Adds swift user to the Object Storage Service install steps

backport:havana Change-Id: I9f335751e9476fcd13ce2cd2e714a64045fdc897 Closes-bug: 1263649
2014-01-06 10:25:07 -06:00 · 2014-01-06 10:25:07 -06:00 · c65d643e9a
commit c65d643e9a
parent af8571d858
5 changed files with 120 additions and 119 deletions
--- a/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml
+++ b/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml
@ -67,8 +67,55 @@
        <step>
            <para>Create
                    <filename>/etc/swift/proxy-server.conf</filename>:</para>
-            <programlisting os="rhel;centos;fedora;ubuntu;debian" language="ini"><xi:include parse="text" href="../samples/proxy-server.conf.txt"/></programlisting>
-            <programlisting os="opensuse;sles" language="ini"><xi:include parse="text" href="../samples/proxy-server.conf.txt-openSUSE"/></programlisting>
+            <programlisting language="ini">[DEFAULT]
+bind_port = 8888
+<phrase os="rhel;centos;fedora;ubuntu;debian">user = swift</phrase>
+<phrase os="opensuse;sles">user = openstack-swift</phrase>
+
+[pipeline:main]
+pipeline = healthcheck cache authtoken keystoneauth proxy-server
+
+[app:proxy-server]
+use = egg:swift#proxy
+allow_account_management = true
+account_autocreate = true
+
+[filter:keystoneauth]
+use = egg:swift#keystoneauth
+operator_roles = Member,admin,swiftoperator
+
+[filter:authtoken]
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
+
+# Delaying the auth decision is required to support token-less
+# usage for anonymous referrers ('.r:*').
+delay_auth_decision = true
+
+# cache directory for signing certificate
+signing_dir = /home/swift/keystone-signing
+
+# auth_* settings refer to the Keystone server
+auth_protocol = http
+auth_host = <replaceable>controller</replaceable>
+auth_port = 35357
+
+# the same admin_token as provided in keystone.conf
+admin_token = ADMIN_TOKEN
+
+# the service tenant and swift userid and password created in Keystone
+admin_tenant_name = service
+admin_user = swift
+admin_password = SWIFT_PASS
+
+[filter:cache]
+use = egg:swift#memcache
+
+[filter:catch_errors]
+use = egg:swift#catch_errors
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+</programlisting>
            <note>
                <para>If you run multiple memcache servers, put the
                    multiple IP:port listings in the [filter:cache]
--- a/doc/install-guide/object-storage/section_object-storage-install.xml
+++ b/doc/install-guide/object-storage/section_object-storage-install.xml
@ -63,6 +63,57 @@
                <screen os="opensuse;sles"><prompt>#</prompt> <userinput>zypper install openstack-swift openstack-swift-proxy \
  openstack-swift-account openstack-swift-container \
  openstack-swift-object memcached</userinput></screen>
+            </step>
+            <step os="rhel;centos;fedora;opensuse;sles;ubuntu">
+                <para>Create a <literal>swift</literal> user that the Object
+                    Storage
+                    Service can use to authenticate with the Identity Service.
+                    Choose a password and specify an email address for the
+                    <literal>swift</literal> user. Use the
+                    <literal>service</literal> tenant and give the user the
+                    <literal>admin</literal> role.</para>
+                <screen><prompt>#</prompt> <userinput>keystone user-create --name=swift --pass=<replaceable>SWIFT_PASS</replaceable> \
+   --email=<replaceable>swift@example.com</replaceable></userinput>
+<prompt>#</prompt> <userinput>keystone user-role-add --user=swift --tenant=service --role=admin</userinput></screen>
+            </step>
+            <step>
+                <para>Create a service entry for the Object Storage Service:</para>
+                <screen><prompt>#</prompt> <userinput>keystone service-create --name=swift --type=object-store \
+  --description="Object Storage Service"</userinput>
+<computeroutput>+-------------+----------------------------------+
+|   Property  |              Value               |
+-------------+----------------------------------+
+| description |      Object Storage Service      |
+|             |                                  |
+|             |                                  |
+|      id     | eede9296683e4b5ebfa13f5166375ef6 |
+|     name    |              swift               |
+|     type    |           object-store           |
+-------------+----------------------------------+</computeroutput></screen>
+                <para>The service ID is randomly generated and is different from
+                    the one shown here.</para>
+            </step>
+            <step>
+                <para>Specify an API endpoint for the Object Storage Service by using
+                    the returned service ID. When you specify an endpoint, you
+                    provide URLs for the public API, internal API, and admin API.
