Skip to content
Snippets Groups Projects

close nova <-> cinder binding

  • Clone with SSH
  • Clone with HTTPS
  • Embed
  • Share
    The snippet can be accessed without any authentication.
    Authored by František Řezníček
    nova-cinder.tf 2.38 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60 
    # --- this role MAY be bootstrapped, if this is the case use terraform import to import it to the tf state

# This role is needed by tight cinder <-> nova service user linking
# see https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html and https://docs.openstack.org/releasenotes/cinder/yoga.html#upgrade-notes
resource "openstack_identity_role_v3" "service" {
  name = "service"
}

# --- data source to get IDs, these domain + project are normally bootstrapped

# recognize service domain (created by deployed OpenStack components)
data "openstack_identity_project_v3" "service" {
  name = "service"
  is_domain = true
}

# recognize project service in domain service (created by deployed OpenStack components)
data "openstack_identity_project_v3" "service_service" {
  name = "service"
  domain_id = data.openstack_identity_project_v3.service.id
}

# --- 

# This role assignment is needed by tight cinder <-> nova service user linking
# see https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html and https://docs.openstack.org/releasenotes/cinder/yoga.html#upgrade-notes

# recognize user nova in domain service (created by OpenStack nova bootstrap)
data "openstack_identity_user_v3" "service_nova" {
  name = "nova"
  domain_id = data.openstack_identity_project_v3.service.id
}

# add role service to service user nova
resource "openstack_identity_role_assignment_v3" "service_nova_service" {
  user_id    = data.openstack_identity_user_v3.service_nova.id
  project_id = data.openstack_identity_project_v3.service_service.id
  role_id    = openstack_identity_role_v3.service.id
}

# ---

# This role assignment is needed by tight cinder <-> nova service user linking
# see https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html and https://docs.openstack.org/releasenotes/cinder/yoga.html#upgrade-notes

# recognize user cinder in domain service (created by OpenStack cinder bootstrap)
data "openstack_identity_user_v3" "service_cinder" {
  name = "cinder"
  domain_id = data.openstack_identity_project_v3.service.id
}

# add role service to service user cinder
resource "openstack_identity_role_assignment_v3" "service_cinder_service" {
  user_id    = data.openstack_identity_user_v3.service_cinder.id
  project_id = data.openstack_identity_project_v3.service_service.id
  role_id    = openstack_identity_role_v3.service.id
}
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment