openstack/openstack-helm
Code Issues Proposed changes

Charts to use their own service accounts

Browse Source 
Currently charts create one user that
is used to get access to Keystone API to check auth
tokens and other services use this user
to get access to the service managed by this particular
chart.

So chart values must be aligned with each other. For
example when we deploy Neutron we use nova service
account managed by the Nova chart.

The spec [1] suggests charts by default to create
their own service accounts to get access to other APIs
instead of using service accounts managed by other charts.

[1] I12eb9341d5ff633ad4435f4938bf8c946ea388ee

This commit updates the following charts
- Neutron
- Nova
- Cinder

Depends-On: I12eb9341d5ff633ad4435f4938bf8c946ea388ee
Change-Id: Ic059b9bcd89084b0ccd1102ba57db7d3d1130af7
This commit is contained in:
Vladimir Kozhukalov
2025-04-30 18:38:18 -05:00
parent a7f921d10b
commit bfbf0c3b6d
13 changed files with 114 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
cinder/templates/configmap-etc.yaml
View File

@@ -54,22 +54,22 @@ limitations under the License.
{{- end }} {{- end }}
{{- if empty $envAll.Values.conf.cinder.nova.region_name -}} {{- if empty $envAll.Values.conf.cinder.nova.region_name -}}
{{- $_ := set $envAll.Values.conf.cinder.nova "region_name" $envAll.Values.endpoints.identity.auth.cinder.region_name -}} {{- $_ := set $envAll.Values.conf.cinder.nova "region_name" $envAll.Values.endpoints.identity.auth.nova.region_name -}}
{{- end -}} {{- end -}}
{{- if empty $envAll.Values.conf.cinder.nova.project_name -}} {{- if empty $envAll.Values.conf.cinder.nova.project_name -}}
{{- $_ := set $envAll.Values.conf.cinder.nova "project_name" $envAll.Values.endpoints.identity.auth.cinder.project_name -}} {{- $_ := set $envAll.Values.conf.cinder.nova "project_name" $envAll.Values.endpoints.identity.auth.nova.project_name -}}
{{- end -}} {{- end -}}
{{- if empty $envAll.Values.conf.cinder.nova.project_domain_name -}} {{- if empty $envAll.Values.conf.cinder.nova.project_domain_name -}}
{{- $_ := set $envAll.Values.conf.cinder.nova "project_domain_name" $envAll.Values.endpoints.identity.auth.cinder.project_domain_name -}} {{- $_ := set $envAll.Values.conf.cinder.nova "project_domain_name" $envAll.Values.endpoints.identity.auth.nova.project_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty $envAll.Values.conf.cinder.nova.user_domain_name -}} {{- if empty $envAll.Values.conf.cinder.nova.user_domain_name -}}
{{- $_ := set $envAll.Values.conf.cinder.nova "user_domain_name" $envAll.Values.endpoints.identity.auth.cinder.user_domain_name -}} {{- $_ := set $envAll.Values.conf.cinder.nova "user_domain_name" $envAll.Values.endpoints.identity.auth.nova.user_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty $envAll.Values.conf.cinder.nova.username -}} {{- if empty $envAll.Values.conf.cinder.nova.username -}}
{{- $_ := set $envAll.Values.conf.cinder.nova "username" $envAll.Values.endpoints.identity.auth.cinder.username -}} {{- $_ := set $envAll.Values.conf.cinder.nova "username" $envAll.Values.endpoints.identity.auth.nova.username -}}
{{- end -}} {{- end -}}
{{- if empty $envAll.Values.conf.cinder.nova.password -}} {{- if empty $envAll.Values.conf.cinder.nova.password -}}
{{- $_ := set $envAll.Values.conf.cinder.nova "password" $envAll.Values.endpoints.identity.auth.cinder.password -}} {{- $_ := set $envAll.Values.conf.cinder.nova "password" $envAll.Values.endpoints.identity.auth.nova.password -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.database.connection -}} {{- if empty .Values.conf.cinder.database.connection -}}
@@ -97,19 +97,19 @@ limitations under the License.
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "backup_swift_auth_url" -}} {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.cinder.DEFAULT "backup_swift_auth_url" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user_domain -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user_domain -}}
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.cinder.user_domain_name -}} {{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_user_domain" .Values.endpoints.identity.auth.swift.user_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_user -}}
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.cinder.username -}} {{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_user" .Values.endpoints.identity.auth.swift.username -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_key -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_key -}}
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.cinder.password -}} {{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_key" .Values.endpoints.identity.auth.swift.password -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project_domain -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project_domain -}}
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.cinder.project_domain_name -}} {{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_project_domain" .Values.endpoints.identity.auth.swift.project_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project -}} {{- if empty .Values.conf.cinder.DEFAULT.backup_swift_project -}}
{{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.cinder.project_name -}} {{- $_ := set .Values.conf.cinder.DEFAULT "backup_swift_project" .Values.endpoints.identity.auth.swift.project_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.DEFAULT.swift_catalog_info -}} {{- if empty .Values.conf.cinder.DEFAULT.swift_catalog_info -}}
{{- $_ := set .Values.conf.cinder.DEFAULT "swift_catalog_info" "object-store:swift:internalURL" -}} {{- $_ := set .Values.conf.cinder.DEFAULT "swift_catalog_info" "object-store:swift:internalURL" -}}
@@ -125,22 +125,22 @@ limitations under the License.
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.cinder.service_user "auth_url" -}} {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.cinder.service_user "auth_url" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.service_user.region_name -}} {{- if empty .Values.conf.cinder.service_user.region_name -}}
{{- $_ := set .Values.conf.cinder.service_user "region_name" .Values.endpoints.identity.auth.cinder.region_name -}} {{- $_ := set .Values.conf.cinder.service_user "region_name" .Values.endpoints.identity.auth.service.region_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.service_user.project_name -}} {{- if empty .Values.conf.cinder.service_user.project_name -}}
{{- $_ := set .Values.conf.cinder.service_user "project_name" .Values.endpoints.identity.auth.cinder.project_name -}} {{- $_ := set .Values.conf.cinder.service_user "project_name" .Values.endpoints.identity.auth.service.project_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.service_user.project_domain_name -}} {{- if empty .Values.conf.cinder.service_user.project_domain_name -}}
{{- $_ := set .Values.conf.cinder.service_user "project_domain_name" .Values.endpoints.identity.auth.cinder.project_domain_name -}} {{- $_ := set .Values.conf.cinder.service_user "project_domain_name" .Values.endpoints.identity.auth.service.project_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.service_user.user_domain_name -}} {{- if empty .Values.conf.cinder.service_user.user_domain_name -}}
{{- $_ := set .Values.conf.cinder.service_user "user_domain_name" .Values.endpoints.identity.auth.cinder.user_domain_name -}} {{- $_ := set .Values.conf.cinder.service_user "user_domain_name" .Values.endpoints.identity.auth.service.user_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.service_user.username -}} {{- if empty .Values.conf.cinder.service_user.username -}}
{{- $_ := set .Values.conf.cinder.service_user "username" .Values.endpoints.identity.auth.cinder.username -}} {{- $_ := set .Values.conf.cinder.service_user "username" .Values.endpoints.identity.auth.service.username -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.cinder.service_user.password -}} {{- if empty .Values.conf.cinder.service_user.password -}}
{{- $_ := set .Values.conf.cinder.service_user "password" .Values.endpoints.identity.auth.cinder.password -}} {{- $_ := set .Values.conf.cinder.service_user "password" .Values.endpoints.identity.auth.service.password -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

