openstack/devstack
Code Issues Proposed changes

Add ResellerAdmin role to ceilometer user.

Browse Source 
For the sake of swift metering, 'ceilometer' user needs to be a
ResellerAdmin for tenant 'service'.

Change-Id: I65b3bdedddded9d5f3bac5c5d714288800ffa8b6
This commit is contained in:
guillaume pernot 2012-11-29 08:44:58 +01:00
parent a823ab4647
commit 901eed70b4
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
files/keystone_data.sh
View File

@ -87,6 +87,11 @@ MEMBER_ROLE=$(get_id keystone role-create --name=Member)
keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $DEMO_TENANT keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $INVIS_TENANT keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $INVIS_TENANT
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
# The admin role in swift allows a user to act as an admin for their tenant,
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
# role is also configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
# Services # Services
# -------- # --------
@ -129,11 +134,7 @@ if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
--internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s" --internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s"
fi fi
# Nova needs ResellerAdmin role to download images when accessing # Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api. The admin role in swift allows a user # swift through the s3 api.
# to act as an admin for their tenant, but ResellerAdmin is needed
# for a user to act as any tenant. The name of this role is also
# configurable in swift-proxy.conf
RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add \ keystone user-role-add \
--tenant_id $SERVICE_TENANT \ --tenant_id $SERVICE_TENANT \
--user_id $NOVA_USER \ --user_id $NOVA_USER \
@ -255,6 +256,10 @@ if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
keystone user-role-add --tenant_id $SERVICE_TENANT \ keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $CEILOMETER_USER \ --user_id $CEILOMETER_USER \
--role_id $ADMIN_ROLE --role_id $ADMIN_ROLE
# Ceilometer needs ResellerAdmin role to access swift account stats.
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $CEILOMETER_USER \
--role_id $RESELLER_ROLE
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
CEILOMETER_SERVICE=$(get_id keystone service-create \ CEILOMETER_SERVICE=$(get_id keystone service-create \
--name=ceilometer \ --name=ceilometer \