From 91c8a5baf2cf2f0dddded57d88f00ea11dd4ff4a Mon Sep 17 00:00:00 2001 From: Sadegh Hayeri Date: Sun, 23 Jul 2023 14:15:08 +0330 Subject: [PATCH] Use service tokens Change-Id: If81d59cb848ae7e07eb7bcb8d594b5005a7d5528 --- cinder/Chart.yaml | 2 +- cinder/values.yaml | 6 ++++-- glance/Chart.yaml | 2 +- glance/values.yaml | 2 ++ neutron/Chart.yaml | 2 +- neutron/values.yaml | 2 ++ nova/Chart.yaml | 2 +- nova/values.yaml | 6 ++++-- placement/Chart.yaml | 2 +- placement/values.yaml | 2 ++ releasenotes/notes/cinder.yaml | 1 + releasenotes/notes/glance.yaml | 1 + releasenotes/notes/neutron.yaml | 1 + releasenotes/notes/nova.yaml | 1 + releasenotes/notes/placement.yaml | 1 + 15 files changed, 24 insertions(+), 9 deletions(-) diff --git a/cinder/Chart.yaml b/cinder/Chart.yaml index cd02fc1191..798c7aa17f 100644 --- a/cinder/Chart.yaml +++ b/cinder/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Cinder name: cinder -version: 0.3.12 +version: 0.3.13 home: https://docs.openstack.org/cinder/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png sources: diff --git a/cinder/values.yaml b/cinder/values.yaml index 07adee1cd7..28c2dc6a51 100644 --- a/cinder/values.yaml +++ b/cinder/values.yaml @@ -826,6 +826,8 @@ conf: database: max_retries: -1 keystone_authtoken: + service_token_roles: service + service_token_roles_required: true auth_version: v3 auth_type: password memcache_security_strategy: ENCRYPT @@ -848,7 +850,7 @@ conf: backend_url: file:///var/lib/cinder/coordination service_user: auth_type: password - send_service_user_token: false + send_service_user_token: true logging: loggers: keys: @@ -1224,7 +1226,7 @@ endpoints: user_domain_name: default project_domain_name: default cinder: - role: admin + role: admin,service region_name: RegionOne username: cinder password: password diff --git a/glance/Chart.yaml b/glance/Chart.yaml index 30aca5655e..95f222ec92 100644 --- a/glance/Chart.yaml +++ b/glance/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Glance name: glance -version: 0.4.8 +version: 0.4.9 home: https://docs.openstack.org/glance/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Glance/OpenStack_Project_Glance_vertical.png sources: diff --git a/glance/values.yaml b/glance/values.yaml index 160543b110..c4abde4af0 100644 --- a/glance/values.yaml +++ b/glance/values.yaml @@ -255,6 +255,8 @@ conf: oslo_middleware: enable_proxy_headers_parsing: true keystone_authtoken: + service_token_roles: service + service_token_roles_required: true auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT diff --git a/neutron/Chart.yaml b/neutron/Chart.yaml index c7d811e188..697a521dae 100644 --- a/neutron/Chart.yaml +++ b/neutron/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Neutron name: neutron -version: 0.3.15 +version: 0.3.16 home: https://docs.openstack.org/neutron/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/neutron/values.yaml b/neutron/values.yaml index 61624d6ef0..036805ed7d 100644 --- a/neutron/values.yaml +++ b/neutron/values.yaml @@ -1814,6 +1814,8 @@ conf: ironic: endpoint_type: internal keystone_authtoken: + service_token_roles: service + service_token_roles_required: true memcache_security_strategy: ENCRYPT auth_type: password auth_version: v3 diff --git a/nova/Chart.yaml b/nova/Chart.yaml index b51859fbc6..fc8a9398ab 100644 --- a/nova/Chart.yaml +++ b/nova/Chart.yaml @@ -14,7 +14,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Nova name: nova -version: 0.3.15 +version: 0.3.16 home: https://docs.openstack.org/nova/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Nova/OpenStack_Project_Nova_vertical.png sources: diff --git a/nova/values.yaml