Edit Identity Service chapter of Cloud Admin Guide

Moves authentication middleware info from the logging subsection to the authentication middleware section
Adds info on domains to the concepts section
Updates grammar and style in the affected sections

Change-Id: I96858e4b5ebadbcce8872b08992a00a9d638d1a4
author: nermina miller
backport: havana
Closes-Bug: #1239359

doc/admin-guide-cloud/ch_identity_mgmt.xml

@@ -5,17 +5,16 @@
   xml:id="ch-identity-mgmt-config">
   <?dbhtml stop-chunking?>
   <title>Identity Management</title>
-  <para>The default identity management system for OpenStack is the
-    OpenStack Identity Service, code-named Keystone. Once Identity is
-    installed, it is configured via a primary configuration file
-      (<filename>etc/keystone.conf</filename>), possibly a separate
-    logging configuration file, and initializing data into keystone
-    using the command line client.</para>
+  <para>The default identity management system for OpenStack is the OpenStack Identity Service,
+    code-named Keystone. Once Identity is installed, it is configured via a primary configuration
+    file (<filename>etc/keystone.conf</filename>), possibly a separate logging configuration file,
+    and initializing data into Keystone using the command line client.</para>
   <section xml:id="keystone-admin-concepts">
   <title>Identity Service Concepts</title>
   <xi:include href="../common/section_keystone-concepts-user-management.xml"/>
   <xi:include href="../common/section_keystone-concepts-service-management.xml"/>
   <xi:include href="../common/section_keystone-concepts-group-management.xml"/>
+  <xi:include href="../common/section_keystone-concepts-domain-management.xml"/>
   </section>
   <section xml:id="user-crud">
     <title>User CRUD</title>
@@ -57,34 +56,6 @@ pipeline = stats_monitoring url_normalize token_auth admin_token_auth xml_body j
     <para>Review the <filename>etc/keystone.conf</filename> sample
       configuration files distributed with keystone for example
       configuration files for each server application.</para>
-    <para>For services which have separate paste-deploy ini file, you
-      can configure auth_token middleware in [keystone_authtoken]
-      section in the main config file, such as
-        <filename>nova.conf</filename>. For example in Compute, you
-      can remove the middleware parameters from
-        <filename>api-paste.ini</filename>, as follows:</para>
-    <programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
-paste.filter_factory =
-keystoneclient.middleware.auth_token:filter_factory</programlisting>
-    <para>And set the following values in
-        <filename>nova.conf</filename>, as follows:</para>
-    <programlisting language="ini"><?db-font-size 75%?>[DEFAULT]
-...
-auth_strategy=keystone
-
-[keystone_authtoken]
-auth_host = 127.0.0.1
-auth_port = 35357
-auth_protocol = http
-auth_uri = http://127.0.0.1:5000/
-admin_user = admin
-admin_password = SuperSekretPassword
-admin_tenant_name = service</programlisting>
-    <note>
-      <para>Middleware parameters in paste config take priority. You
-        must remove them to use values in [keystone_authtoken]
-        section.</para>
-    </note>
   </section>
   <section xml:id="monitoring">
     <title>Monitoring</title>
@@ -158,17 +129,37 @@ keystone --username=admin --password=secrete --tenant_name=admin user-list
 keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo</programlisting>
   </section>
   <section xml:id="auth-token-middleware-with-username-and-password">
-    <title>Auth-Token middleware with user name and password</title>
-    <para>It is also possible to configure the Identity Service
-      Auth-Token middleware using the <option>admin_user</option> and
-        <option>admin_password</option> options. When using the
-        <option>admin_user</option> and
-        <option>admin_password</option> options the
-        <option>admin_token</option> parameter is optional. If
-        <option>admin_token</option> is specified it is used only if
-      the specified token is still valid.</para>
-    <para>Here is an example paste config filter that makes use of the
-        <option>admin_user</option> and
+    <title>Authentication middleware with user name and password</title>
+    <para>You can also configure the Identity Service authentication middleware using the
+        <option>admin_user</option> and <option>admin_password</option> options. When using the
+        <option>admin_user</option> and <option>admin_password</option> options the
+        <option>admin_token</option> parameter is optional. If <option>admin_token</option> is
+      specified, it is used only if the specified token is still valid.</para>
+    <para>For services that have a separate paste-deploy ini file, you can configure the
+      authentication middleware in the [keystone_authtoken] section of the main config file, such as
+        <filename>nova.conf</filename>. In Compute, for example, you can remove the middleware
+      parameters from <filename>api-paste.ini</filename> as follows:</para>
+    <programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
+paste.filter_factory =
+keystoneclient.middleware.auth_token:filter_factory</programlisting>
+    <para>And set the following values in <filename>nova.conf</filename> as follows:</para>
+    <programlisting language="ini"><?db-font-size 75%?>[DEFAULT]
+...
+auth_strategy=keystone
+
+[keystone_authtoken]
+auth_host = 127.0.0.1
+auth_port = 35357
+auth_protocol = http
+auth_uri = http://127.0.0.1:5000/
+admin_user = admin
+admin_password = SuperSekretPassword
+admin_tenant_name = service</programlisting>
+    <note>
+      <para>The middleware parameters in the paste config take priority. You must remove them to use
+        the values in the [keystone_authtoken] section.</para>
+    </note>
+    <para>Here is a sample paste config filter that makes use of the <option>admin_user</option> and
         <option>admin_password</option> parameters:</para>
     <programlisting language="ini"><?db-font-size 75%?>[filter:authtoken]
 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
@@ -179,9 +170,8 @@ auth_host = 127.0.0.1
 auth_token = 012345SECRET99TOKEN012345
 admin_user = admin
 admin_password = keystone123</programlisting>
-    <para>It should be noted that when using this option an admin
-      tenant/role relationship is required. The admin user is granted
-      access to the Admin role on the admin tenant.</para>
+    <para>Note that using this option requires an admin tenant/role relationship. The admin user is
+      granted access to the admin role on the admin tenant.</para>
   </section>
   <?hard-pagebreak?>
   <xi:include href="../common/section_identity-troubleshooting.xml"/>

doc/common/section_keystone-concepts-domain-management.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<section xmlns="http://docbook.org/ns/docbook"
+    xmlns:xi="http://www.w3.org/2001/XInclude"
+    xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
+    xml:id="identity-domains">
+        <title>Domains</title>
+    <para>A domain defines administrative boundaries for the management of Keystone entities. A
+        domain may represent an individual, company, or operator-owned space. It is used for
+        exposing administrative activities directly to the system users.</para>
+        <para>A domain is a collection of tenants, users, and roles. Users may be given a domain's
+        administrator role. A domain administrator may create tenants, users, and groups within a
+        domain and assign roles to users and groups.</para>
+</section>

doc/common/section_keystone-concepts-user-management.xml

@@ -4,7 +4,8 @@
     xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
     xml:id="keystone-user-management">
         <title>User management</title>
-        <para>The main components of Identity user management are: <itemizedlist>
+        <para>The main components of Identity user management are:
+            <itemizedlist>
                 <listitem>
                     <para>Users</para>
                 </listitem>
@@ -14,11 +15,10 @@
                 <listitem>
                     <para>Roles</para>
                 </listitem>
-            </itemizedlist></para>
-        <para>A <emphasis>user</emphasis> represents a human user, and
-            has associated information such as user name, password,
-            and email. This example creates a user named
-            "alice":</para>
+            </itemizedlist>
+        </para>
+        <para>A <emphasis>user</emphasis> represents a human user and has associated information
+        such as user name, password, and email. This example creates a user named "alice":</para>
         <screen><prompt>$</prompt> <userinput>keystone user-create --name=alice \
         --pass=mypassword123 --email=alice@example.com</userinput></screen>
         <para>A <emphasis>tenant</emphasis> can be a project, group,