9
cinder/templates/job-ks-user.yaml
View File

@@ -18,7 +18,14 @@ helm.sh/hook-weight: "-1"
{{- end }} {{- end }}
{{- if .Values.manifests.job_ks_user }} {{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "cinder" -}} {{- $serviceUsers := (tuple "cinder" "nova") -}}
{{- if (contains "cinder.backup.drivers.swift" .Values.conf.cinder.DEFAULT.backup_driver) }}
{{- $serviceUsers = append $serviceUsers "swift" -}}
{{- end }}
{{- if .Values.conf.cinder.service_user.send_service_user_token -}}
{{- $serviceUsers = append $serviceUsers "service" -}}
{{- end }}
{{- $ksUserJob := dict "envAll" . "serviceName" "cinder" "serviceUsers" $serviceUsers -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}} {{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}} {{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.volumev3.api.internal -}}
{{- end -}} {{- end -}}

2
cinder/templates/secret-keystone.yaml
View File

@@ -14,7 +14,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "cinder" "test" }} {{- range $userClass, $val := $envAll.Values.endpoints.identity.auth }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

27
cinder/values.yaml
View File

@@ -1183,6 +1183,9 @@ secrets:
identity: identity:
admin: cinder-keystone-admin admin: cinder-keystone-admin
cinder: cinder-keystone-user cinder: cinder-keystone-user
nova: cinder-keystone-nova
swift: cinder-keystone-swift
service: cinder-keystone-service
test: cinder-keystone-test test: cinder-keystone-test
oslo_db: oslo_db:
admin: cinder-db-admin admin: cinder-db-admin
@@ -1252,6 +1255,30 @@ endpoints:
project_name: service project_name: service
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
nova:
role: admin,service
region_name: RegionOne
project_name: service
username: cinder_nova
password: password
user_domain_name: service
project_domain_name: service
swift:
role: admin,service
region_name: RegionOne
project_name: service
username: cinder_swift
password: password
user_domain_name: service
project_domain_name: service
service:
role: admin,service
region_name: RegionOne
project_name: service
username: cinder_service_user
password: password
user_domain_name: service
project_domain_name: service
test: test:
role: admin role: admin
region_name: RegionOne region_name: RegionOne

