Replace keystone auth_* options with identity_uri

Replaced [keystone_authtoken] auth_* options with identity_uri
option. This patch supersedes #125847 and no longer conflicts
with #120332.

Change-Id: I81cd29b5bb0d75ced2f319aa1438774a3b133c0a
Co-Authored-By: Matt Kassawara <mkassawara@gmail.com>
This commit is contained in:
Christian Berendt 2014-10-06 10:25:20 +02:00
parent 446e6766a2
commit 37009b0b66
7 changed files with 56 additions and 35 deletions

View File

@ -87,10 +87,8 @@ keystoneclient.middleware.auth_token:filter_factory</programlisting>
auth_strategy=keystone auth_strategy=keystone
[keystone_authtoken] [keystone_authtoken]
auth_host = 127.0.0.1 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
auth_port = 35357 identity_uri = http://<replaceable>controller</replaceable>:35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_user = admin admin_user = admin
admin_password = SuperSekretPassword admin_password = SuperSekretPassword
admin_tenant_name = service</programlisting> admin_tenant_name = service</programlisting>
@ -99,6 +97,12 @@ admin_tenant_name = service</programlisting>
must remove them to use values in the must remove them to use values in the
<literal>[keystone_authtoken]</literal> section.</para> <literal>[keystone_authtoken]</literal> section.</para>
</note> </note>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
<literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> option replaces them.</para>
</note>
</section> </section>
<section xml:id="monitoring"> <section xml:id="monitoring">
<title>Monitoring</title> <title>Monitoring</title>
@ -198,10 +202,8 @@ keystoneclient.middleware.auth_token:filter_factory</programlisting>
auth_strategy=keystone auth_strategy=keystone
[keystone_authtoken] [keystone_authtoken]
auth_host = 127.0.0.1 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
auth_port = 35357 identity_uri = http://<replaceable>controller</replaceable>:35357
auth_protocol = http
auth_uri = http://127.0.0.1:5000/
admin_user = admin admin_user = admin
admin_password = SuperSekretPassword admin_password = SuperSekretPassword
admin_tenant_name = service</programlisting> admin_tenant_name = service</programlisting>
@ -210,15 +212,19 @@ admin_tenant_name = service</programlisting>
priority. You must remove them to use the values in the priority. You must remove them to use the values in the
[keystone_authtoken] section.</para> [keystone_authtoken] section.</para>
</note> </note>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
<literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> option replaces them.</para>
</note>
<para>This sample paste config filter makes use of the <para>This sample paste config filter makes use of the
<option>admin_user</option> and <option>admin_user</option> and
<option>admin_password</option> options:</para> <option>admin_password</option> options:</para>
<programlisting language="ini"><?db-font-size 75%?>[filter:authtoken] <programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
service_port = 5000 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
service_host = 127.0.0.1 identity_uri = http://<replaceable>controller</replaceable>:35357
auth_port = 35357
auth_host = 127.0.0.1
auth_token = 012345SECRET99TOKEN012345 auth_token = 012345SECRET99TOKEN012345
admin_user = admin admin_user = admin
admin_password = keystone123</programlisting> admin_password = keystone123</programlisting>
@ -227,6 +233,12 @@ admin_password = keystone123</programlisting>
relationship. The admin user is granted access to the admin relationship. The admin user is granted access to the admin
role on the admin tenant.</para> role on the admin tenant.</para>
</note> </note>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
<literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> option replaces them.</para>
</note>
</section> </section>
<section xml:id="identity-service-api-protection-with-role-based-access-control"> <section xml:id="identity-service-api-protection-with-role-based-access-control">
<title>Identity API protection with role-based access control (RBAC) <title>Identity API protection with role-based access control (RBAC)

View File

@ -33,10 +33,8 @@
like this:</para> like this:</para>
<programlisting language="ini">[keystone_authtoken] <programlisting language="ini">[keystone_authtoken]
signing_dir = /var/cache/glance/api signing_dir = /var/cache/glance/api
auth_uri = http://127.0.0.1:5000/ auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
auth_host = 127.0.0.1 identity_uri = http://<replaceable>controller</replaceable>:35357
auth_port = 35357
auth_protocol = http
admin_tenant_name = service admin_tenant_name = service
admin_user = glance</programlisting> admin_user = glance</programlisting>
<para>If your service lacks this stanza, the <link <para>If your service lacks this stanza, the <link

