diff --git a/doc/admin-guide-cloud/ch_identity_mgmt.xml b/doc/admin-guide-cloud/ch_identity_mgmt.xml
index a4a66754bf..f354fd795c 100644
--- a/doc/admin-guide-cloud/ch_identity_mgmt.xml
+++ b/doc/admin-guide-cloud/ch_identity_mgmt.xml
@@ -87,10 +87,8 @@ keystoneclient.middleware.auth_token:filter_factory
auth_strategy=keystone
[keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
-auth_uri = http://127.0.0.1:5000/
+auth_uri = http://controller:5000/v2.0
+identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
@@ -99,6 +97,12 @@ admin_tenant_name = service
must remove them to use values in the
[keystone_authtoken] section.
+
+ Comment out any auth_host,
+ auth_port, and
+ auth_protocol options because the
+ identity_uri option replaces them.
+
Monitoring
@@ -198,10 +202,8 @@ keystoneclient.middleware.auth_token:filter_factory
auth_strategy=keystone
[keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
-auth_uri = http://127.0.0.1:5000/
+auth_uri = http://controller:5000/v2.0
+identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
@@ -210,15 +212,19 @@ admin_tenant_name = service
priority. You must remove them to use the values in the
[keystone_authtoken] section.
+
+ Comment out any auth_host,
+ auth_port, and
+ auth_protocol options because the
+ identity_uri option replaces them.
+
This sample paste config filter makes use of the
and
options:
[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
-service_port = 5000
-service_host = 127.0.0.1
-auth_port = 35357
-auth_host = 127.0.0.1
+auth_uri = http://controller:5000/v2.0
+identity_uri = http://controller:35357
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123
@@ -227,6 +233,12 @@ admin_password = keystone123
relationship. The admin user is granted access to the admin
role on the admin tenant.
+
+ Comment out any auth_host,
+ auth_port, and
+ auth_protocol options because the
+ identity_uri option replaces them.
+
Identity API protection with role-based access control (RBAC)
diff --git a/doc/common/section_identity-troubleshooting.xml b/doc/common/section_identity-troubleshooting.xml
index faf6f90334..eb3e5e7cff 100644
--- a/doc/common/section_identity-troubleshooting.xml
+++ b/doc/common/section_identity-troubleshooting.xml
@@ -33,10 +33,8 @@
like this:</para>
<programlisting language="ini">[keystone_authtoken]
signing_dir = /var/cache/glance/api
-auth_uri = http://127.0.0.1:5000/
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
+auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
+identity_uri = http://<replaceable>controller</replaceable>:35357
admin_tenant_name = service
admin_user = glance</programlisting>
<para>If your service lacks this stanza, the <link
diff --git a/doc/install-guide/section_ceilometer-controller.xml b/doc/install-guide/section_ceilometer-controller.xml
index ee79693e20..d721647e22 100644
--- a/doc/install-guide/section_ceilometer-controller.xml
+++ b/doc/install-guide/section_ceilometer-controller.xml
@@ -209,15 +209,19 @@ auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
-auth_host = <replaceable>controller</replaceable>
-auth_port = 35357
-auth_protocol = http
+identity_uri = http://<replaceable>controller</replaceable>:35357
admin_tenant_name = service
admin_user = ceilometer
admin_password = <replaceable>CEILOMETER_PASS</replaceable></programlisting>
<para>Replace <replaceable>CEILOMETER_PASS</replaceable> with the
password you chose for the <literal>celiometer</literal>
user in the Identity service.</para>
+ <note>
+ <para>Comment out any <literal>auth_host</literal>,
+ <literal>auth_port</literal>, and
+ <literal>auth_protocol</literal> options because the
+ <literal>identity_uri</literal> option replaces them.</para>
+ </note>
</step>
<step>
<para>In the <literal>[service_credentials]</literal>
diff --git a/doc/install-guide/section_cinder-controller.xml b/doc/install-guide/section_cinder-controller.xml
index fe110d64ff..93ede31f3b 100644
--- a/doc/install-guide/section_cinder-controller.xml
+++ b/doc/install-guide/section_cinder-controller.xml
@@ -126,15 +126,19 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<programlisting language="ini">[keystone_authtoken]
...
