From 2425b93b49a89735426e46da3b1a15da7ff802d8 Mon Sep 17 00:00:00 2001 From: Stuart McLaren Date: Mon, 2 Dec 2013 16:11:10 +0000 Subject: [PATCH] Add documentation for some API parameters Add documentation for some parameters which can be present in glance-api.conf: * use_user_token * admin_user * admin_password * admin_tenant_name * auth_url * auth_region * auth_strategy Fix for bug 1256952. DocImpact Change-Id: Ia5b731cabaec961f3a4226d30abd3bca9bd87651 --- doc/source/configuring.rst | 53 ++++++++++++++++++++++++++++++++++++++ etc/glance-api.conf | 20 ++++++++++++++ 2 files changed, 73 insertions(+) diff --git a/doc/source/configuring.rst b/doc/source/configuring.rst index eed6b8de7f..f594cf9c79 100644 --- a/doc/source/configuring.rst +++ b/doc/source/configuring.rst @@ -202,6 +202,12 @@ certificates provided during an SSL handshake. This is ignored if Optional. Default: not enabled. +Configurating Registry Access +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +There are a number of configuration options in Glance that control how +the API server accesses the registry server. + * ``registry_client_protocol=PROTOCOL`` If you run a secure Registry server, you need to set this value to ``https`` @@ -249,6 +255,53 @@ Optional. Default: ``600``. The period of time, in seconds, that the API server will wait for a registry request to complete. A value of '0' implies no timeout. +* ``use_user_token=True`` + +Optional. Default: True + +Pass the user token through for API requests to the registry. + +If 'use_user_token' is not in effect then admin credentials can be +specified (see below). If admin credentials are specified then they are +used to generate a token; this token rather than the original user's +token is used for requests to the registry. + +* ``admin_user=USER`` +If 'use_user_token' is not in effect then admin credentials can be +specified. Use this parameter to specify the username. + +Optional. Default: None + +* ``admin_password=PASSWORD`` +If 'use_user_token' is not in effect then admin credentials can be +specified. Use this parameter to specify the password. + +Optional. Default: None + +* ``admin_tenant_name=TENANTNAME`` +If 'use_user_token' is not in effect then admin credentials can be +specified. Use this parameter to specify the tenant name. + +Optional. Default: None + +* ``auth_url=URL`` +If 'use_user_token' is not in effect then admin credentials can be +specified. Use this parameter to specify the Keystone endpoint. + +Optional. Default: None + +* ``auth_strategy=STRATEGY`` +If 'use_user_token' is not in effect then admin credentials can be +specified. Use this parameter to specify the auth strategy. + +Optional. Default: keystone + +* ``auth_region=REGION`` +If 'use_user_token' is not in effect then admin credentials can be +specified. Use this parameter to specify the region. + +Optional. Default: None + Configuring Logging in Glance ----------------------------- diff --git a/etc/glance-api.conf b/etc/glance-api.conf index 9df88dc342..282b6c4f4e 100644 --- a/etc/glance-api.conf +++ b/etc/glance-api.conf @@ -204,6 +204,26 @@ registry_client_protocol = http # Default: False #sqlalchemy_debug = True +# Pass the user's token through for API requests to the registry. +# Default: True +#use_user_token = True + +# If 'use_user_token' is not in effect then admin credentials +# can be specified. Requests to the registry on behalf of +# the API will use these credentials. +# Admin user name +#admin_user = None +# Admin password +#admin_password = None +# Admin tenant name +#admin_tenant_name = None +# Keystone endpoint +#auth_url = None +# Keystone region +#auth_region = None +# Auth strategy +#auth_strategy = keystone + # ============ Notification System Options ===================== # Notifications can be sent when images are create, updated or deleted.