Keystone: Use service domain for service users
This PS moves to use a service domain for openstack service accounts and users. Change-Id: Ibe7c5f83a9fc9960fb85e53f9745d24f2192a94a Signed-off-by: Pete Birley <pete@port.direct>
This commit is contained in:
parent
71439d1b67
commit
95c5b4942d
@ -538,8 +538,8 @@ endpoints:
|
|||||||
username: barbican
|
username: barbican
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -1690,16 +1690,16 @@ endpoints:
|
|||||||
username: ceilometer
|
username: ceilometer
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
test:
|
test:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -274,7 +274,7 @@ conf:
|
|||||||
config:
|
config:
|
||||||
rgw_keystone_api_version: 3
|
rgw_keystone_api_version: 3
|
||||||
rgw_keystone_accepted_roles: "admin, member"
|
rgw_keystone_accepted_roles: "admin, member"
|
||||||
rgw_keystone_implicit_tenants: false
|
rgw_keystone_implicit_tenants: true
|
||||||
rgw_keystone_make_new_tenants: true
|
rgw_keystone_make_new_tenants: true
|
||||||
rgw_s3_auth_use_keystone: true
|
rgw_s3_auth_use_keystone: true
|
||||||
rgw_swift_account_in_url: true
|
rgw_swift_account_in_url: true
|
||||||
@ -442,8 +442,8 @@ endpoints:
|
|||||||
username: swift
|
username: swift
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -1054,16 +1054,16 @@ endpoints:
|
|||||||
username: cinder
|
username: cinder
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
test:
|
test:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -236,8 +236,8 @@ endpoints:
|
|||||||
username: congress
|
username: congress
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -359,6 +359,9 @@ conf:
|
|||||||
user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
|
user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
|
||||||
project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
|
project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
|
||||||
auth_version = 3
|
auth_version = 3
|
||||||
|
# NOTE(portdirect): https://bugs.launchpad.net/glance-store/+bug/1620999
|
||||||
|
project_domain_id = ""
|
||||||
|
user_domain_id = ""
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
rabbitmq:
|
rabbitmq:
|
||||||
#NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
|
#NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
|
||||||
@ -554,16 +557,16 @@ endpoints:
|
|||||||
username: glance
|
username: glance
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
test:
|
test:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -471,14 +471,14 @@ endpoints:
|
|||||||
os_tenant_name: "admin"
|
os_tenant_name: "admin"
|
||||||
gnocchi:
|
gnocchi:
|
||||||
username: "gnocchi"
|
username: "gnocchi"
|
||||||
user_domain_name: "default"
|
|
||||||
role: "admin"
|
role: "admin"
|
||||||
password: "password"
|
password: "password"
|
||||||
project_name: "service"
|
project_name: "service"
|
||||||
project_domain_name: "default"
|
|
||||||
region_name: "RegionOne"
|
region_name: "RegionOne"
|
||||||
os_auth_type: "password"
|
os_auth_type: "password"
|
||||||
os_tenant_name: "service"
|
os_tenant_name: "service"
|
||||||
|
user_domain_name: service
|
||||||
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -782,16 +782,16 @@ endpoints:
|
|||||||
username: heat
|
username: heat
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
heat_trustee:
|
heat_trustee:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: heat-trust
|
username: heat-trust
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
heat_stack_user:
|
heat_stack_user:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
@ -804,8 +804,8 @@ endpoints:
|
|||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -384,16 +384,16 @@ endpoints:
|
|||||||
username: glance
|
username: glance
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
ironic:
|
ironic:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: ironic
|
username: ironic
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -344,8 +344,8 @@ endpoints:
|
|||||||
username: magnum
|
username: magnum
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
magnum_stack_user:
|
magnum_stack_user:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
|
@ -225,16 +225,16 @@ endpoints:
|
|||||||
username: mistral
|
username: mistral
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
test:
|
test:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -1753,23 +1753,23 @@ endpoints:
|
|||||||
username: neutron
|
username: neutron
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
nova:
|
nova:
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
project_domain_name: default
|
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
|
||||||
username: nova
|
username: nova
|
||||||
password: password
|
password: password
|
||||||
|
user_domain_name: service
|
||||||
|
project_domain_name: service
|
||||||
test:
|
test:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -1349,15 +1349,15 @@ endpoints:
|
|||||||
username: nova
|
username: nova
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
# NOTE(portdirect): the neutron user is not managed by the nova chart
|
# NOTE(portdirect): the neutron user is not managed by the nova chart
|
||||||
# these values should match those set in the neutron chart.
|
# these values should match those set in the neutron chart.
|
||||||
neutron:
|
neutron:
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
project_name: service
|
project_name: service
|
||||||
project_domain_name: default
|
user_domain_name: service
|
||||||
user_domain_name: default
|
project_domain_name: service
|
||||||
username: neutron
|
username: neutron
|
||||||
password: password
|
password: password
|
||||||
# NOTE(portdirect): the ironic user is not managed by the nova chart
|
# NOTE(portdirect): the ironic user is not managed by the nova chart
|
||||||
@ -1367,8 +1367,8 @@ endpoints:
|
|||||||
auth_version: v3
|
auth_version: v3
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
project_name: service
|
project_name: service
|
||||||
project_domain_name: default
|
user_domain_name: service
|
||||||
user_domain_name: default
|
project_domain_name: service
|
||||||
username: ironic
|
username: ironic
|
||||||
password: password
|
password: password
|
||||||
placement:
|
placement:
|
||||||
@ -1377,16 +1377,16 @@ endpoints:
|
|||||||
username: placement
|
username: placement
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
test:
|
test:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -246,8 +246,8 @@ endpoints:
|
|||||||
username: rally
|
username: rally
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -391,16 +391,16 @@ endpoints:
|
|||||||
username: senlin
|
username: senlin
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
test:
|
test:
|
||||||
role: admin
|
role: admin
|
||||||
region_name: RegionOne
|
region_name: RegionOne
|
||||||
username: test
|
username: test
|
||||||
password: password
|
password: password
|
||||||
project_name: test
|
project_name: test
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
@ -241,8 +241,8 @@ endpoints:
|
|||||||
username: tempest
|
username: tempest
|
||||||
password: password
|
password: password
|
||||||
project_name: service
|
project_name: service
|
||||||
user_domain_name: default
|
user_domain_name: service
|
||||||
project_domain_name: default
|
project_domain_name: service
|
||||||
hosts:
|
hosts:
|
||||||
default: keystone-api
|
default: keystone-api
|
||||||
public: keystone
|
public: keystone
|
||||||
|
Loading…
Reference in New Issue
Block a user