View File

@ -209,15 +209,19 @@ auth_strategy = keystone
[keystone_authtoken] [keystone_authtoken]
... ...
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
auth_host = <replaceable>controller</replaceable> identity_uri = http://<replaceable>controller</replaceable>:35357
auth_port = 35357
auth_protocol = http
admin_tenant_name = service admin_tenant_name = service
admin_user = ceilometer admin_user = ceilometer
admin_password = <replaceable>CEILOMETER_PASS</replaceable></programlisting> admin_password = <replaceable>CEILOMETER_PASS</replaceable></programlisting>
<para>Replace <replaceable>CEILOMETER_PASS</replaceable> with the <para>Replace <replaceable>CEILOMETER_PASS</replaceable> with the
password you chose for the <literal>celiometer</literal> password you chose for the <literal>celiometer</literal>
user in the Identity service.</para> user in the Identity service.</para>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
<literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> option replaces them.</para>
</note>
</step> </step>
<step> <step>
<para>In the <literal>[service_credentials]</literal> <para>In the <literal>[service_credentials]</literal>

View File

@ -126,15 +126,19 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<programlisting language="ini">[keystone_authtoken] <programlisting language="ini">[keystone_authtoken]
... ...
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
auth_host = <replaceable>controller</replaceable> identity_uri = http://<replaceable>controller</replaceable>:35357
auth_port = 35357
auth_protocol = http
admin_tenant_name = service admin_tenant_name = service
admin_user = cinder admin_user = cinder
admin_password = <replaceable>CINDER_PASS</replaceable></programlisting> admin_password = <replaceable>CINDER_PASS</replaceable></programlisting>
<para>Replace <replaceable>CINDER_PASS</replaceable> with the <para>Replace <replaceable>CINDER_PASS</replaceable> with the
password you chose for the <literal>cinder</literal> user in the password you chose for the <literal>cinder</literal> user in the
Identity service.</para> Identity service.</para>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
<literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> option replaces them.</para>
</note>
</step> </step>
</substeps> </substeps>
</step> </step>

View File

@ -13,16 +13,15 @@
for each service to work.</para> for each service to work.</para>
<para>Generally, this section looks like this:</para> <para>Generally, this section looks like this:</para>
<programlisting language="ini">[keystone_authtoken] <programlisting language="ini">[keystone_authtoken]
auth_host = 127.0.0.1 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
auth_port = 35357 identity_uri = http://<replaceable>controller</replaceable>:35357
auth_protocol = http
admin_tenant_name = %SERVICE_TENANT_NAME% admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER% admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%</programlisting> admin_password = %SERVICE_PASSWORD%</programlisting>
<para>The debconf system helps users configure the <para>The debconf system helps users configure the
<code>auth_host</code>, <code>admin_tenant_name</code>, <code>auth_uri</code>, <code>identity_uri</code>,
<code>admin_user</code> and <code>admin_password</code> <code>admin_tenant_name</code>, <code>admin_user</code> and
options.</para> <code>admin_password</code> options.</para>
<para>The following screens show an example Image Service <para>The following screens show an example Image Service
configuration:</para> configuration:</para>
<informalfigure> <informalfigure>

View File

@ -157,8 +157,8 @@ flavor = keystone</programlisting>
<note> <note>
<para>Comment out any <literal>auth_host</literal>, <para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and <literal>auth_port</literal>, and
<literal>auth_protocol</literal> keys because the <literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> key replaces them.</para> <literal>identity_uri</literal> option replaces them.</para>
</note> </note>
</step> </step>
<step> <step>
@ -204,8 +204,8 @@ flavor = keystone</programlisting>
<note> <note>
<para>Comment out any <literal>auth_host</literal>, <para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and <literal>auth_port</literal>, and
<literal>auth_protocol</literal> keys because the <literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> key replaces them.</para> <literal>identity_uri</literal> option replaces them.</para>
</note> </note>
</step> </step>
<step> <step>

View File

@ -109,9 +109,7 @@ rabbit_password = <replaceable>RABBIT_PASS</replaceable></programlisting>
<programlisting language="ini">[keystone_authtoken] <programlisting language="ini">[keystone_authtoken]
... ...
auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0 auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0
auth_host = <replaceable>controller</replaceable> identity_uri = http://<replaceable>controller</replaceable>:35357
auth_port = 35357
auth_protocol = http
admin_tenant_name = service admin_tenant_name = service
admin_user = heat admin_user = heat
admin_password = <replaceable>HEAT_PASS</replaceable> admin_password = <replaceable>HEAT_PASS</replaceable>
@ -122,6 +120,12 @@ auth_uri = http://<replaceable>controller</replaceable>:5000/v2.0</programlistin
<para>Replace <replaceable>HEAT_PASS</replaceable> with the <para>Replace <replaceable>HEAT_PASS</replaceable> with the
password you chose for the <literal>heat</literal> user password you chose for the <literal>heat</literal> user
in the Identity service.</para> in the Identity service.</para>
<note>
<para>Comment out any <literal>auth_host</literal>,
<literal>auth_port</literal>, and
<literal>auth_protocol</literal> options because the
<literal>identity_uri</literal> option replaces them.</para>
</note>
</step> </step>
<step> <step>
<para>In the <literal>[DEFAULT]</literal> section, configure <para>In the <literal>[DEFAULT]</literal> section, configure