From 857cb490a300453b578426de6655187670384ade Mon Sep 17 00:00:00 2001 From: Darren White Date: Fri, 2 Sep 2016 11:57:45 +0100 Subject: [PATCH] Image signature documentation modify barbican auth_endpoint Add a configuration section to the image signature documentation describing how to change the keystone endpoint of barbican if keystone is not on localhost. If auth_endpoint is incorrect then image signing will fail as barbican will not be able to connect to keystone. DocImpact Added an example of changing the auth_endpoint. Closes-Bug: 1620539 Change-Id: I8f8978f0c0dfc337e917c4d710dc8db1351070d2 --- doc/source/signature.rst | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/doc/source/signature.rst b/doc/source/signature.rst index ae1ad8b49c..50abaa1f69 100644 --- a/doc/source/signature.rst +++ b/doc/source/signature.rst @@ -35,6 +35,23 @@ Requirements ------------ Barbican key manager - See http://docs.openstack.org/developer/barbican/setup/devstack.html +Configuration +------------- +The etc/glance-api.conf can be modified to change keystone endpoint of +barbican. By default barbican will try to connect to keystone at +http://localhost:5000/v3 but if keystone is on another host then this +should be changed. + +In glance-api.conf find the following lines:: + + [barbican] + auth_endpoint = http://localhost:5000/v3 + +Then replace http://localhost:5000/v3 with the url of keystone, also adding /v3 +to the end of it. For example, 'https://192.168.245.9:5000/v3'. + +.. note:: If those lines do not exist then simply add them to the end of the file. + Using the Signature Verification --------------------------------