openstack/kolla-ansible
Code Issues Proposed changes
f1cbff6b7e
kolla-ansible/ansible/roles/nova-cell/tasks
History
Niklas Hagman 2e933dceb5 Transition Keystone admin user to system scope 
A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.

Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.

An etherpad with discussion about the transition to the new oslo
service policies is:

https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible

Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>
2021-09-28 09:45:06 -07:00
..
bootstrap_service.yml Support multiple nova cells 2019-10-16 17:42:36 +00:00
bootstrap_upgrade.yml Support multiple nova cells 2019-10-16 17:42:36 +00:00
bootstrap.yml Support multiple nova cells 2019-10-16 17:42:36 +00:00
cell_proxy_loadbalancer.yml Use "name:" instead of "role:" for *_role modules 2020-03-02 10:01:17 +01:00
check-containers.yml Add support for Debian Bullseye (11) as host distro 2021-05-30 18:40:12 +00:00
check.yml Copy Nova role as a basis for the Nova cell role 2019-10-01 14:48:19 +01:00
clone.yml permission denied when enable_kolla_dev_mod 2020-06-07 19:36:42 +08:00
config_bootstrap.yml Support multiple nova cells 2019-10-16 17:42:36 +00:00
config-host.yml Use ansible_facts to reference facts 2021-06-23 10:38:06 +01:00
config-libvirt-tls.yml Performance: remove one include_tasks in nova-cell 2020-08-28 16:16:56 +00:00
config-nova-fake.yml Support multiple nova cells 2019-10-16 17:42:36 +00:00
config.yml Performance: optimize genconfig 2020-10-12 19:30:06 +02:00
copy-certs.yml Refactor copy certificates task 2020-04-14 17:26:19 +00:00
create_cells.yml Merge "Fix nova cell message queue URL with separate notification queue" 2020-04-26 16:46:35 +00:00
deploy-containers.yml Copy Nova role as a basis for the Nova cell role 2019-10-01 14:48:19 +01:00
deploy.yml Performance: optimize genconfig 2020-10-12 19:30:06 +02:00
discover_computes.yml Transition Keystone admin user to system scope 2021-09-28 09:45:06 -07:00
external_ceph.yml nova-cell: Stop printing ceph keys in output 2021-03-02 16:24:39 +01:00
get_cell_settings.yml Fix nova compute addition with limit 2020-04-14 19:36:49 +00:00
loadbalancer.yml Fix freezed spice console in horizon 2021-08-02 09:55:46 +02:00
main.yml Revert "Performance: Use import_tasks in the main plays" 2020-12-14 10:36:55 +00:00
online_data_migrations.yml Support multiple nova cells 2019-10-16 17:42:36 +00:00
precheck.yml Add Ansible group check to prechecks 2020-02-28 16:23:14 +00:00
proxy_loadbalancer.yml Support multiple nova cells 2019-10-16 17:42:36 +00:00
pull.yml Refactor and optimise image pulling 2021-08-10 11:57:54 +00:00
rabbitmq.yml Fix nova deployment failure when rabbitmq is disabled 2021-07-27 22:07:08 +08:00
reconfigure.yml Performance: replace unconditional include_tasks with import_tasks 2020-08-28 16:12:03 +00:00
reload.yml Trivial fix nova's healthchecks 2021-08-12 13:39:50 +02:00
rolling_upgrade.yml Performance: optimize genconfig 2020-10-12 19:30:06 +02:00
stop.yml Use "name:" instead of "role:" for *_role modules 2020-03-02 10:01:17 +01:00
upgrade.yml Performance: replace unconditional include_tasks with import_tasks 2020-08-28 16:12:03 +00:00