+                    In this guide, the <literal>controller</literal> host name is
+                    used.</para>
+                <screen><prompt>#</prompt> <userinput>keystone endpoint-create \
+  --service-id=<replaceable>the_service_id_above</replaceable> \
+  --publicurl='http://<replaceable>controller</replaceable>:8080/v1/AUTH_%(tenant_id)s' \
+  --internalurl='http://<replaceable>controller</replaceable>:8080/v1/AUTH_%(tenant_id)s' \
+  --adminurl=http://<replaceable>controller</replaceable>:8080</userinput>
+<computeroutput>+-------------+---------------------------------------------------+
+|   Property  |                       Value                       |
+-------------+---------------------------------------------------+
+|   adminurl  |            http://controller:8080/                |
+|      id     |          9e3ce428f82b40d38922f242c095982e         |
+| internalurl | http://controller:8080/v1/AUTH_%(tenant_id)s      |
+|  publicurl  | http://controller:8080/v1/AUTH_%(tenant_id)s      |
+|    region   |                     regionOne                     |
+|  service_id |          eede9296683e4b5ebfa13f5166375ef6         |
+-------------+---------------------------------------------------+</computeroutput></screen>
            </step>
            <step>
                <para>Create and populate configuration directories on
--- a/doc/install-guide/samples/proxy-server.conf.txt
+++ b/doc/install-guide/samples/proxy-server.conf.txt
@ -1,47 +0,0 @@
-[DEFAULT]
-bind_port = 8888
-user = swift
-
-[pipeline:main]
-pipeline = healthcheck cache authtoken keystoneauth proxy-server
-
-[app:proxy-server]
-use = egg:swift#proxy
-allow_account_management = true
-account_autocreate = true
-
-[filter:keystoneauth]
-use = egg:swift#keystoneauth
-operator_roles = Member,admin,swiftoperator
-
-[filter:authtoken]
-paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
-
-# Delaying the auth decision is required to support token-less
-# usage for anonymous referrers ('.r:*').
-delay_auth_decision = true
-
-# cache directory for signing certificate
-signing_dir = /home/swift/keystone-signing
-
-# auth_* settings refer to the Keystone server
-auth_protocol = http
-auth_host = 192.168.56.3
-auth_port = 35357
-
-# the same admin_token as provided in keystone.conf
-admin_token = 012345SECRET99TOKEN012345
-
-# the service tenant and swift userid and password created in Keystone
-admin_tenant_name = service
-admin_user = swift
-admin_password = swift
-
-[filter:cache]
-use = egg:swift#memcache
-
-[filter:catch_errors]
-use = egg:swift#catch_errors
-
-[filter:healthcheck]
-use = egg:swift#healthcheck
--- a/doc/install-guide/samples/proxy-server.conf.txt-openSUSE
+++ b/doc/install-guide/samples/proxy-server.conf.txt-openSUSE
@ -1,47 +0,0 @@
-[DEFAULT]
-bind_port = 8888
-user = openstack-swift
-
-[pipeline:main]
-pipeline = healthcheck cache authtoken keystoneauth proxy-server
-
-[app:proxy-server]
-use = egg:swift#proxy
-allow_account_management = true
-account_autocreate = true
-
-[filter:keystoneauth]
-use = egg:swift#keystoneauth
-operator_roles = Member,admin,swiftoperator
-
-[filter:authtoken]
-paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
-
-# Delaying the auth decision is required to support token-less
-# usage for anonymous referrers ('.r:*').
