Johannes Grassler f895b2bd09 Fix global stack list in periodic task

The periodic task unneccessarily lists Heat stacks in the
global tenant (across all tenants) which the Magnum service
user may lack permission for. Also, the most restrictive way
to let it use global stack-list is chose a Keystone role and
open that operation to any user in any project holding that
role.

This commit substitutes a direct lookup of all bays' stack_id
attributes for this global stack list. This direct lookup will
yield the same net result. In order to get the neccessary
permissions it will use each bay's stored Keystone trust to
act on behalf of the bay's creating user.

Co-Authored-By: Jiri Suchomel <jiri.suchomel@suse.com>
Closes-Bug: #1589955
Change-Id: I67b176c137c463e37e037970cc4e468d51db30c9

2016-07-27 10:11:51 +02:00

1.2 KiB

Raw Blame History

Install and configure for Red Hat Enterprise Linux and CentOS

This section describes how to install and configure the Container Infrastructure Management service for Red Hat Enterprise Linux 7 and CentOS 7.

Install and configure components

Install the packages:

# yum install openstack-magnum-api openstack-magnum-conductor

Additionally, edit the /etc/magnum/magnum.conf file:
- In the [oslo_concurrency] section, configure the lock_path:
```
[oslo_concurrency]
...
lock_path = /var/lib/magnum/tmp
```

Finalize installation

Start the Container Infrastructure Management services and configure them to start when the system boots:

# systemctl enable openstack-magnum-api.service \
  openstack-magnum-conductor.service
# systemctl start openstack-magnum-api.service \
  openstack-magnum-conductor.service

1.2 KiB Raw Blame History

Install and configure for Red Hat Enterprise Linux and CentOS

Install and configure components

Finalize installation

1.2 KiB

Raw Blame History