2
neutron/templates/deployment-server.yaml
View File

@@ -184,9 +184,11 @@ spec:
command: command:
- /tmp/neutron-server.sh - /tmp/neutron-server.sh
- stop - stop
{{- if not $envAll.Values.manifests.certificates }}
ports: ports:
- name: q-api - name: q-api
containerPort: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} containerPort: {{ tuple "network" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- end }}
volumeMounts: volumeMounts:
- name: pod-tmp - name: pod-tmp
mountPath: /tmp mountPath: /tmp

9
neutron/templates/job-ks-user.yaml
View File

@@ -18,7 +18,14 @@ helm.sh/hook-weight: "-1"
{{- end }} {{- end }}
{{- if .Values.manifests.job_ks_user }} {{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "neutron" -}} {{- $serviceUsers := (tuple "neutron" "nova" "placement") -}}
{{- if eq (.Values.conf.neutron.DEFAULT.external_dns_driver | default "") "designate" -}}
{{- $serviceUsers = append $serviceUsers "designate" -}}
{{- end -}}
{{- if (has "baremetal" .Values.network.backend) -}}
{{- $serviceUsers = append $serviceUsers "ironic" -}}
{{- end -}}
{{- $ksUserJob := dict "envAll" . "serviceName" "neutron" "serviceUsers" $serviceUsers -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}} {{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.network.server.internal -}} {{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.network.server.internal -}}
{{- end -}} {{- end -}}

2
neutron/templates/secret-keystone.yaml
View File

@@ -14,7 +14,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "neutron" "test" }} {{- range $userClass, $val := $envAll.Values.endpoints.identity.auth }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

16
neutron/values.yaml
View File

@@ -2291,6 +2291,10 @@ secrets:
identity: identity:
admin: neutron-keystone-admin admin: neutron-keystone-admin
neutron: neutron-keystone-user neutron: neutron-keystone-user
nova: neutron-keystone-nova
placement: neutron-keystone-placement
designate: neutron-keystone-designate
ironic: neutron-keystone-ironic
test: neutron-keystone-test test: neutron-keystone-test
oslo_db: oslo_db:
admin: neutron-db-admin admin: neutron-db-admin
@@ -2452,30 +2456,34 @@ endpoints:
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
nova: nova:
role: admin,service
region_name: RegionOne region_name: RegionOne
project_name: service project_name: service
username: nova username: neutron_nova
password: password password: password
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
placement: placement:
role: admin,service
region_name: RegionOne region_name: RegionOne
project_name: service project_name: service
username: placement username: neutron_placement
password: password password: password
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
designate: designate:
role: admin,service
region_name: RegionOne region_name: RegionOne
project_name: service project_name: service
username: designate username: neutron_designate
password: password password: password
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
ironic: ironic:
role: admin,service
region_name: RegionOne region_name: RegionOne
project_name: service project_name: service
username: ironic username: neutron_ironic
password: password password: password
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service

12
nova/templates/configmap-etc.yaml
View File

@@ -61,22 +61,22 @@ limitations under the License.
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}} {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.nova.service_user "auth_url" -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.service_user.region_name -}} {{- if empty .Values.conf.nova.service_user.region_name -}}
{{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.nova.region_name -}} {{- $_ := set .Values.conf.nova.service_user "region_name" .Values.endpoints.identity.auth.service.region_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.service_user.project_name -}} {{- if empty .Values.conf.nova.service_user.project_name -}}
{{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.nova.project_name -}} {{- $_ := set .Values.conf.nova.service_user "project_name" .Values.endpoints.identity.auth.service.project_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.service_user.project_domain_name -}} {{- if empty .Values.conf.nova.service_user.project_domain_name -}}
{{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.nova.project_domain_name -}} {{- $_ := set .Values.conf.nova.service_user "project_domain_name" .Values.endpoints.identity.auth.service.project_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.service_user.user_domain_name -}} {{- if empty .Values.conf.nova.service_user.user_domain_name -}}
{{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.nova.user_domain_name -}} {{- $_ := set .Values.conf.nova.service_user "user_domain_name" .Values.endpoints.identity.auth.service.user_domain_name -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.service_user.username -}} {{- if empty .Values.conf.nova.service_user.username -}}
{{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.nova.username -}} {{- $_ := set .Values.conf.nova.service_user "username" .Values.endpoints.identity.auth.service.username -}}
{{- end -}} {{- end -}}
{{- if empty .Values.conf.nova.service_user.password -}} {{- if empty .Values.conf.nova.service_user.password -}}
{{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.nova.password -}} {{- $_ := set .Values.conf.nova.service_user "password" .Values.endpoints.identity.auth.service.password -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

