cinder2019#bug

OpenStack#bug2019888处理

对于 2023 年 5 月 10 日之后的所有 OpenStack 版本，需要将Nova 配置为向 Cinder 发送服务令牌，并让 Cinder 接收它。这是CVE-2023-2088修复程序所要求的。有关详细信息，请参阅 OSSA-2023-003 。

nova配置

vim /etc/nova/nova.conf
'''
[DEFAULT]
'''
service_token_roles = service
service_token_roles_required = true
[service_user]
send_service_user_token = True
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = nova
password = nova

cinder配置

vim /etc/cinder/cinder.conf
'''
[DEFAULT]
service_token_roles = service
service_token_roles_required = true
[service_user]
send_service_user_token = True
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = cinder
password = cinder

服务角色

创建service服务

openstack role create service

检查用户是否已分配角色

openstack role assignment list --user cinder --project service --names
openstack role assignment list --user nova --project service --names

将服务nova、cinder角色默认修改为service

openstack role add --user cinder --project service service
openstack role add --user nova --project service service

重启服务生效

nova

service nova-api restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
service nova-compute restart

cinder

service cinder-scheduler restart
service cinder-volume restart

posted @ 2024-05-10 14:25 A57 阅读(44) 评论(0) 收藏举报

刷新页面返回顶部

K8S+ceph离线部署

k8s集成ceph离线部署

cinder2019#bug

OpenStack#bug2019888处理

nova配置

cinder配置

服务角色

重启服务生效

nova

cinder

公告