From 0d47b4d27f2f114fae6d88fd9efaf9fb28f6e052 Mon Sep 17 00:00:00 2001
From: James Slagle <jslagle@redhat.com>
Date: Tue, 6 Oct 2015 08:56:13 -0400
Subject: Use service tenant for ceilometer

Configure ceilometer to use the service tenant instead of the admin
tenant.  Using the admin tenant is not required and a security risk.

This brings the ceilometer configuration in line with the
recommendations from the official installation guide:
http://docs.openstack.org/kilo/install-guide/install/yum/content/ceilometer-controller-install.html

Change-Id: Ia14695eb23a1ff551fd27f74b4cb864e80b100e3
Partial-Bug: #1358237
---
 puppet/hieradata/common.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'puppet/hieradata')

diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index b4b51abf..cc20dae0 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -3,9 +3,7 @@ ssh::server::storeconfigs_enabled: false
 
 # ceilometer settings used by compute and controller ceilo auth settings
 ceilometer::agent::auth::auth_region: 'regionOne'
-# FIXME: Might be better to use 'service' tenant here but this requires
-# changes in the tripleo-incubator keystone role setup
-ceilometer::agent::auth::auth_tenant_name: 'admin'
+ceilometer::agent::auth::auth_tenant_name: 'service'
 
 nova::api::admin_tenant_name: 'service'
 nova::network::neutron::neutron_admin_tenant_name: 'service'
-- 
cgit 1.2.3-korg