[openstack-dev] [cross_project] Ensuring there is an admin project
Adam Young
ayoung at redhat.com
Thu Feb 11 03:11:35 UTC 2016
We have a fix for one of the most egregious bugs in the history of
Keystone: https://bugs.launchpad.net/keystone/+bug/968696 The only
problem is, it requires a configuration file change. A deployer needs to
set the values:
CONF.resource.admin_project_name
CONF.resource.admin_domain_name
How can we ensure that happens upon upgrade? Otherwise, we are stuck
with the existing brokeness.
For devstack, we can do
CONF.resource.admin_project_name = 'admin'
CONF.resource.admin_domain_name = 'Default'
And then, if we want, we would change the default policy files like this:
-"admin_required":"role:admin or is_admin:1",
+"admin_required":"role:admin and token.is_admin_project:True",
How do we make this happen?
More information about the OpenStack-dev
mailing list