Replace keystone auth_* options with identity_uri

Replaced [keystone_authtoken] auth_* options with identity_uri
option. This patch supersedes #125847 and no longer conflicts
with #120332.

Change-Id: I81cd29b5bb0d75ced2f319aa1438774a3b133c0a
Co-Authored-By: Matt Kassawara <mkassawara@gmail.com>

doc/admin-guide-cloud/ch_identity_mgmt.xml

@@ -87,10 +87,8 @@ keystoneclient.middleware.auth_token:filter_factory</programlisting>
 auth_strategy=keystone
 
 [keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
-auth_uri = http://127.0.0.1:5000/
+auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
+identity_uri = http://<replaceable>controller</replaceable>:35357
 admin_user = admin
 admin_password = SuperSekretPassword
 admin_tenant_name = service</programlisting>
@@ -99,6 +97,12 @@ admin_tenant_name = service</programlisting>
         must remove them to use values in the
           <literal>[keystone_authtoken]</literal> section.</para>
     </note>
+    <note>
+      <para>Comment out any <literal>auth_host</literal>,
+        <literal>auth_port</literal>, and
+        <literal>auth_protocol</literal> options because the
+        <literal>identity_uri</literal> option replaces them.</para>
+    </note>
   </section>
   <section xml:id="monitoring">
     <title>Monitoring</title>
@@ -198,10 +202,8 @@ keystoneclient.middleware.auth_token:filter_factory</programlisting>
 auth_strategy=keystone
 
 [keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
-auth_uri = http://127.0.0.1:5000/
+auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
+identity_uri = http://<replaceable>controller</replaceable>:35357
 admin_user = admin
 admin_password = SuperSekretPassword
 admin_tenant_name = service</programlisting>
@@ -210,15 +212,19 @@ admin_tenant_name = service</programlisting>
         priority. You must remove them to use the values in the
         [keystone_authtoken] section.</para>
     </note>
+    <note>
+      <para>Comment out any <literal>auth_host</literal>,
+        <literal>auth_port</literal>, and
+        <literal>auth_protocol</literal> options because the
+        <literal>identity_uri</literal> option replaces them.</para>
+    </note>
     <para>This sample paste config filter makes use of the
         <option>admin_user</option> and
         <option>admin_password</option> options:</para>
     <programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
-service_port = 5000
-service_host = 127.0.0.1
-auth_port = 35357
-auth_host = 127.0.0.1
+auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
+identity_uri = http://<replaceable>controller</replaceable>:35357
 auth_token = 012345SECRET99TOKEN012345
 admin_user = admin
 admin_password = keystone123</programlisting>
@@ -227,6 +233,12 @@ admin_password = keystone123</programlisting>
         relationship. The admin user is granted access to the admin
         role on the admin tenant.</para>
     </note>
+    <note>
+      <para>Comment out any <literal>auth_host</literal>,
+        <literal>auth_port</literal>, and
+        <literal>auth_protocol</literal> options because the
+        <literal>identity_uri</literal> option replaces them.</para>
+    </note>
   </section>
    <section xml:id="identity-service-api-protection-with-role-based-access-control">
       <title>Identity API protection with role-based access control (RBAC)

doc/common/section_identity-troubleshooting.xml

@@ -33,10 +33,8 @@
             like this:</para>
         <programlisting language="ini">[keystone_authtoken]
 signing_dir = /var/cache/glance/api
-auth_uri = http://127.0.0.1:5000/
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
+auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
+identity_uri = http://<replaceable>controller</replaceable>:35357
 admin_tenant_name = service
 admin_user = glance</programlisting>
         <para>If your service lacks this stanza, the <link

doc/install-guide/section_ceilometer-controller.xml

@@ -209,15 +209,19 @@ auth_strategy = keystone
 [keystone_authtoken]
 ...
 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
-auth_host = <replaceable>controller</replaceable>
-auth_port = 35357
-auth_protocol = http
+identity_uri = http://<replaceable>controller</replaceable>:35357
 admin_tenant_name = service
 admin_user = ceilometer
 admin_password = <replaceable>CEILOMETER_PASS</replaceable></programlisting>
           <para>Replace <replaceable>CEILOMETER_PASS</replaceable> with the
             password you chose for the <literal>celiometer</literal>
             user in the Identity service.</para>
+          <note>
+            <para>Comment out any <literal>auth_host</literal>,
+              <literal>auth_port</literal>, and
+              <literal>auth_protocol</literal> options because the
+              <literal>identity_uri</literal> option replaces them.</para>
+          </note>
         </step>
         <step>
           <para>In the <literal>[service_credentials]</literal>

