[OC] add opencontrail admin
In order to stop using shared credentials a
separate contrail admin user has to be created.
This user will operate as admin in the same
admin tenant as keystone admin and will be
used with contrail services.
PROD-23356
Change-Id: Ife79c50282e637ee1a2fc4331eff0b518d2c66e2
diff --git a/keystone/client/v3/service/contrail.yml b/keystone/client/v3/service/contrail.yml
index 1b5701f..e6277d5 100644
--- a/keystone/client/v3/service/contrail.yml
+++ b/keystone/client/v3/service/contrail.yml
@@ -3,8 +3,28 @@
contrail_service_protocol: http
keystone:
client:
+ server:
+ contrail_identity:
+ admin:
+ user: contrail
+ password: ${_param:opencontrail_admin_password}
+ project: admin
+ host: ${_param:keystone_service_host}
+ port: 5000
+ region_name: ${_param:openstack_region}
+ use_keystoneauth: true
+ protocol: ${_param:keystone_service_protocol}
resources:
v3:
+ users:
+ contrail:
+ password: ${_param:opencontrail_admin_password}
+ email: ${_param:admin_email}
+ is_admin: true
+ roles:
+ admin:
+ name: admin
+ project_id: admin
services:
opencontrail:
type: contrail
diff --git a/opencontrail/compute/cluster4_0.yml b/opencontrail/compute/cluster4_0.yml
index 425f897..3cb1514 100644
--- a/opencontrail/compute/cluster4_0.yml
+++ b/opencontrail/compute/cluster4_0.yml
@@ -15,7 +15,7 @@
host: ${_param:openstack_control_address}
port: 35357
token: ${_param:keystone_service_token}
- password: ${_param:keystone_admin_password}
+ password: ${_param:opencontrail_admin_password}
network:
engine: neutron
host: ${_param:openstack_control_address}
diff --git a/opencontrail/compute/single4_0.yml b/opencontrail/compute/single4_0.yml
index b48d1d0..b98522d 100644
--- a/opencontrail/compute/single4_0.yml
+++ b/opencontrail/compute/single4_0.yml
@@ -13,7 +13,7 @@
host: ${_param:control_address}
port: 35357
token: ${_param:keystone_service_token}
- password: ${_param:keystone_admin_password}
+ password: ${_param:opencontrail_admin_password}
network:
engine: neutron
host: ${_param:control_address}