Why can't radosgw use own own credentials? If it's technical debt we need to put it on plate to address in next release.
-- Best regards, Sergii Golovatiuk, Skype #golserge IRC #holser On Tue, Jul 28, 2015 at 10:21 PM, Andrew Woodward <xar...@gmail.com> wrote: > Keystone authtoken is also used by radosgw to validate users > > On Tue, Jul 28, 2015 at 10:31 AM Andrew Woodward <awoodw...@mirantis.com> > wrote: > >> IIRC the puppet modules, and even the heat domain create script make use >> of the token straight from the config file. It not being present could >> cause problems for some of the manifests. We would need to ensure that >> their usage is minimized or removed. >> >> On Tue, Jul 28, 2015 at 9:29 AM Sergii Golovatiuk < >> sgolovat...@mirantis.com> wrote: >> >>> Hi Oleksiy, >>> >>> Good catch. Also OSTF should get endpoints from hiera as some plugins >>> may override the initial deployment settings. There may be cases when >>> keystone is detached by plugin. >>> >>> -- >>> Best regards, >>> Sergii Golovatiuk, >>> Skype #golserge >>> IRC #holser >>> >>> On Tue, Jul 28, 2015 at 5:26 PM, Oleksiy Molchanov < >>> omolcha...@mirantis.com> wrote: >>> >>>> Hello all, >>>> >>>> We need to discuss removal of OS_SERVICE_TOKEN usage in Fuel after >>>> deployment. This came from https://bugs.launchpad.net/fuel/+bug/1430619. >>>> I guess not all of us have an access to this bug, so to be short: >>>> >>>> # A "shared secret" that can be used to bootstrap Keystone. >>>> # This "token" does not represent a user, and carries no >>>> # explicit authorization. To disable in production (highly >>>> # recommended), remove AdminTokenAuthMiddleware from your >>>> # paste application pipelines (for example, in keystone- >>>> # paste.ini). (string value) >>>> >>>> After removing this and testing we found out that OSTF fails because it >>>> uses admin token. >>>> >>>> What do you think if we create ostf user like for workloads, but with >>>> wider permissions? >>>> >>>> BR, >>>> Oleksiy. >>>> >>>> >>>> __________________________________________________________________________ >>>> OpenStack Development Mailing List (not for usage questions) >>>> Unsubscribe: >>>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>>> >>>> >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> -- >> -- >> Andrew Woodward >> Mirantis >> Fuel Community Ambassador >> Ceph Community >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > -- > > -- > > Andrew Woodward > > Mirantis > > Fuel Community Ambassador > > Ceph Community > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
