diff options
author | Clint Byrum <clint@fewbar.com> | 2013-08-14 17:56:48 -0700 |
---|---|---|
committer | Clint Byrum <clint@fewbar.com> | 2013-08-14 20:25:14 -0700 |
commit | c7241b26e5356c1cedeb687d5066d5822c146777 (patch) | |
tree | 435de8d491c700b810c02edd2b2488528e40dc32 /overcloud-source.yaml | |
parent | 2334a8f0b2526aace63c74a7f58a5a8060d29487 (diff) |
Make Resource names suitable for merge/include
In nova-compute-instance.yaml, we need to use resource names that are
unique within the entire set of resources that may be merged or
included. However, we need the instance resource name to _match_ the
one in overcloud-source.yaml so that its own access policies can
function.
Without this change we will not have unique users and Metadata access
keys/policies for compute and controller.
Change-Id: Iebde7e6adede4984f4f693cf2d57b6fadb8be558
Diffstat (limited to 'overcloud-source.yaml')
-rw-r--r-- | overcloud-source.yaml | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/overcloud-source.yaml b/overcloud-source.yaml index 52e2b33f..f9c280be 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -35,15 +35,30 @@ Resources: AllowedResources: - notcompute Type: OS::Heat::AccessPolicy + ComputeAccessPolicy: + Properties: + AllowedResources: + - NovaCompute0 + Type: OS::Heat::AccessPolicy Key: Properties: UserName: Ref: User Type: AWS::IAM::AccessKey + ComputeKey: + Properties: + UserName: + Ref: ComputeUser + Type: AWS::IAM::AccessKey + ComputeUser: + Properties: + Policies: + - Ref: ComputeAccessPolicy + Type: AWS::IAM::User NovaCompute0: Type: FileInclude Path: nova-compute-instance.yaml - SubKey: Resources.NovaCompute + SubKey: Resources.NovaCompute0 Parameters: NovaApiHost: {"Fn::GetAtt": [notcompute, PrivateIp]} KeystoneHost: {"Fn::GetAtt": [notcompute, PrivateIp]} |