1. devstack
  2. Commit 822b4cb2d16236dfdfd88bdde197baba466b2350
Browse code

Merge "Use service role for neutron instead of admin"

Jenkins authored on 2014/10/04 21:52:18
Showing 1 changed files
lib/neutron
History View file @ 822b4cb
... ... 
@@ -457,13 +457,13 @@ function create_neutron_cache_dir {
457 457 
 function create_neutron_accounts {
458 458
459 459 
     local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
460 
-    local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
460 
+    local service_role=$(openstack role list | awk "/ service / { print \$2 }")
461 461
462 462 
     if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
463 463
464 464 
         local neutron_user=$(get_or_create_user "neutron" \
465 465 
             "$SERVICE_PASSWORD" $service_tenant)
466 
-        get_or_add_user_role $admin_role $neutron_user $service_tenant
466 
+        get_or_add_user_role $service_role $neutron_user $service_tenant
467 467
468 468 
         if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
469 469
... ... 
@@ -889,6 +889,9 @@ function _configure_neutron_service {
889 889 
     cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
890 890 
     cp $NEUTRON_DIR/etc/policy.json $Q_POLICY_FILE
891 891
892 
+    # allow neutron user to administer neutron to match neutron account
893 
+    sed -i 's/"context_is_admin":  "role:admin"/"context_is_admin":  "role:admin or user_name:neutron"/g' $Q_POLICY_FILE
894 
+
892 895 
     # Update either configuration file with plugin
893 896 
     iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
894 897