Keystone: Use service domain for service users

This PS moves to use a service domain for openstack service accounts and users. Change-Id: Ibe7c5f83a9fc9960fb85e53f9745d24f2192a94a Signed-off-by: Pete Birley <pete@port.direct>
2018-07-25 21:22:23 -05:00 · 2018-07-25 21:22:23 -05:00 · 95c5b4942d
commit 95c5b4942d
parent 71439d1b67
16 changed files with 64 additions and 61 deletions
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -538,8 +538,8 @@ endpoints:
        username: barbican
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/ceilometer/values.yaml
+++ b/ceilometer/values.yaml
@ -1690,16 +1690,16 @@ endpoints:
        username: ceilometer
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/ceph-client/values.yaml
+++ b/ceph-client/values.yaml
@ -274,7 +274,7 @@ conf:
    config:
      rgw_keystone_api_version: 3
      rgw_keystone_accepted_roles: "admin, member"
-      rgw_keystone_implicit_tenants: false
+      rgw_keystone_implicit_tenants: true
      rgw_keystone_make_new_tenants: true
      rgw_s3_auth_use_keystone: true
      rgw_swift_account_in_url: true
@ -442,8 +442,8 @@ endpoints:
        username: swift
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/cinder/values.yaml
+++ b/cinder/values.yaml
@ -1054,16 +1054,16 @@ endpoints:
        username: cinder
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/congress/values.yaml
+++ b/congress/values.yaml
@ -236,8 +236,8 @@ endpoints:
        username: congress
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/glance/values.yaml
+++ b/glance/values.yaml
@ -359,6 +359,9 @@ conf:
    user_domain_name = {{ .Values.endpoints.identity.auth.glance.user_domain_name }}
    project_domain_name = {{ .Values.endpoints.identity.auth.glance.project_domain_name }}
    auth_version = 3
+    # NOTE(portdirect): https://bugs.launchpad.net/glance-store/+bug/1620999
+    project_domain_id = ""
+    user_domain_id = ""
    {{- end -}}
  rabbitmq:
    #NOTE(rk760n): adding rmq policy to mirror messages from notification queues and set expiration time for the ones
@ -554,16 +557,16 @@ endpoints:
        username: glance
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/gnocchi/values.yaml
+++ b/gnocchi/values.yaml
@ -471,14 +471,14 @@ endpoints:
        os_tenant_name: "admin"
      gnocchi:
        username: "gnocchi"
-        user_domain_name: "default"
        role: "admin"
        password: "password"
        project_name: "service"
-        project_domain_name: "default"
        region_name: "RegionOne"
        os_auth_type: "password"
        os_tenant_name: "service"
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/heat/values.yaml
+++ b/heat/values.yaml
@ -782,16 +782,16 @@ endpoints:
        username: heat
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      heat_trustee:
        role: admin
        region_name: RegionOne
        username: heat-trust
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      heat_stack_user:
        role: admin
        region_name: RegionOne
@ -804,8 +804,8 @@ endpoints:
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/ironic/values.yaml
+++ b/ironic/values.yaml
@ -384,16 +384,16 @@ endpoints:
        username: glance
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      ironic:
        role: admin
        region_name: RegionOne
        username: ironic
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/magnum/values.yaml
+++ b/magnum/values.yaml
@ -344,8 +344,8 @@ endpoints:
        username: magnum
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      magnum_stack_user:
        role: admin
        region_name: RegionOne
--- a/mistral/values.yaml
+++ b/mistral/values.yaml
@ -225,16 +225,16 @@ endpoints:
        username: mistral
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@ -1753,23 +1753,23 @@ endpoints:
        username: neutron
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      nova:
        region_name: RegionOne
-        project_domain_name: default
        project_name: service
-        user_domain_name: default
        username: nova
        password: password
+        user_domain_name: service
+        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/nova/values.yaml
+++ b/nova/values.yaml
@ -1349,15 +1349,15 @@ endpoints:
        username: nova
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      # NOTE(portdirect): the neutron user is not managed by the nova chart
      # these values should match those set in the neutron chart.
      neutron:
        region_name: RegionOne
        project_name: service
-        project_domain_name: default
-        user_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
        username: neutron
        password: password
      # NOTE(portdirect): the ironic user is not managed by the nova chart
@ -1367,8 +1367,8 @@ endpoints:
        auth_version: v3
        region_name: RegionOne
        project_name: service
-        project_domain_name: default
-        user_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
        username: ironic
        password: password
      placement:
@ -1377,16 +1377,16 @@ endpoints:
        username: placement
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/rally/values.yaml
+++ b/rally/values.yaml
@ -246,8 +246,8 @@ endpoints:
        username: rally
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/senlin/values.yaml
+++ b/senlin/values.yaml
@ -391,16 +391,16 @@ endpoints:
        username: senlin
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
      test:
        role: admin
        region_name: RegionOne
        username: test
        password: password
        project_name: test
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone
--- a/tempest/values.yaml
+++ b/tempest/values.yaml
@ -241,8 +241,8 @@ endpoints:
        username: tempest
        password: password
        project_name: service
-        user_domain_name: default
-        project_domain_name: default
+        user_domain_name: service
+        project_domain_name: service
    hosts:
      default: keystone-api
      public: keystone