Replace keystone auth_* options with identity_uri
Replaced [keystone_authtoken] auth_* options with identity_uri option. This patch supersedes #125847 and no longer conflicts with #120332. Change-Id: I81cd29b5bb0d75ced2f319aa1438774a3b133c0a Co-Authored-By: Matt Kassawara <mkassawara@gmail.com>
This commit is contained in:
parent
446e6766a2
commit
37009b0b66
@ -87,10 +87,8 @@ keystoneclient.middleware.auth_token:filter_factory</programlisting>
|
|||||||
auth_strategy=keystone
|
auth_strategy=keystone
|
||||||
|
|
||||||
[keystone_authtoken]
|
[keystone_authtoken]
|
||||||
auth_host = 127.0.0.1
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
auth_port = 35357
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_protocol = http
|
|
||||||
auth_uri = http://127.0.0.1:5000/
|
|
||||||
admin_user = admin
|
admin_user = admin
|
||||||
admin_password = SuperSekretPassword
|
admin_password = SuperSekretPassword
|
||||||
admin_tenant_name = service</programlisting>
|
admin_tenant_name = service</programlisting>
|
||||||
@ -99,6 +97,12 @@ admin_tenant_name = service</programlisting>
|
|||||||
must remove them to use values in the
|
must remove them to use values in the
|
||||||
<literal>[keystone_authtoken]</literal> section.</para>
|
<literal>[keystone_authtoken]</literal> section.</para>
|
||||||
</note>
|
</note>
|
||||||
|
<note>
|
||||||
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
|
<literal>auth_port</literal>, and
|
||||||
|
<literal>auth_protocol</literal> options because the
|
||||||
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
|
</note>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="monitoring">
|
<section xml:id="monitoring">
|
||||||
<title>Monitoring</title>
|
<title>Monitoring</title>
|
||||||
@ -198,10 +202,8 @@ keystoneclient.middleware.auth_token:filter_factory</programlisting>
|
|||||||
auth_strategy=keystone
|
auth_strategy=keystone
|
||||||
|
|
||||||
[keystone_authtoken]
|
[keystone_authtoken]
|
||||||
auth_host = 127.0.0.1
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
auth_port = 35357
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_protocol = http
|
|
||||||
auth_uri = http://127.0.0.1:5000/
|
|
||||||
admin_user = admin
|
admin_user = admin
|
||||||
admin_password = SuperSekretPassword
|
admin_password = SuperSekretPassword
|
||||||
admin_tenant_name = service</programlisting>
|
admin_tenant_name = service</programlisting>
|
||||||
@ -210,15 +212,19 @@ admin_tenant_name = service</programlisting>
|
|||||||
priority. You must remove them to use the values in the
|
priority. You must remove them to use the values in the
|
||||||
[keystone_authtoken] section.</para>
|
[keystone_authtoken] section.</para>
|
||||||
</note>
|
</note>
|
||||||
|
<note>
|
||||||
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
|
<literal>auth_port</literal>, and
|
||||||
|
<literal>auth_protocol</literal> options because the
|
||||||
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
|
</note>
|
||||||
<para>This sample paste config filter makes use of the
|
<para>This sample paste config filter makes use of the
|
||||||
<option>admin_user</option> and
|
<option>admin_user</option> and
|
||||||
<option>admin_password</option> options:</para>
|
<option>admin_password</option> options:</para>
|
||||||
<programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
|
<programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
|
||||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
||||||
service_port = 5000
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
service_host = 127.0.0.1
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_port = 35357
|
|
||||||
auth_host = 127.0.0.1
|
|
||||||
auth_token = 012345SECRET99TOKEN012345
|
auth_token = 012345SECRET99TOKEN012345
|
||||||
admin_user = admin
|
admin_user = admin
|
||||||
admin_password = keystone123</programlisting>
|
admin_password = keystone123</programlisting>
|
||||||
@ -227,6 +233,12 @@ admin_password = keystone123</programlisting>
|
|||||||
relationship. The admin user is granted access to the admin
|
relationship. The admin user is granted access to the admin
|
||||||
role on the admin tenant.</para>
|
role on the admin tenant.</para>
|
