openstack/openstack-manuals
Code Issues Proposed changes
a4b7225874
openstack-manuals/doc/install-guide/section_keystone-openrc.xml
Matthew Kassawara cd89eca969 Modify keystone content for Kilo 
Modify keystone content for Kilo as follows:

1) Replace default eventlet front-end with Apache front-end
   to provide a more production-style deployment.

   * Disable keystone service from starting up automatically
     because it creates port conflicts with Apache.
   * Use the Apache virtual host configuration template from
     the keystone source repository.
   * Use the WSGI components from the keystone source
     repository because the packages don't include them.
   * Will update source repository links after release.

2) Replace SQL back-end with Memcache back-end for tokens to
   provide a more production-style deployment.

   * Remove cron job that deletes expired tokens from the SQL
     database.

3) Enable version 3 API.

   * Change "tenant" to "project" to align with v3 API
     terminology.
   * Include tests to verify operation.

4) Replace python-keystoneclient with python-openstackclient.

   * Update openrc files to work with python-openstackclient.

5) Replace password entry on CLI with prompts.

6) Move service and endpoint creation section before user and
   project creation section to improve flow.

7) Add note about adding sections and options to default
   configuration files.

8) Disable temporary authentication token mechanism prior to
   service verification.

Many of these changes stem from keystone deprecations and
recommendations from the keystone PTL. Also, this patch only
addresses Ubuntu. For other distributions, please submit
additional patches rather than modifying this patch.

Implements: blueprint installguide-kilo
Change-Id: I9a2e53f14d6ed41df0085256c20904760a58ea25
2015-04-03 09:16:41 -05:00

73 lines
3.6 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:xlink="http://www.w3.org/1999/xlink"
version="5.0"
xml:id="keystone-client-environment-scripts">
<title>Create OpenStack client environment scripts</title>
<para>The previous section used a combination of environment variables and
command options to interact with the Identity service via the
<command>openstack</command> client. To increase efficiency of client
operations, OpenStack supports simple client environment scripts also
known as OpenRC files. These scripts typically contain common options for
all clients, but also support unique options. For more information, see the
<link xlink:href="http://docs.openstack.org/user-guide/content/cli_openrc.html">OpenStack User Guide</link>.</para>
<procedure>
<title>To create the scripts</title>
<para>Create client environment scripts for the <literal>admin</literal>
and <literal>demo</literal> projects and users. Future portions of this
guide reference these scripts to load appropriate credentials for client
operations.</para>
<step>
<para>Edit the <filename>admin-openrc.sh</filename> file and add the
following content:</para>
<programlisting language="bash">export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=<replaceable>ADMIN_PASS</replaceable>
export OS_AUTH_URL=http://<replaceable>controller</replaceable>:35357
export OS_IMAGE_API_VERSION=2</programlisting>
<para>Replace <literal>ADMIN_PASS</literal> with the password you chose
for the <literal>admin</literal> user in the Identity service.</para>
</step>
<step>
<para>Edit the <filename>demo-openrc.sh</filename> file and add the
following content:</para>
<programlisting language="bash">export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=<replaceable>DEMO_PASS</replaceable>
export OS_AUTH_URL=http://<replaceable>controller</replaceable>:5000
export OS_IMAGE_API_VERSION=2</programlisting>
<para>Replace <literal>DEMO_PASS</literal> with the password you chose
for the <literal>demo</literal> user in the Identity service.</para>
</step>
</procedure>
<procedure>
<title>To load client environment scripts</title>
<para>To run clients as a specific project and user, you can simply load
the associated client environment script prior to running them. For
example:</para>
<step>
<para>Load the <filename>admin-openrc.sh</filename> file to populate
environment variables with the location of the Identity service
and the <literal>admin</literal> project and user credentials:</para>
<screen><prompt>$</prompt> <userinput>source admin-openrc.sh</userinput></screen>
</step>
<step>
<para>Request an authentication token:</para>
<screen><prompt>$</prompt> <userinput>openstack token issue</userinput>
<computeroutput>+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2015-03-25T01:45:49.950092Z |
| id | cd4110152ac24bdeaa82e1443c910c36 |
| project_id | cf12a15c5ea84b019aec3dc45580896b |
| user_id | 4d411f2291f34941b30eef9bd797505a |
+------------+----------------------------------+</computeroutput></screen>
</step>
</procedure>
</section>
View Git Blame Copy Permalink