Do not set service_token_roles_required = True for now

This change was introduced in https://review.openstack.org/#/c/578618/

When this value is set to True, the service user should be assigned a
service role listed in the service_token_roles configuration key.

Otherwise other services which use the nova API will not work properly
(see the discussion in https://review.openstack.org/#/c/569886/ )

Apparently this is not the case for nova, where the service role
seems to be "admin", but the value of service_token_roles has
the default value of 'service' (it is not explicitly set).

So change back to the default value, even if it leads to a deprecation
warning.

For more details see:
https://bugs.launchpad.net/keystone/+bug/1779889
http://eavesdrop.openstack.org/irclogs/%23openstack-ansible/%23openstack-ansible.2018-07-10.log.html#t2018-07-10T17:47:14
http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-07-10.log.html#t2018-07-10T16:52:31

Change-Id: I08f32350b867ae0d26806b2d1774051467e90eb5
This commit is contained in:
Luigi Toscano 2018-07-11 10:34:53 +02:00
parent 59c7671c3e
commit 1b644e2a32

View File

@ -193,7 +193,6 @@ workers = {{ nova_conductor_workers | default(nova_api_threads) }}
[keystone_authtoken]
service_token_roles_required = True
insecure = {{ keystone_service_internaluri_insecure | bool }}
auth_type = {{ nova_keystone_auth_plugin }}
auth_url = {{ keystone_service_adminuri }}