||||||
</note>
|
</note>
|
||||||
|
<note>
|
||||||
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
|
<literal>auth_port</literal>, and
|
||||||
|
<literal>auth_protocol</literal> options because the
|
||||||
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
|
</note>
|
||||||
</section>
|
</section>
|
||||||
<section xml:id="identity-service-api-protection-with-role-based-access-control">
|
<section xml:id="identity-service-api-protection-with-role-based-access-control">
|
||||||
<title>Identity API protection with role-based access control (RBAC)
|
<title>Identity API protection with role-based access control (RBAC)
|
||||||
|
@ -33,10 +33,8 @@
|
|||||||
like this:</para>
|
like this:</para>
|
||||||
<programlisting language="ini">[keystone_authtoken]
|
<programlisting language="ini">[keystone_authtoken]
|
||||||
signing_dir = /var/cache/glance/api
|
signing_dir = /var/cache/glance/api
|
||||||
auth_uri = http://127.0.0.1:5000/
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
auth_host = 127.0.0.1
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_port = 35357
|
|
||||||
auth_protocol = http
|
|
||||||
admin_tenant_name = service
|
admin_tenant_name = service
|
||||||
admin_user = glance</programlisting>
|
admin_user = glance</programlisting>
|
||||||
<para>If your service lacks this stanza, the <link
|
<para>If your service lacks this stanza, the <link
|
||||||
|
@ -209,15 +209,19 @@ auth_strategy = keystone
|
|||||||
[keystone_authtoken]
|
[keystone_authtoken]
|
||||||
...
|
...
|
||||||
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
auth_host = <replaceable>controller</replaceable>
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_port = 35357
|
|
||||||
auth_protocol = http
|
|
||||||
admin_tenant_name = service
|
admin_tenant_name = service
|
||||||
admin_user = ceilometer
|
admin_user = ceilometer
|
||||||
admin_password = <replaceable>CEILOMETER_PASS</replaceable></programlisting>
|
admin_password = <replaceable>CEILOMETER_PASS</replaceable></programlisting>
|
||||||
<para>Replace <replaceable>CEILOMETER_PASS</replaceable> with the
|
<para>Replace <replaceable>CEILOMETER_PASS</replaceable> with the
|
||||||
password you chose for the <literal>celiometer</literal>
|
password you chose for the <literal>celiometer</literal>
|
||||||
user in the Identity service.</para>
|
user in the Identity service.</para>
|
||||||
|
<note>
|
||||||
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
|
<literal>auth_port</literal>, and
|
||||||
|
<literal>auth_protocol</literal> options because the
|
||||||
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
|
</note>
|
||||||
</step>
|
</step>
|
||||||
<step>
|
<step>
|
||||||
<para>In the <literal>[service_credentials]</literal>
|
<para>In the <literal>[service_credentials]</literal>
|
||||||
|
@ -126,15 +126,19 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
|||||||
<programlisting language="ini">[keystone_authtoken]
|
<programlisting language="ini">[keystone_authtoken]
|
||||||
...
|
...
|
||||||
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
auth_host = <replaceable>controller</replaceable>
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_port = 35357
|
|
||||||
auth_protocol = http
|
|
||||||
admin_tenant_name = service
|
admin_tenant_name = service
|
||||||
admin_user = cinder
|
admin_user = cinder
|
||||||
admin_password = <replaceable>CINDER_PASS</replaceable></programlisting>
|
admin_password = <replaceable>CINDER_PASS</replaceable></programlisting>
|
||||||
<para>Replace <replaceable>CINDER_PASS</replaceable> with the
|
<para>Replace <replaceable>CINDER_PASS</replaceable> with the
|
||||||
password you chose for the <literal>cinder</literal> user in the
|
password you chose for the <literal>cinder</literal> user in the
|
||||||
Identity service.</para>
|
Identity service.</para>
|
||||||
|
<note>
|
||||||
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
|
<literal>auth_port</literal>, and
|
||||||
|
<literal>auth_protocol</literal> options because the
|
||||||
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
|
</note>
|
||||||
</step>
|
</step>
|
||||||
</substeps>
|
</substeps>
|
||||||
</step>
|
</step>
|
||||||
|
@ -13,16 +13,15 @@