6
nova/templates/job-ks-user.yaml
View File

@@ -18,7 +18,11 @@ helm.sh/hook-weight: "-1"
{{- end }} {{- end }}
{{- if .Values.manifests.job_ks_user }} {{- if .Values.manifests.job_ks_user }}
{{- $ksUserJob := dict "envAll" . "serviceName" "nova" -}} {{- $serviceUsers := (tuple "nova" "neutron" "placement" "ironic" "cinder") -}}
{{- if .Values.conf.nova.service_user.send_service_user_token }}
{{- $serviceUsers = append $serviceUsers "service" -}}
{{- end }}
{{- $ksUserJob := dict "envAll" . "serviceName" "nova" "serviceUsers" $serviceUsers -}}
{{- if or .Values.manifests.certificates .Values.tls.identity -}} {{- if or .Values.manifests.certificates .Values.tls.identity -}}
{{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.compute.osapi.internal -}} {{- $_ := set $ksUserJob "tlsSecret" .Values.secrets.tls.compute.osapi.internal -}}
{{- end -}} {{- end -}}

2
nova/templates/secret-keystone.yaml
View File

@@ -14,7 +14,7 @@ limitations under the License.
{{- if .Values.manifests.secret_keystone }} {{- if .Values.manifests.secret_keystone }}
{{- $envAll := . }} {{- $envAll := . }}
{{- range $key1, $userClass := tuple "admin" "nova" "test" }} {{- range $userClass, $val := $envAll.Values.endpoints.identity.auth }}
{{- $secretName := index $envAll.Values.secrets.identity $userClass }} {{- $secretName := index $envAll.Values.secrets.identity $userClass }}
--- ---
apiVersion: v1 apiVersion: v1

25
nova/values.yaml
View File

@@ -1641,6 +1641,11 @@ secrets:
identity: identity:
admin: nova-keystone-admin admin: nova-keystone-admin
nova: nova-keystone-user nova: nova-keystone-user
neutron: nova-keystone-neutron
placement: nova-keystone-placement
cinder: nova-keystone-cinder
ironic: nova-keystone-ironic
service: nova-keystone-service
test: nova-keystone-test test: nova-keystone-test
oslo_db: oslo_db:
admin: nova-db-admin admin: nova-db-admin
@@ -1824,30 +1829,40 @@ endpoints:
project_name: service project_name: service
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
service:
role: admin,service
region_name: RegionOne
username: nova_service_user
password: password
project_name: service
user_domain_name: service
project_domain_name: service
# NOTE(portdirect): the neutron user is not managed by the nova chart # NOTE(portdirect): the neutron user is not managed by the nova chart
# these values should match those set in the neutron chart. # these values should match those set in the neutron chart.
neutron: neutron:
role: admin,service
region_name: RegionOne region_name: RegionOne
project_name: service project_name: service
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
username: neutron username: nova_neutron
password: password password: password
# NOTE(portdirect): the ironic user is not managed by the nova chart # NOTE(portdirect): the ironic user is not managed by the nova chart
# these values should match those set in the ironic chart. # these values should match those set in the ironic chart.
ironic: ironic:
role: admin,service
auth_type: password auth_type: password
auth_version: v3 auth_version: v3
region_name: RegionOne region_name: RegionOne
project_name: service project_name: service
user_domain_name: service user_domain_name: service
project_domain_name: service project_domain_name: service
username: ironic username: nova_ironic
password: password password: password
placement: placement:
role: admin role: admin,service
region_name: RegionOne region_name: RegionOne
username: placement username: nova_placement
password: password password: password
project_name: service project_name: service
user_domain_name: service user_domain_name: service
@@ -1855,7 +1870,7 @@ endpoints:
cinder: cinder:
role: admin,service role: admin,service
region_name: RegionOne region_name: RegionOne
username: cinder username: nova_cinder
password: password password: password
project_name: service project_name: service
user_domain_name: service user_domain_name: service

6
releasenotes/notes/neutron-2d4db97bc8900286.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
neutron:
- |
Create multiple Keystone service accounts to access to
other Openstack APIs
...