b/nova/values.yaml index 38f4b5181a..227827067e 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1396,6 +1396,8 @@ conf: cell0_database: max_retries: -1 keystone_authtoken: + service_token_roles: service + service_token_roles_required: true auth_type: password auth_version: v3 memcache_security_strategy: ENCRYPT @@ -1404,7 +1406,7 @@ conf: notify_on_state_change: vm_and_task_state service_user: auth_type: password - send_service_user_token: false + send_service_user_token: true libvirt: connection_uri: "qemu+unix:///system?socket=/run/libvirt/libvirt-sock" images_type: qcow2 @@ -1694,7 +1696,7 @@ endpoints: user_domain_name: default project_domain_name: default nova: - role: admin + role: admin,service region_name: RegionOne username: nova password: password diff --git a/placement/Chart.yaml b/placement/Chart.yaml index 623c048d6b..6e62be8622 100644 --- a/placement/Chart.yaml +++ b/placement/Chart.yaml @@ -16,7 +16,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm Placement name: placement -version: 0.3.6 +version: 0.3.7 home: https://docs.openstack.org/placement/latest/ icon: https://www.openstack.org/themes/openstack/images/project-mascots/Placement/OpenStack_Project_Placement_vertical.png sources: diff --git a/placement/values.yaml b/placement/values.yaml index aa864620ce..4a702ace29 100644 --- a/placement/values.yaml +++ b/placement/values.yaml @@ -82,6 +82,8 @@ conf: placement_database: connection: null keystone_authtoken: + service_token_roles: service + service_token_roles_required: true auth_version: v3 auth_type: password memcache_security_strategy: ENCRYPT diff --git a/releasenotes/notes/cinder.yaml b/releasenotes/notes/cinder.yaml index e9475b318a..9daf2b33bf 100644 --- a/releasenotes/notes/cinder.yaml +++ b/releasenotes/notes/cinder.yaml @@ -62,4 +62,5 @@ cinder: - 0.3.10 Define service_type in keystone_authtoken to support application credentials with access rules - 0.3.11 Add Zed overrides - 0.3.12 Add 2023.1 overrides + - 0.3.13 Use service tokens ... diff --git a/releasenotes/notes/glance.yaml b/releasenotes/notes/glance.yaml index 5ff4ef07d8..8df96bbfa1 100644 --- a/releasenotes/notes/glance.yaml +++ b/releasenotes/notes/glance.yaml @@ -42,4 +42,5 @@ glance: - 0.4.6 Define service_type in keystone_authtoken to support application credentials with access rules - 0.4.7 Add Zed overrides - 0.4.8 Add 2023.1 overrides + - 0.4.9 Use service tokens ... diff --git a/releasenotes/notes/neutron.yaml b/releasenotes/notes/neutron.yaml index a12f23420b..b5edf8c739 100644 --- a/releasenotes/notes/neutron.yaml +++ b/releasenotes/notes/neutron.yaml @@ -57,4 +57,5 @@ neutron: - 0.3.13 Remove duplicated argument when running a liveness check - 0.3.14 Add 2023.1 overrides - 0.3.15 Add asap2 support + - 0.3.16 Use service tokens ... diff --git a/releasenotes/notes/nova.yaml b/releasenotes/notes/nova.yaml index 4e5308c938..8b4376e6a0 100644 --- a/releasenotes/notes/nova.yaml +++ b/releasenotes/notes/nova.yaml @@ -84,4 +84,5 @@ nova: - 0.3.13 Add Zed overrides - 0.3.14 Add 2023.1 overrides - 0.3.15 Ensure that the health check script handles cases where the PID file exists but is empty or does not contain the expected data structure. + - 0.3.16 Use service tokens ... diff --git a/releasenotes/notes/placement.yaml b/releasenotes/notes/placement.yaml index 95be319c57..7b26932e79 100644 --- a/releasenotes/notes/placement.yaml +++ b/releasenotes/notes/placement.yaml @@ -29,4 +29,5 @@ placement: - 0.3.4 Define service_type in keystone_authtoken to support application credentials with access rules - 0.3.5 Add Zed overrides - 0.3.6 Add 2023.1 overrides + - 0.3.7 Use service tokens ...