Skip to content
Snippets Groups Projects
Commit 25fcdfb9 authored by Vladislav Belogrudov's avatar Vladislav Belogrudov
Browse files

Use default user group consistently 

Default user group should be set much earlier in deployment
and should be used consistently accross all projects.

Change-Id: Id399f9ddebc903bb9c3eeb5a0ff6f33ca6d6828c
Closes-Bug: #1650501
parent 627719e6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 17 additions and 24 deletions
ansible/group_vars/all.yml
+ 1
0
View file @ 25fcdfb9
......@@ -359,6 +359,7 @@ keystone_public_url: "{{ public_protocol }}://{{ kolla_external_fqdn }}:{{ keyst
keystone_token_provider: "uuid"
fernet_token_expiry: 86400
keystone_default_user_role: "_member_"
#######################
# Glance options
......
ansible/roles/ceph/templates/ceph.conf.j2
+ 1
1
View file @ 25fcdfb9
......@@ -40,7 +40,7 @@ rgw_keystone_admin_password = {{ openstack_auth.password }}
rgw_keystone_admin_project = {{ openstack_auth.project_name }}
rgw_keystone_admin_domain = default
rgw_keystone_api_version = 3
rgw_keystone_accepted_roles = admin, _member_
rgw_keystone_accepted_roles = admin, {{ keystone_default_user_role }}
{% endif %}
keyring = /etc/ceph/ceph.client.radosgw.keyring
log file = /var/log/kolla/ceph/client.radosgw.gateway.log
......
ansible/roles/horizon/defaults/main.yml
+ 0
6
View file @ 25fcdfb9
......@@ -22,9 +22,3 @@ horizon_image_full: "{{ horizon_image }}:{{ horizon_tag }}"
openstack_horizon_auth: "{'auth_url':'{{ openstack_auth.auth_url }}','username':'{{ openstack_auth.username }}','password':'{{ openstack_auth.password }}','project_name':'{{ openstack_auth.project_name }}'}"
horizon_logging_debug: "{{ openstack_logging_debug }}"
####################
# Horizon
####################
horizon_openstack_keystone_default_role: "_member_"
ansible/roles/horizon/tasks/deploy.yml
+ 0
2
View file @ 25fcdfb9
---
- include: config.yml
- include: register.yml
- include: bootstrap.yml
when: horizon_backend_database | bool
......
ansible/roles/horizon/tasks/register.yml deleted 100644 → 0
+ 0
13
View file @ 627719e6
---
- name: Creating the _member_ role
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m os_keystone_role
-a "name={{ horizon_openstack_keystone_default_role }}
auth={{ '{{ openstack_horizon_auth }}' }}"
-e "{'openstack_horizon_auth':{{ openstack_horizon_auth }}}"
register: horizon_role
changed_when: "{{ horizon_role.stdout.find('localhost | SUCCESS => ') != -1 and (horizon_role.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: horizon_role.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True
ansible/roles/horizon/templates/local_settings.j2
+ 1
1
View file @ 25fcdfb9
......@@ -193,7 +193,7 @@ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_HOST = "{% if orchestration_engine == 'KUBERNETES' %}{{ api_interface_address }}{% else %}{{ kolla_internal_fqdn }}{% endif %}"
OPENSTACK_KEYSTONE_URL = "{{ keystone_internal_url }}"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ horizon_openstack_keystone_default_role }}"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "{{ keystone_default_user_role }}"
# Enables keystone web single-sign-on if set to True.
#WEBSSO_ENABLED = False
......
ansible/roles/keystone/tasks/register.yml
+ 13
0
View file @ 25fcdfb9
......@@ -5,3 +5,16 @@
changed_when: "{{ (keystone_bootstrap.stdout | from_json).changed }}"
failed_when: "{{ (keystone_bootstrap.stdout | from_json).failed }}"
run_once: True
- name: Creating default user role
command: docker exec -t kolla_toolbox /usr/bin/ansible localhost
-m os_keystone_role
-a "name={{ keystone_default_user_role }}
auth={{ '{{ openstack_keystone_auth }}' }}"
-e "{'openstack_keystone_auth':{{ openstack_keystone_auth }}}"
register: default_role
changed_when: "{{ default_role.stdout.find('localhost | SUCCESS => ') != -1 and (default_role.stdout.split('localhost | SUCCESS => ')[1]|from_json).changed }}"
until: default_role.stdout.split()[2] == 'SUCCESS'
retries: 10
delay: 5
run_once: True
ansible/roles/swift/templates/proxy-server.conf.j2
+ 1
1
View file @ 25fcdfb9
......@@ -46,7 +46,7 @@ memcached_servers = {% for host in groups['memcached'] %}{{ hostvars[host]['ansi
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
operator_roles = admin,{{ keystone_default_user_role }}
[filter:container_sync]
use = egg:swift#container_sync
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment