To allow separating neutron l3, metadata, or dhcp agent from neutron
server or controller, there is supposed to be policy.json on the nodes
with l3, dhcp, metadata agent enabled, so it would be more appropriate
to create policy.json in _configure_neutron_common.
Change-Id: I890d647ffca05482f36ebaaf9c2c6e9e6cb23e2b
... | ... |
@@ -878,6 +878,12 @@ function _configure_neutron_common { |
878 | 878 |
|
879 | 879 |
cp $NEUTRON_DIR/etc/neutron.conf $NEUTRON_CONF |
880 | 880 |
|
881 |
+ Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json |
|
882 |
+ cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE |
|
883 |
+ |
|
884 |
+ # allow neutron user to administer neutron to match neutron account |
|
885 |
+ sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE |
|
886 |
+ |
|
881 | 887 |
# Set plugin-specific variables ``Q_DB_NAME``, ``Q_PLUGIN_CLASS``. |
882 | 888 |
# For main plugin config file, set ``Q_PLUGIN_CONF_PATH``, ``Q_PLUGIN_CONF_FILENAME``. |
883 | 889 |
# For addition plugin config files, set ``Q_PLUGIN_EXTRA_CONF_PATH``, |
... | ... |
@@ -1106,13 +1112,7 @@ function _configure_neutron_plugin_agent { |
1106 | 1106 |
# It is called when q-svc is enabled. |
1107 | 1107 |
function _configure_neutron_service { |
1108 | 1108 |
Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini |
1109 |
- Q_POLICY_FILE=$NEUTRON_CONF_DIR/policy.json |
|
1110 |
- |
|
1111 | 1109 |
cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE |
1112 |
- cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE |
|
1113 |
- |
|
1114 |
- # allow neutron user to administer neutron to match neutron account |
|
1115 |
- sed -i 's/"context_is_admin": "role:admin"/"context_is_admin": "role:admin or user_name:neutron"/g' $Q_POLICY_FILE |
|
1116 | 1110 |
|
1117 | 1111 |
# Update either configuration file with plugin |
1118 | 1112 |
iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS |