Editing Keystone Services

Edited the document for clarity: addressed punctuation points in the keystone services section, and also added edits to clarify the Identity Concepts section. Moved Content from the Keystone Services section to the Identity Concepts Section. Change-Id: I94d21ba16f89ea2ba12166bab3f6893091bccbbf Implements: blueprint installation-guide-improvements
2014-06-05 14:08:51 +10:00 · 2014-06-05 14:08:51 +10:00 · ca395c88ec
commit ca395c88ec
parent 726fa1da31
2 changed files with 55 additions and 52 deletions
--- a/doc/common/section_keystone-concepts.xml
+++ b/doc/common/section_keystone-concepts.xml
@ -16,8 +16,12 @@
                  endpoints.</para>
        </listitem>
    </itemizedlist>
+    <para>When installing OpenStack Identity service, you must register
+          each service in your OpenStack installation. Identity service
+          can then track which OpenStack services are installed, and
+          where they are located on the network.</para>
    <para>To understand OpenStack Identity, you must understand the
-        following concepts:</para>
+          following concepts:</para>
    <variablelist>
        <varlistentry>
            <term>User</term>
@ -35,10 +39,10 @@
        <varlistentry>
            <term>Credentials</term>
            <listitem>
-                <para>Data that confirms the user's identity. For example, user
-                    name and password; user name and API key; or an
-                    authentication token provided by the Identity
-                    Service.</para>
+                <para>Data that confirms the user's identity. For
+                    example: user name and password, user name and API
+                    key, or an authentication token provided by the
+                    Identity Service.</para>
            </listitem>
        </varlistentry>
        <varlistentry>
@ -49,7 +53,7 @@
                    by validating a set of credentials supplied by the
                    user.</para>
                <para>These credentials are initially a user name and
-                    password; or a user name and API key. When user
+                    password, or a user name and API key. When user
                    credentials are validated, OpenStack Identity issues an
                    authentication token which the user provides in subsequent
                    requests.</para>
@ -58,34 +62,34 @@
        <varlistentry>
            <term>Token</term>
            <listitem>
-                <para>An arbitrary bit of text that is used to access
-                    resources. Each token has information which defines
-                    access to resources. A token  may be revoked at any time
-                    and is valid for a finite duration.</para>
+                <para>An alpha-numeric string of text used to access
+                    OpenStack APIs and resources. A token  may be
+                    revoked at any time and is valid for a
+                    finite duration.</para>
                <para>While OpenStack Identity supports token-based
                    authentication in this release, the intention is
-                    to support additional protocols in the future. Its main
-                    purpose is to be an integration service, and not aspire to
-                    be a full-fledged identity store and management
-                    solution.</para>
+                    to support additional protocols in the future.
+                    Its main purpose is to be an integration service,
+                    and not aspire to be a full-fledged identity store
+                    and management solution.</para>
            </listitem>
        </varlistentry>
        <varlistentry>
            <term>Tenant</term>
            <listitem>
-                <para>A container used to group or isolate resources
-                    and/or identity objects. Depending on the service
-                    operator, a tenant may map to a customer, account,
-                    organization, or project.</para>
+                <para>A container used to group or isolate resources.
+                    Tenants also group or isolate identity objects.
+                    Depending on the service operator, a tenant may map
+                    to a customer, account, organization, or project.</para>
            </listitem>
        </varlistentry>
        <varlistentry>
            <term>Service</term>
            <listitem>
                <para>An OpenStack service, such as Compute (nova),
-                    Object Storage (swift), or Image Service (glance). It
-                    provides one or more endpoints through which users can
-                    access resources and perform operations.</para>
+                    Object Storage (swift), or Image Service (glance).
+                    It provides one or more endpoints in which
+                    users can access resources and perform operations.</para>
            </listitem>
        </varlistentry>
        <varlistentry>
@ -110,6 +114,17 @@
                    resources each role grants access.</para>
            </listitem>
        </varlistentry>
+        <varlistentry>
+            <term>Keystone Client</term>
+            <listitem>
+                <para>A command line interface for the OpenStack
+                    Identity API. For example, users can run the
+                    <command>keystone service-create</command> and
+                    <command>keystone endpoint-create</command> commands
+                    to register services in their OpenStack
+                    installations.</para>
+            </listitem>
+        </varlistentry>
    </variablelist>
    <para>The following diagram shows the OpenStack Identity process
        flow:</para>
@ -117,12 +132,12 @@
        <imageobject role="fo">
            <imagedata
                fileref="figures/SCH_5002_V00_NUAC-Keystone.png"
-                format="PNG" scale="40"/>
+                format="PNG" contentwidth="6in"/>
        </imageobject>
        <imageobject role="html">
            <imagedata
                fileref="figures/SCH_5002_V00_NUAC-Keystone.png"
-                format="PNG" scale="10"/>
+                format="PNG" contentwidth="6in"/>
        </imageobject>
    </mediaobject>
 </section>
--- a/doc/install-guide/section_keystone-services.xml
+++ b/doc/install-guide/section_keystone-services.xml
@ -2,25 +2,12 @@
  xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="keystone-services"
  version="5.0" os="rhel;centos;fedora;opensuse;sles;ubuntu">
  <title>Define services and API endpoints</title>
-  <para>So that the Identity Service can track which OpenStack services are
-    installed and where they are located on the network, you must register each
-    service in your OpenStack installation. To register a service, run these
-    commands:</para>
-  <itemizedlist>
-    <listitem>
-      <para><command>keystone service-create</command>. Describes the
-        service.</para>
-    </listitem>
-    <listitem>
-      <para><command>keystone endpoint-create</command>. Associates
-        <glossterm baseform="API endpoint">API endpoints</glossterm>
-        with the service.</para>
-    </listitem>
-  </itemizedlist>
-  <para>You must also register the Identity Service itself. Use the
-      <code>OS_SERVICE_TOKEN</code> environment variable, as set previously, for
-    authentication.</para>
  <procedure>
+    <step>
+      <para>Register the identity service itself using the
+      <code>OS_SERVICE_TOKEN</code> environment variable, as set
+      previously, for authentication.</para>
+    </step>
    <step>
      <para>Create a service entry for the Identity Service:</para>
      <screen><prompt>$</prompt> <userinput>keystone service-create --name=keystone --type=identity \
@ -33,15 +20,16 @@
 | name        | keystone                         |
 | type        | identity                         |
 +-------------+----------------------------------+</computeroutput></screen>
-      <para>The service ID is randomly generated and is different from the one
-        shown here.</para>
+      <para>The service ID is randomly generated and is different from
+        the one shown here.</para>
    </step>
    <step>
-      <para>Specify an API endpoint for the Identity Service by using the
-        returned service ID. When you specify an endpoint, you provide URLs for
-        the public API, internal API, and admin API. In this guide, the
-          <literal>controller</literal> host name is used. Note that the
-        Identity Service uses a different port for the admin API.</para>
+      <para>Specify an API endpoint for the Identity Service by using
+        the returned service ID. When you specify an endpoint, you
+        provide URLs for the public API, internal API, and admin API.
+        In this guide, the <literal>controller</literal> host name is
+        used. Note that the Identity Service uses a different port for
+        the admin API.</para>
      <screen><prompt>$</prompt> <userinput>keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
  --publicurl=http://<replaceable>controller</replaceable>:5000/v2.0 \
@ -61,10 +49,10 @@
  </procedure>
  <note>
    <para>
-      You will need to create an additional endpoint for each service added to
-      your OpenStack environment. The sections of this guide associated with
-      the installation of each service include the endpoint creation step
-      specific to the service.
+      You will need to create an additional endpoint for each service
+      added to your OpenStack environment. The sections of this guide
+      associated with the installation of each service include the
+      endpoint creation step specific to the service.
    </para>
  </note>
 </section>