diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample index 2088a2ace7ef..d62e5d37174f 100644 --- a/etc/nova/nova.conf.sample +++ b/etc/nova/nova.conf.sample @@ -3355,3 +3355,36 @@ #keymap=en-us +[keystone_authtoken] + +# +# Options defined in keystoneclient's authtoken middleware +# + +# Host providing the admin Identity API endpoint +auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint +auth_port = 35357 + +# Protocol of the admin Identity API endpoint +auth_protocol = http + +# Keystone service account tenant name to validate user tokens +admin_tenant_name = %SERVICE_TENANT_NAME% + +# Keystone account username +admin_user = %SERVICE_USER% + +# Keystone account password +admin_password = %SERVICE_PASSWORD% + +# Directory used to cache files related to PKI tokens +# signing_dir is configurable, but the default behavior of the authtoken +# middleware should be sufficient. It will create a temporary directory +# in the home directory for the user the nova process is running as. +#signing_dir = /var/lib/nova/keystone-signing + +# API version of the admin Identity API endpoint +# Workaround for https://bugs.launchpad.net/nova/+bug/1154809 +auth_version = v2.0 diff --git a/tools/config/generate_sample.sh b/tools/config/generate_sample.sh index 807883e1f2ac..5787bc9d4fba 100755 --- a/tools/config/generate_sample.sh +++ b/tools/config/generate_sample.sh @@ -85,3 +85,8 @@ OS_VARS=$(set | sed -n '/^OS_/s/=[^=]*$//gp' | xargs) MODULEPATH=nova.openstack.common.config.generator OUTPUTFILE=$OUTPUTDIR/$PACKAGENAME.conf.sample python -m $MODULEPATH $FILES > $OUTPUTFILE + +# Hook to allow projects to specify custom config file snippets +for CONCAT_FILE in $BASEDIR/tools/config/*.conf.sample; do + cat $CONCAT_FILE >> $OUTPUTFILE +done diff --git a/tools/config/keystone_authtoken.conf.sample b/tools/config/keystone_authtoken.conf.sample new file mode 100644 index 000000000000..b8388647d5e9 --- /dev/null +++ b/tools/config/keystone_authtoken.conf.sample @@ -0,0 +1,33 @@ +[keystone_authtoken] + +# +# Options defined in keystoneclient's authtoken middleware +# + +# Host providing the admin Identity API endpoint +auth_host = 127.0.0.1 + +# Port of the admin Identity API endpoint +auth_port = 35357 + +# Protocol of the admin Identity API endpoint +auth_protocol = http + +# Keystone service account tenant name to validate user tokens +admin_tenant_name = %SERVICE_TENANT_NAME% + +# Keystone account username +admin_user = %SERVICE_USER% + +# Keystone account password +admin_password = %SERVICE_PASSWORD% + +# Directory used to cache files related to PKI tokens +# signing_dir is configurable, but the default behavior of the authtoken +# middleware should be sufficient. It will create a temporary directory +# in the home directory for the user the nova process is running as. +#signing_dir = /var/lib/nova/keystone-signing + +# API version of the admin Identity API endpoint +# Workaround for https://bugs.launchpad.net/nova/+bug/1154809 +auth_version = v2.0