From 18bb99971f1a793dc75b6b3cb393d5503be43575 Mon Sep 17 00:00:00 2001 From: Alistair Coles Date: Mon, 19 Sep 2016 16:06:18 +0100 Subject: [PATCH] Add more comment to authtoken sample options Prior to the Mitaka release the install guides showed services (including Swift) being in a default Keystone domain which existed by default and has id=default. This domain id is reflected in the proxy-server.conf-sample authtoken options and also shown in man page and auth docs. The Mitaka install guide shows a domain with *name* default being created, and having a random UUID assigned, in which services are created. This has caused confusion (see discussion on linked bug report). This patch does not change the sample options but does add to the comments in order to emphasize that a user may need to alter the options to match their Keystone configuration. Change-Id: I17bfcdbd983402eeb561bb704b8b1f1e27547c7d Partial-Bug: #1604674 --- doc/manpages/proxy-server.conf.5 | 8 ++++++++ doc/source/overview_auth.rst | 10 ++++++++-- etc/proxy-server.conf-sample | 6 ++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/doc/manpages/proxy-server.conf.5 b/doc/manpages/proxy-server.conf.5 index ff61457952..463306c3c0 100644 --- a/doc/manpages/proxy-server.conf.5 +++ b/doc/manpages/proxy-server.conf.5 @@ -286,6 +286,14 @@ You'll need to have as well the keystoneauth middleware enabled and have it in your main pipeline so instead of having tempauth in there you can change it to: authtoken keystoneauth +The auth credentials ("project_domain_name", "user_domain_name", "username", +"project_name", "password") must match the Keystone credentials for the Swift +service. The example values shown here assume a user named "swift" with admin +role on a project named "service", both being in the Keystone domain with id +"default". Refer to the KeystoneMiddleware documentation at +.BI http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration +for other examples. + .PD 0 .RS 10 .IP "paste.filter_factory = keystonemiddleware.auth_token:filter_factory" diff --git a/doc/source/overview_auth.rst b/doc/source/overview_auth.rst index 34e7f64cc7..e98526e7ad 100644 --- a/doc/source/overview_auth.rst +++ b/doc/source/overview_auth.rst @@ -131,7 +131,7 @@ Configuring Swift to use Keystone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configuring Swift to use Keystone_ -is relatively straight forward. The first +is relatively straightforward. The first step is to ensure that you have the ``auth_token`` middleware installed. It can either be dropped in your python path or installed via the KeystoneMiddleware_ package. @@ -181,7 +181,13 @@ your situation, but in short: * The auth credentials (``project_domain_id``, ``user_domain_id``, ``username``, ``project_name``, ``password``) will be used to retrieve an admin token. That token will be used to authorize user tokens behind the - scenes. + scenes. These credentials must match the Keystone credentials for the Swift + service. The example values shown here assume a user named 'swift' with admin + role on a project named 'service', both being in the Keystone domain with id + 'default'. Refer to the `KeystoneMiddleware documentation + `_ + for other examples. + * ``cache`` is set to ``swift.cache``. This means that the middleware will get the Swift memcache from the request environment. * ``include_service_catalog`` defaults to ``True`` if not set. This means diff --git a/etc/proxy-server.conf-sample b/etc/proxy-server.conf-sample index 3bcdc4b508..f781795c7e 100644 --- a/etc/proxy-server.conf-sample +++ b/etc/proxy-server.conf-sample @@ -327,6 +327,12 @@ user_test5_tester5 = testing5 service # auth_uri = http://keystonehost:5000 # auth_url = http://keystonehost:35357 # auth_plugin = password +# The following credentials must match the Keystone credentials for the Swift +# service and may need to be changed to match your Keystone configuration. The +# example values shown here assume a user named 'swift' with admin role on a +# project named 'service', both being in the Keystone domain with id 'default'. +# Refer to the keystonemiddleware documentation link above [1] for other +# examples. # project_domain_id = default # user_domain_id = default # project_name = service