doc/install-guide/section_cinder-controller.xml

@@ -126,15 +126,19 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
           <programlisting language="ini">[keystone_authtoken]
 ...
 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
-auth_host = <replaceable>controller</replaceable>
-auth_port = 35357
-auth_protocol = http
+identity_uri = http://<replaceable>controller</replaceable>:35357
 admin_tenant_name = service
 admin_user = cinder
 admin_password = <replaceable>CINDER_PASS</replaceable></programlisting>
           <para>Replace <replaceable>CINDER_PASS</replaceable> with the
             password you chose for the <literal>cinder</literal> user in the
             Identity service.</para>
+          <note>
+            <para>Comment out any <literal>auth_host</literal>,
+              <literal>auth_port</literal>, and
+              <literal>auth_protocol</literal> options because the
+              <literal>identity_uri</literal> option replaces them.</para>
+          </note>
         </step>
       </substeps>
     </step>

doc/install-guide/section_debconf-keystone_authtoken.xml

@@ -13,16 +13,15 @@
     for each service to work.</para>
   <para>Generally, this section looks like this:</para>
   <programlisting language="ini">[keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
+auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
+identity_uri = http://<replaceable>controller</replaceable>:35357
 admin_tenant_name = %SERVICE_TENANT_NAME%
 admin_user = %SERVICE_USER%
 admin_password = %SERVICE_PASSWORD%</programlisting>
   <para>The debconf system helps users configure the
-      <code>auth_host</code>, <code>admin_tenant_name</code>,
-      <code>admin_user</code> and <code>admin_password</code>
-    options.</para>
+      <code>auth_uri</code>, <code>identity_uri</code>,
+      <code>admin_tenant_name</code>, <code>admin_user</code> and
+      <code>admin_password</code> options.</para>
   <para>The following screens show an example Image Service
     configuration:</para>
   <informalfigure>

doc/install-guide/section_glance-install.xml

@@ -157,8 +157,8 @@ flavor = keystone</programlisting>
           <note>
             <para>Comment out any <literal>auth_host</literal>,
               <literal>auth_port</literal>, and
-              <literal>auth_protocol</literal> keys because the
-              <literal>identity_uri</literal> key replaces them.</para>
+              <literal>auth_protocol</literal> options because the
+              <literal>identity_uri</literal> option replaces them.</para>
           </note>
         </step>
         <step>
@@ -204,8 +204,8 @@ flavor = keystone</programlisting>
           <note>
             <para>Comment out any <literal>auth_host</literal>,
               <literal>auth_port</literal>, and
-              <literal>auth_protocol</literal> keys because the
-              <literal>identity_uri</literal> key replaces them.</para>
+              <literal>auth_protocol</literal> options because the
+              <literal>identity_uri</literal> option replaces them.</para>
           </note>
         </step>
         <step>

doc/install-guide/section_heat-install.xml

@@ -109,9 +109,7 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
           <programlisting language="ini">[keystone_authtoken]
 ...
 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
-auth_host = <replaceable>controller</replaceable>
-auth_port = 35357
-auth_protocol = http
+identity_uri = http://<replaceable>controller</replaceable>:35357
 admin_tenant_name = service
 admin_user = heat
 admin_password = <replaceable>HEAT_PASS</replaceable>
@@ -122,6 +120,12 @@ auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlistin
           <para>Replace <replaceable>HEAT_PASS</replaceable> with the
             password you chose for the <literal>heat</literal> user
             in the Identity service.</para>
+          <note>
+            <para>Comment out any <literal>auth_host</literal>,
+              <literal>auth_port</literal>, and
+              <literal>auth_protocol</literal> options because the
+              <literal>identity_uri</literal> option replaces them.</para>
+          </note>
         </step>
         <step>
           <para>In the <literal>[DEFAULT]</literal> section, configure