Provision RBAC on an existing Contrail setup

Below are the steps to provision RBAC in an existing setup

In /etc/contrail/contrail-api.conf

      “aaa_mode = rbac”

In /etc/neutron/api-paste.ini

      REPLACE

      “keystone = cors request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0”  
      
      WITH  

      “keystone = user_token cors request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0”

       AND ADD BELOW LINES,

       [filter:user_token]
       paste.filter_factory = neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory

In /etc/contrail/contrail-analytics-api.conf

       "aaa_mode = no-auth"

Restart services

       service contrail-api restart
       service neutron-server restart
       service supervisor-analytics restart
       service supervisor-webui restart

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provision RBAC on an existing Contrail setup

Below are the steps to provision RBAC in an existing setup

In /etc/contrail/contrail-api.conf

In /etc/neutron/api-paste.ini

In /etc/contrail/contrail-analytics-api.conf

Restart services

Clone this wiki locally