As usual ssh-kepair for particular tenant is supposed to created sourcing tenant's
credentials and afterwards it works for particular tenant. By some reasons upgrade keystone api version to v3 breaks this schema in regards of REST API
POST requests issued for servers creation. I am not sure either following bellow
is workaround or it is supposed to work this way.
Assign admin role user admin on project demo via openstack client
[root@ip-192-169-142-127 ~(keystone_admin)]# openstack project list | \
grep demo > list2
[root@ip-192-169-142-127 ~(keystone_admin)]#openstack user list | \
grep admin >> list2
[root@ip-192-169-142-127 ~(keystone_admin)]# openstack role list | \
grep admin >> list2
[root@ip-192-169-142-127 ~(keystone_admin)]# cat list2
| 052b16e56537467d8161266b52a43b54 | demo |
| b6f2f511caa44f4e94ce5b2a5809dc50 | admin |
| f40413a0de92494680ed8b812f2bf266 | admin |
[root@ip-192-169-142-127 ~(keystone_admin)]# openstack role add --project \ 052b16e56537467d8161266b52a43b54 \
--user b6f2f511caa44f4e94ce5b2a5809dc50 \ f40413a0de92494680ed8b812f2bf266
*********************************************************************
Run to obtain token scoped "demo"
*********************************************************************
# . keystonerc_admin
# curl -i -H "Content-Type: application/json" -d \
' { "auth":
{ "identity":
{ "methods": ["password"], "password":
{ "user":
{ "name": "admin", "domain":
{ "id": "default" }, "password": "7049f834927e4468" }
}
},
"scope":
{ "project":
{ "name": "demo", "domain":
{ "id": "default" }
}
}
}
}' http://192.169.142.127:5000/v3/auth/tokens ; echo
Created ssh keypair "oskeydemoV3" sourcing keystonerc_admin
Admin Console shows
*********************************************************************************************
Submit "oskeydemoV3" as value for key_name into Chrome REST Client environment && issue POST request to create the server , "key_name" will
be accepted ( vs case when ssh-keypair was created by tenant demo )
*********************************************************************************************
Now log into dashboard as demo
Verify that created keypair "oskeydemoV3" allows log into server
Another aproach to hack original qcow2 image
credentials and afterwards it works for particular tenant. By some reasons upgrade keystone api version to v3 breaks this schema in regards of REST API
POST requests issued for servers creation. I am not sure either following bellow
is workaround or it is supposed to work this way.
Assign admin role user admin on project demo via openstack client
[root@ip-192-169-142-127 ~(keystone_admin)]# openstack project list | \
grep demo > list2
[root@ip-192-169-142-127 ~(keystone_admin)]#openstack user list | \
grep admin >> list2
[root@ip-192-169-142-127 ~(keystone_admin)]# openstack role list | \
grep admin >> list2
[root@ip-192-169-142-127 ~(keystone_admin)]# cat list2
| 052b16e56537467d8161266b52a43b54 | demo |
| b6f2f511caa44f4e94ce5b2a5809dc50 | admin |
| f40413a0de92494680ed8b812f2bf266 | admin |
[root@ip-192-169-142-127 ~(keystone_admin)]# openstack role add --project \ 052b16e56537467d8161266b52a43b54 \
--user b6f2f511caa44f4e94ce5b2a5809dc50 \ f40413a0de92494680ed8b812f2bf266
*********************************************************************
Run to obtain token scoped "demo"
*********************************************************************
# . keystonerc_admin
# curl -i -H "Content-Type: application/json" -d \
' { "auth":
{ "identity":
{ "methods": ["password"], "password":
{ "user":
{ "name": "admin", "domain":
{ "id": "default" }, "password": "7049f834927e4468" }
}
},
"scope":
{ "project":
{ "name": "demo", "domain":
{ "id": "default" }
}
}
}
}' http://192.169.142.127:5000/v3/auth/tokens ; echo
Created ssh keypair "oskeydemoV3" sourcing keystonerc_admin
Admin Console shows
*********************************************************************************************
Submit "oskeydemoV3" as value for key_name into Chrome REST Client environment && issue POST request to create the server , "key_name" will
be accepted ( vs case when ssh-keypair was created by tenant demo )
*********************************************************************************************
Now log into dashboard as demo
Verify that created keypair "oskeydemoV3" allows log into server
Another aproach to hack original qcow2 image
