Add ResellerAdmin role to ceilometer user.
For the sake of swift metering, 'ceilometer' user needs to be a
ResellerAdmin for tenant 'service'.
Change-Id: I65b3bdedddded9d5f3bac5c5d714288800ffa8b6
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index f75d24a..35793d8 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -87,6 +87,11 @@
keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user_id $DEMO_USER --role_id $MEMBER_ROLE --tenant_id $INVIS_TENANT
+# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
+# The admin role in swift allows a user to act as an admin for their tenant,
+# but ResellerAdmin is needed for a user to act as any tenant. The name of this
+# role is also configurable in swift-proxy.conf
+RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
# Services
# --------
@@ -129,11 +134,7 @@
--internalurl "http://$SERVICE_HOST:\$(compute_port)s/v2/\$(tenant_id)s"
fi
# Nova needs ResellerAdmin role to download images when accessing
- # swift through the s3 api. The admin role in swift allows a user
- # to act as an admin for their tenant, but ResellerAdmin is needed
- # for a user to act as any tenant. The name of this role is also
- # configurable in swift-proxy.conf
- RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
+ # swift through the s3 api.
keystone user-role-add \
--tenant_id $SERVICE_TENANT \
--user_id $NOVA_USER \
@@ -255,6 +256,10 @@
keystone user-role-add --tenant_id $SERVICE_TENANT \
--user_id $CEILOMETER_USER \
--role_id $ADMIN_ROLE
+ # Ceilometer needs ResellerAdmin role to access swift account stats.
+ keystone user-role-add --tenant_id $SERVICE_TENANT \
+ --user_id $CEILOMETER_USER \
+ --role_id $RESELLER_ROLE
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
CEILOMETER_SERVICE=$(get_id keystone service-create \
--name=ceilometer \