Code Review / apex-tripleo-heat-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 891e5ef)
Use service tenant for ceilometer
authorJames Slagle <jslagle@redhat.com>
Tue, 6 Oct 2015 12:56:13 +0000 (08:56 -0400)
committerJames Slagle <jslagle@redhat.com>
Fri, 8 Jan 2016 20:03:09 +0000 (15:03 -0500)
Configure ceilometer to use the service tenant instead of the admin
tenant.  Using the admin tenant is not required and a security risk.

This brings the ceilometer configuration in line with the
recommendations from the official installation guide:
http://docs.openstack.org/kilo/install-guide/install/yum/content/ceilometer-controller-install.html

Change-Id: Ia14695eb23a1ff551fd27f74b4cb864e80b100e3
Partial-Bug: #1358237

puppet/hieradata/common.yaml patch | blob | history

diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index b4b51ab..cc20dae 100644 (file)
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -3,9 +3,7 @@ ssh::server::storeconfigs_enabled: false
 
 # ceilometer settings used by compute and controller ceilo auth settings
 ceilometer::agent::auth::auth_region: 'regionOne'
-# FIXME: Might be better to use 'service' tenant here but this requires
-# changes in the tripleo-incubator keystone role setup
-ceilometer::agent::auth::auth_tenant_name: 'admin'
+ceilometer::agent::auth::auth_tenant_name: 'service'
 
 nova::api::admin_tenant_name: 'service'
 nova::network::neutron::neutron_admin_tenant_name: 'service'