From 866a160ec986eafe2cdfdcb6eff671791344fc7a Mon Sep 17 00:00:00 2001 From: Bertrand Lallau Date: Fri, 9 Jun 2017 14:13:51 +0200 Subject: [PATCH] Magnum: Enable cluster trust customization This enable cluster_user_trust customization which is needed to get Kubernetes integration with Cinder and Neutron LBaaS. https://github.com/openstack/magnum/blob/master/releasenotes/notes/CVE-2016-7404-f53e62a4a40e4d30.yaml#L5 Change-Id: Ib3243b110d2c592f3bf6467b086738335799c853 --- ansible/roles/magnum/defaults/main.yml | 6 ++++++ ansible/roles/magnum/templates/magnum.conf.j2 | 1 + 2 files changed, 7 insertions(+) diff --git a/ansible/roles/magnum/defaults/main.yml b/ansible/roles/magnum/defaults/main.yml index 98fa73ae39..9e7c2ac612 100644 --- a/ansible/roles/magnum/defaults/main.yml +++ b/ansible/roles/magnum/defaults/main.yml @@ -31,6 +31,12 @@ magnum_database_user: "magnum" magnum_database_address: "{{ kolla_internal_fqdn }}:{{ database_port }}" +#################### +# Magnum +#################### +enable_cluster_user_trust: False + + #################### # Docker #################### diff --git a/ansible/roles/magnum/templates/magnum.conf.j2 b/ansible/roles/magnum/templates/magnum.conf.j2 index 8443511cb7..aeec3ac564 100644 --- a/ansible/roles/magnum/templates/magnum.conf.j2 +++ b/ansible/roles/magnum/templates/magnum.conf.j2 @@ -72,6 +72,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi trustee_domain_admin_password = {{ magnum_keystone_password }} trustee_domain_admin_name = {{ magnum_trustee_domain_admin }} trustee_domain_name = {{ magnum_trustee_domain }} +cluster_user_trust = {{ enable_cluster_user_trust }} [oslo_concurrency] lock_path = /var/lib/magnum/tmp