- a/elements/ironic-discoverd/os-apply-config/etc/ironic-discoverd/discoverd.conf
+++ b/elements/ironic-discoverd/os-apply-config/etc/ironic-discoverd/discoverd.conf
@ -18,4 +18,4 @@ ironic_retry_period = 10
 username = ironic
 password = {{ironic.service-password}}
 tenant_name = service
-os_auth_url = http://{{local-ip}}:5000/v2.0
+os_auth_url = http://{{local-ip}}:5000/v2.0
--- a/elements/ironic-discoverd/os-refresh-config/post-configure.d/99-admin-swiftoperator-role
+++ b/elements/ironic-discoverd/os-refresh-config/post-configure.d/99-admin-swiftoperator-role
@ -0,0 +1,13 @@
+#!/bin/bash
+# In order for CFME to access the Swift objects with hardware data about
+# the Ironic nodes, we need to give the admin user the swiftoperator role
+# on the service tenant.
+
+set -eux
+
+source /root/stackrc
+
+# We need to make sure the role is not already added
+if ! openstack role list --user admin --project service | grep swiftoperator; then
+    openstack role add --user admin --project service swiftoperator
+fi