openstack/kolla-ansible
Code Issues Proposed changes
12,565 Commits 5 Branches 112 Tags
1c93c8eab6
Commit Graph

9 Commits

Author SHA1 Message Date
Niklas Hagman
2e933dceb5 Transition Keystone admin user to system scope 
A system-scoped token implies the user has authorization to act on the
deployment system. These tokens are useful for interacting with
resources that affect the deployment as a whole, or exposes resources
that may otherwise violate project or domain isolation.

Since Queens, the keystone-manage bootstrap command assigns the admin
role to the admin user with system scope, as well as in the admin
project. This patch transitions the Keystone admin user from
authenticating using project scoped tokens to system scoped tokens.
This is a necessary step towards being able to enable the updated oslo
policies in services that allow finer grained access to system-level
resources and APIs.

An etherpad with discussion about the transition to the new oslo
service policies is:

https://etherpad.opendev.org/p/enabling-system-scope-in-kolla-ansible

Change-Id: Ib631e2211682862296cce9ea179f2661c90fa585
Signed-off-by: Niklas Hagman <ubuntu@post.blinkiz.com>
 2021-09-28 09:45:06 -07:00
Raimund Hook
99463849eb Updated multi-region docs to include keepalived 
The keepalived_virtual_router_id should be changed from the default in
the case of a multi-region deployment where the VIP of the different
regions resides on the same subnet.

This is not immediately clear - this change should make it more obvious.

Change-Id: Ia4899ba407937d9f27832c9d123701729e89987a
 2019-07-18 10:56:42 +01:00
Raimund Hook
fd07e3d911 Language tweaks in multi-region docs for clarity 
Tweaked some of the language in doc/source/user/multi-regions.rst for
clarity purposes.

TrivialFix

Change-Id: Icdd8da6886d0e39da5da80c37d14d2688431ba8f
 2019-07-12 12:45:10 +01:00
chenxing
eaa9815ad2 Remove '.. end' comments 
Following by https://review.openstack.org/#/c/605097/
These were used by now-dead tooling. We can remove them.

Change-Id: I0953751044f038a3fdd1acd49b3d2b053ac4bec8
 2018-09-28 10:15:37 +08:00
confi-surya
dbf754655f Following the new PTI for document build 
For compliance with the Project Testing Interface [1]
as described in [2]

[1]
https://governance.openstack.org/tc/reference/project-testing-interface.html
[2]
http://lists.openstack.org/pipermail/openstack-dev/2017-December/125710.html

doc8 command is dropped from docs tox envs.
So this affect nothing and run in PEP8.

Related-Bug: #1765348

Depends-On: Icc7fe3a8f9716281de88825e9d5b2fd84de3d00a
Change-Id: Idf9a16111479ccc64004eac9508da575822a3df5
 2018-05-21 10:51:59 +01:00
confi-surya
79374fbfba Update doc with new option 
`auth_uri` option is deprecated and changed to new option
`www_authenticate_uri` from group keystone_authtoken

please follow below link for reference
https://review.openstack.org/#/c/508522/

Change-Id: I8daa645ff1afab9ca643de2c3beb4d757007b514
 2018-04-09 11:46:24 +00:00
chenxing
3a77dba899 Upgrade the rst convention of the User Guide 
We upgrade the rst convention by following Documentation Contributor
Guide[1].

[1] https://docs.openstack.org/doc-contrib-guide

Change-Id: Ieceb3942073512fb10670a48d258c4055909496e
Partially-Implements: blueprint optimize-the-documentation-format
 2018-03-19 17:13:25 +08:00
liujunpeng
445954db33 add domain_name for multi-regions 
add domain_name for multi-regions. When deploying regiontwo,
nova_compute simple_cell_setup will use domain_name.

Change-Id: I2f4171e1469966140ccccb38540fa5c54258bdfb
 2017-12-01 03:13:34 +00:00
chenxing
cbd67ebdb1 Rearrange existing documentation to fit the new standard layout 
For more detail, see the doc migration spec.
http://specs.openstack.org/openstack/docs-specs/specs/pike/os-manuals-migration.html

Co-Authored-By: Eduardo Gonzalez <dabarren@gmail.com>
Change-Id: I3a7c0ed204ee1e9060b5325f20622afe9a5e3040
 2017-09-06 17:43:56 +02:00