|
|||||||
for each service to work.</para>
|
for each service to work.</para>
|
||||||
<para>Generally, this section looks like this:</para>
|
<para>Generally, this section looks like this:</para>
|
||||||
<programlisting language="ini">[keystone_authtoken]
|
<programlisting language="ini">[keystone_authtoken]
|
||||||
auth_host = 127.0.0.1
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
auth_port = 35357
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_protocol = http
|
|
||||||
admin_tenant_name = %SERVICE_TENANT_NAME%
|
admin_tenant_name = %SERVICE_TENANT_NAME%
|
||||||
admin_user = %SERVICE_USER%
|
admin_user = %SERVICE_USER%
|
||||||
admin_password = %SERVICE_PASSWORD%</programlisting>
|
admin_password = %SERVICE_PASSWORD%</programlisting>
|
||||||
<para>The debconf system helps users configure the
|
<para>The debconf system helps users configure the
|
||||||
<code>auth_host</code>, <code>admin_tenant_name</code>,
|
<code>auth_uri</code>, <code>identity_uri</code>,
|
||||||
<code>admin_user</code> and <code>admin_password</code>
|
<code>admin_tenant_name</code>, <code>admin_user</code> and
|
||||||
options.</para>
|
<code>admin_password</code> options.</para>
|
||||||
<para>The following screens show an example Image Service
|
<para>The following screens show an example Image Service
|
||||||
configuration:</para>
|
configuration:</para>
|
||||||
<informalfigure>
|
<informalfigure>
|
||||||
|
@ -157,8 +157,8 @@ flavor = keystone</programlisting>
|
|||||||
<note>
|
<note>
|
||||||
<para>Comment out any <literal>auth_host</literal>,
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
<literal>auth_port</literal>, and
|
<literal>auth_port</literal>, and
|
||||||
<literal>auth_protocol</literal> keys because the
|
<literal>auth_protocol</literal> options because the
|
||||||
<literal>identity_uri</literal> key replaces them.</para>
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
</note>
|
</note>
|
||||||
</step>
|
</step>
|
||||||
<step>
|
<step>
|
||||||
@ -204,8 +204,8 @@ flavor = keystone</programlisting>
|
|||||||
<note>
|
<note>
|
||||||
<para>Comment out any <literal>auth_host</literal>,
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
<literal>auth_port</literal>, and
|
<literal>auth_port</literal>, and
|
||||||
<literal>auth_protocol</literal> keys because the
|
<literal>auth_protocol</literal> options because the
|
||||||
<literal>identity_uri</literal> key replaces them.</para>
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
</note>
|
</note>
|
||||||
</step>
|
</step>
|
||||||
<step>
|
<step>
|
||||||
|
@ -109,9 +109,7 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
|
|||||||
<programlisting language="ini">[keystone_authtoken]
|
<programlisting language="ini">[keystone_authtoken]
|
||||||
...
|
...
|
||||||
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
|
||||||
auth_host = <replaceable>controller</replaceable>
|
identity_uri = http://<replaceable>controller</replaceable>:35357
|
||||||
auth_port = 35357
|
|
||||||
auth_protocol = http
|
|
||||||
admin_tenant_name = service
|
admin_tenant_name = service
|
||||||
admin_user = heat
|
admin_user = heat
|
||||||
admin_password = <replaceable>HEAT_PASS</replaceable>
|
admin_password = <replaceable>HEAT_PASS</replaceable>
|
||||||
@ -122,6 +120,12 @@ auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlistin
|
|||||||
<para>Replace <replaceable>HEAT_PASS</replaceable> with the
|
<para>Replace <replaceable>HEAT_PASS</replaceable> with the
|
||||||
password you chose for the <literal>heat</literal> user
|
password you chose for the <literal>heat</literal> user
|
||||||
in the Identity service.</para>
|
in the Identity service.</para>
|
||||||
|
<note>
|
||||||
|
<para>Comment out any <literal>auth_host</literal>,
|
||||||
|
<literal>auth_port</literal>, and
|
||||||
|
<literal>auth_protocol</literal> options because the
|
||||||
|
<literal>identity_uri</literal> option replaces them.</para>
|
||||||
|
</note>
|
||||||
</step>
|
</step>
|
||||||
<step>
|
<step>
|
||||||
<para>In the <literal>[DEFAULT]</literal> section, configure
|
<para>In the <literal>[DEFAULT]</literal> section, configure
|
||||||
|
Loading…
Reference in New Issue
Block a user