Add auth_token settings to cinder.conf.sample.
Updates our example config file so that it includes configuration settings for the auth_token middleware. A step towards using cinder.conf instead of the api-paste.ini config file for authtoken configuration. Once https://review.openstack.org/#/c/52259/ lands I'll push another review which removes the settings from api-paste.ini (which takes priority). Related-Bug #1240753 Change-Id: I6636d33ee522757145ac97fc354324a8b9379700
This commit is contained in:
Dan Prince
@@ -1778,3 +1778,32 @@
|
|||||||
#volume_dd_blocksize=1M
|
#volume_dd_blocksize=1M
|
||||||
|
|
||||||
|
|
||||||
|
[keystone_authtoken]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options defined in keystoneclient's authtoken middleware
|
||||||
|
#
|
||||||
|
|
||||||
|
# Host providing the admin Identity API endpoint
|
||||||
|
auth_host = 127.0.0.1
|
||||||
|
|
||||||
|
# Port of the admin Identity API endpoint
|
||||||
|
auth_port = 35357
|
||||||
|
|
||||||
|
# Protocol of the admin Identity API endpoint
|
||||||
|
auth_protocol = http
|
||||||
|
|
||||||
|
# Keystone service account tenant name to validate user tokens
|
||||||
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||||
|
|
||||||
|
# Keystone account username
|
||||||
|
admin_user = %SERVICE_USER%
|
||||||
|
|
||||||
|
# Keystone account password
|
||||||
|
admin_password = %SERVICE_PASSWORD%
|
||||||
|
|
||||||
|
# Directory used to cache files related to PKI tokens
|
||||||
|
# signing_dir is configurable, but the default behavior of the authtoken
|
||||||
|
# middleware should be sufficient. It will create a temporary directory
|
||||||
|
# in the home directory for the user the cinder process is running as.
|
||||||
|
#signing_dir = /var/lib/cinder/keystone-signing
|
||||||
|
|||||||
@@ -49,3 +49,35 @@ PYTHONPATH=./:${PYTHONPATH} \
|
|||||||
|
|
||||||
# When we use openstack.common.config.generate we won't need this any more
|
# When we use openstack.common.config.generate we won't need this any more
|
||||||
sed -i 's/^#connection=sqlite.*/#connection=sqlite:\/\/\/\/cinder\/openstack\/common\/db\/$sqlite_db/' $OUTPUTFILE
|
sed -i 's/^#connection=sqlite.*/#connection=sqlite:\/\/\/\/cinder\/openstack\/common\/db\/$sqlite_db/' $OUTPUTFILE
|
||||||
|
|
||||||
|
cat >> $OUTPUTFILE <<-EOF_CAT
|
||||||
|
[keystone_authtoken]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options defined in keystoneclient's authtoken middleware
|
||||||
|
#
|
||||||
|
|
||||||
|
# Host providing the admin Identity API endpoint
|
||||||
|
auth_host = 127.0.0.1
|
||||||
|
|
||||||
|
# Port of the admin Identity API endpoint
|
||||||
|
auth_port = 35357
|
||||||
|
|
||||||
|
# Protocol of the admin Identity API endpoint
|
||||||
|
auth_protocol = http
|
||||||
|
|
||||||
|
# Keystone service account tenant name to validate user tokens
|
||||||
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||||
|
|
||||||
|
# Keystone account username
|
||||||
|
admin_user = %SERVICE_USER%
|
||||||
|
|
||||||
|
# Keystone account password
|
||||||
|
admin_password = %SERVICE_PASSWORD%
|
||||||
|
|
||||||
|
# Directory used to cache files related to PKI tokens
|
||||||
|
# signing_dir is configurable, but the default behavior of the authtoken
|
||||||
|
# middleware should be sufficient. It will create a temporary directory
|
||||||
|
# in the home directory for the user the cinder process is running as.
|
||||||
|
#signing_dir = /var/lib/cinder/keystone-signing
|
||||||
|
EOF_CAT
|
||||||
|
|||||||
Reference in New Issue
Block a user