Use service role with glance service glance just used to admin role for token validation, the service role is sufficient for this. glance also needs an user with enough permission to use swift, so creating a dedictated service user for swift usage when s-proxy is enabled. Change-Id: I6df3905e5db35ea3421468ca1ee6d8de3271f8d1

commit: 85a85f87f814446dd2364eea1b6d976d50500203 [log] [tgz]
author: Attila Fazekas <afazekas@redhat.com> Tue Jan 21 11:13:55 2014 +0100
committer: Attila Fazekas <afazekas@redhat.com> Sun Feb 02 10:30:15 2014 +0100
tree: 0f49d5f948e1f974e2738c2799c27b046a2c1784
parent: 78ab80e5589a7df21a03f06f38c4bae3e79bf756 [diff] [blame]
diff --git a/lib/glance b/lib/glance
index 2d41ea4..00f499a 100644
--- a/lib/glance
+++ b/lib/glance

@@ -124,7 +124,7 @@
     if is_service_enabled s-proxy; then
         iniset $GLANCE_API_CONF DEFAULT default_store swift
         iniset $GLANCE_API_CONF DEFAULT swift_store_auth_address $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/
-        iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance
+        iniset $GLANCE_API_CONF DEFAULT swift_store_user $SERVICE_TENANT_NAME:glance-swift
         iniset $GLANCE_API_CONF DEFAULT swift_store_key $SERVICE_PASSWORD
         iniset $GLANCE_API_CONF DEFAULT swift_store_create_container_on_put True
commit	85a85f87f814446dd2364eea1b6d976d50500203	[log] [tgz]
author	Attila Fazekas <afazekas@redhat.com>	Tue Jan 21 11:13:55 2014 +0100
committer	Attila Fazekas <afazekas@redhat.com>	Sun Feb 02 10:30:15 2014 +0100
tree	0f49d5f948e1f974e2738c2799c27b046a2c1784
parent	78ab80e5589a7df21a03f06f38c4bae3e79bf756 [diff] [blame]