-delay_auth_decision = true
-
-# cache directory for signing certificate
-signing_dir = /home/swift/keystone-signing
-
-# auth_* settings refer to the Keystone server
-auth_protocol = http
-auth_host = 192.168.56.3
-auth_port = 35357
-
-# the same admin_token as provided in keystone.conf
-admin_token = 012345SECRET99TOKEN012345
-
-# the service tenant and swift userid and password created in Keystone
-admin_tenant_name = service
-admin_user = swift
-admin_password = swift
-
-[filter:cache]
-use = egg:swift#memcache
-
-[filter:catch_errors]
-use = egg:swift#catch_errors
-
-[filter:healthcheck]
-use = egg:swift#healthcheck
--- a/doc/install-guide/section_keystone-services.xml
+++ b/doc/install-guide/section_keystone-services.xml
@ -1,25 +1,24 @@
 <section xmlns="http://docbook.org/ns/docbook"
-  xmlns:xlink="http://www.w3.org/1999/xlink"
-  xml:id="keystone-services"
-  os="rhel;centos;fedora;opensuse;sles;ubuntu">
+  xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="keystone-services"
+  version="5.0" os="rhel;centos;fedora;opensuse;sles;ubuntu">
  <title>Define services and API endpoints</title>
-  <para>The Identity Service also tracks what OpenStack services are installed
-    and where to locate them on the network. Run these commands for each
-    service in your OpenStack installation:</para>
+  <para>So that the Identity Service can track which OpenStack services are
+    installed and where they are located on the network, you must register each
+    service in your OpenStack installation. To register a service, run these
+    commands:</para>
  <itemizedlist>
    <listitem>
      <para><command>keystone service-create</command>. Describes the
        service.</para>
    </listitem>
    <listitem>
-      <para><command>keystone endpoint-create</command>. Associates
-        API endpoints with the service.</para>
+      <para><command>keystone endpoint-create</command>. Associates API
+        endpoints with the service.</para>
    </listitem>
  </itemizedlist>
-  <para>For now, create a service for the Identity Service itself that
-    uses normal authentication instead of the authorization token when
-    you run the <command>keystone</command> command in the
-    future.</para>
+  <para>You must also register the Identity Service itself. Use the
+      <code>OS_SERVICE_TOKEN</code> environment variable, as set previously, for
+    authentication.</para>
  <procedure>
    <step>
      <para>Create a service entry for the Identity Service:</para>
@ -33,16 +32,15 @@
 | name        | keystone                         |
 | type        | identity                         |
 +-------------+----------------------------------+</computeroutput></screen>
-      <para>The service ID is randomly generated and is different from
-        the one shown here.</para>
+      <para>The service ID is randomly generated and is different from the one
+        shown here.</para>
    </step>
    <step>
-      <para>Specify an API endpoint for the Identity Service by using
-        the returned service ID. When you specify an endpoint, you
-        provide URLs for the public API, internal API, and admin API.
-        In this guide, the <literal>controller</literal> host name is
-        used. Note that the Identity Service uses a different port for
-        the admin API.</para>
+      <para>Specify an API endpoint for the Identity Service by using the
+        returned service ID. When you specify an endpoint, you provide URLs for
+        the public API, internal API, and admin API. In this guide, the
+          <literal>controller</literal> host name is used. Note that the
+        Identity Service uses a different port for the admin API.</para>
      <screen><prompt>#</prompt> <userinput>keystone endpoint-create \
  --service-id=<replaceable>the_service_id_above</replaceable> \
  --publicurl=http://<replaceable>controller</replaceable>:5000/v2.0 \
@ -60,9 +58,8 @@
 +-------------+-----------------------------------+</computeroutput></screen>
    </step>
    <step>
-      <para>As you add other services to your OpenStack installation,
-        call these commands to register the services with the Identity
-        Service.</para>
+      <para>As you add other services to your OpenStack installation, call these
+        commands to register the services with the Identity Service.</para>
    </step>
  </procedure>
 </section>