openstack/python-mistralclient
Code Issues Proposed changes

Clarify details about the target cacert parameter

Browse Source 
Change-Id: Ib913eb035c176026ef24a31f3f36926183285318
Closes-Bug: #1782076
This commit is contained in:
Andras Kovi
2018-07-23 10:11:08 +02:00
parent 2f14711aae
commit 9f197f3d77
2 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
doc/source/cli/cli_usage_without_auth.rst → doc/source/cli/cli_usage_targeting_workflows.rst
View File

@@ -1,12 +1,10 @@
Using Mistral without Authentication Using Mistral to execute Workflows on an arbitrary cloud
==================================== ========================================================
It is possible to execute a workflow on any arbitrary cloud without additional It is possible to execute a workflow on any arbitrary cloud without additional
configuration on the Mistral server side. If authentication is turned off in configuration on the Mistral server side. It is possible to have Mistral use
the Mistral server (Pecan's `auth_enable = False` option in `mistral.conf`), an external OpenStack cloud even when it isn't deployed in an OpenStack
there is no need to set the `keystone_authtoken` section. It is possible to environment (i.e. no Keystone integration).
have Mistral use an external OpenStack cloud even when it isn't deployed in
an OpenStack environment (i.e. no Keystone integration).
This setup is particularly useful when Mistral is used in standalone mode, This setup is particularly useful when Mistral is used in standalone mode,
where the Mistral service is not part of the OpenStack cloud and runs where the Mistral service is not part of the OpenStack cloud and runs
@@ -40,3 +38,13 @@ The OS-TARGET-* parameters can be set in environment variables as:
$ export OS_TARGET_TENANT_NAME=tenant $ export OS_TARGET_TENANT_NAME=tenant
$ export OS_TARGET_PASSWORD=secret $ export OS_TARGET_PASSWORD=secret
$ export OS_TARGET_REGION_NAME=region $ export OS_TARGET_REGION_NAME=region
Note on the --os-target_cacert parameter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The `--os-target_cacert` parameter can be used to set a CA certificate for
SSL communication with the target cloud's Keystone service. The CA certificate
file is **NOT** transferred to the Mistral server. It is the responsibility of
the user to ensure that the SSL Certificate is accessible for the Mistral
Executor and SSL communication is possible with the target cloud. For testing
purposes it is suggested to use the `--target_insecure` parameter.

2
doc/source/index.rst
View File

@@ -13,7 +13,7 @@ Using mistralclient
cli/cli_usage_with_openstack cli/cli_usage_with_openstack
cli/cli_usage_with_keycloak cli/cli_usage_with_keycloak
cli/cli_usage_without_auth cli/cli_usage_targeting_workflows
cli/cli_usage_source_execution cli/cli_usage_source_execution
class_reference class_reference