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
-auth_host = <replaceable>controller</replaceable>
-auth_port = 35357
-auth_protocol = http
+identity_uri = http://<replaceable>controller</replaceable>:35357
admin_tenant_name = service
admin_user = cinder
admin_password = <replaceable>CINDER_PASS</replaceable></programlisting>
<para>Replace <replaceable>CINDER_PASS</replaceable> with the
password you chose for the <literal>cinder</literal> user in the
Identity service.</para>
+ <note>
+ <para>Comment out any <literal>auth_host</literal>,
+ <literal>auth_port</literal>, and
+ <literal>auth_protocol</literal> options because the
+ <literal>identity_uri</literal> option replaces them.</para>
+ </note>
</step>
</substeps>
</step>
diff --git a/doc/install-guide/section_debconf-keystone_authtoken.xml b/doc/install-guide/section_debconf-keystone_authtoken.xml
index 63df8c5126..68d07ca4d1 100644
--- a/doc/install-guide/section_debconf-keystone_authtoken.xml
+++ b/doc/install-guide/section_debconf-keystone_authtoken.xml
@@ -13,16 +13,15 @@
for each service to work.</para>
<para>Generally, this section looks like this:</para>
<programlisting language="ini">[keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
+auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
+identity_uri = http://<replaceable>controller</replaceable>:35357
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%</programlisting>
<para>The debconf system helps users configure the
- <code>auth_host</code>, <code>admin_tenant_name</code>,
- <code>admin_user</code> and <code>admin_password</code>
- options.</para>
+ <code>auth_uri</code>, <code>identity_uri</code>,
+ <code>admin_tenant_name</code>, <code>admin_user</code> and
+ <code>admin_password</code> options.</para>
<para>The following screens show an example Image Service
configuration:</para>
<informalfigure>
diff --git a/doc/install-guide/section_glance-install.xml b/doc/install-guide/section_glance-install.xml
index 18ffcfc37e..ebb6c97541 100644
--- a/doc/install-guide/section_glance-install.xml
+++ b/doc/install-guide/section_glance-install.xml
@@ -157,8 +157,8 @@ flavor = keystone</programlisting>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
- <literal>auth_protocol</literal> keys because the
- <literal>identity_uri</literal> key replaces them.</para>
+ <literal>auth_protocol</literal> options because the
+ <literal>identity_uri</literal> option replaces them.</para>
</note>
</step>
<step>
@@ -204,8 +204,8 @@ flavor = keystone</programlisting>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
- <literal>auth_protocol</literal> keys because the
- <literal>identity_uri</literal> key replaces them.</para>
+ <literal>auth_protocol</literal> options because the
+ <literal>identity_uri</literal> option replaces them.</para>
</note>
</step>
<step>
diff --git a/doc/install-guide/section_heat-install.xml b/doc/install-guide/section_heat-install.xml
index ba3e674350..b20bb39242 100644
--- a/doc/install-guide/section_heat-install.xml
+++ b/doc/install-guide/section_heat-install.xml
@@ -109,9 +109,7 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<programlisting language="ini">[keystone_authtoken]
...
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
-auth_host = <replaceable>controller</replaceable>
-auth_port = 35357
-auth_protocol = http
+identity_uri = http://<replaceable>controller</replaceable>:35357
admin_tenant_name = service
admin_user = heat
admin_password = <replaceable>HEAT_PASS</replaceable>
@@ -122,6 +120,12 @@ auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlistin
<para>Replace <replaceable>HEAT_PASS</replaceable> with the
password you chose for the <literal>heat</literal> user
in the Identity service.</para>
+ <note>
+ <para>Comment out any <literal>auth_host</literal>,
+ <literal>auth_port</literal>, and
+ <literal>auth_protocol</literal> options because the
+ <literal>identity_uri</literal> option replaces them.</para>
+ </note>
</step>
<step>
<para>In the <literal>[DEFAULT]</literal> section, configure