[openstack-dev] [fuel] OS_SERVICE_TOKEN usage in Fuel
sgolovatiuk at mirantis.com
Tue Jul 28 16:28:49 UTC 2015
Good catch. Also OSTF should get endpoints from hiera as some plugins may
override the initial deployment settings. There may be cases when keystone
is detached by plugin.
On Tue, Jul 28, 2015 at 5:26 PM, Oleksiy Molchanov <omolchanov at mirantis.com>
> Hello all,
> We need to discuss removal of OS_SERVICE_TOKEN usage in Fuel after
> deployment. This came from https://bugs.launchpad.net/fuel/+bug/1430619.
> I guess not all of us have an access to this bug, so to be short:
> # A "shared secret" that can be used to bootstrap Keystone.
> # This "token" does not represent a user, and carries no
> # explicit authorization. To disable in production (highly
> # recommended), remove AdminTokenAuthMiddleware from your
> # paste application pipelines (for example, in keystone-
> # paste.ini). (string value)
> After removing this and testing we found out that OSTF fails because it
> uses admin token.
> What do you think if we create ostf user like for workloads, but with
> wider permissions?
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev