![Takashi Kajinami](/assets/img/avatar_default.png)
This change enforces usage of system scope credentials to manage flavors, aggregates, and services, following the new policy rules for SRBAC support in nova. The logic to look up credential for the nova service user from [keystone_authtoken] is left to keep backward compatibility but is deprecated and will be removed. Depends-on: https://review.opendev.org/806474 Depends-on: https://review.opendev.org/828025 Depends-on: https://review.opendev.org/828874 Change-Id: I71779f0f1459d64914589a94a440336386266306
23 lines
730 B
YAML
23 lines
730 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
Now the following resource types uses system scope credentail instead of
|
|
project scope credential when sending requests to Nova API.
|
|
|
|
- ``nova_aggregate``
|
|
- ``nova_flavor``
|
|
- ``nova_service``
|
|
|
|
deprecations:
|
|
- |
|
|
The following resource types have been using the credential written in
|
|
the ``[keystone_authtoken]`` section of ``nova.conf``. However this
|
|
behavior has been deprecated and now these resource types first look for
|
|
the yaml files in ``/etc/openstack/puppet``. Make sure one of
|
|
``clouds.yaml`` or ``admin-clouds.yaml`` (which is created by
|
|
puppet-keystone) is created in that directory.
|
|
|
|
- ``nova_aggregate``
|
|
- ``nova_flavor``
|
|
- ``nova_service``
|