Add explaination about keystone url option

1. What is the problem We lack detailed explaination about keystone url options auth_uri, auth_url and identity_url. These options can easily make users confused. 2. What is the solution for the problem Add some words to explain these options. 3. What features need to be implemented to the Tricircle to realize the solution N/A Change-Id: I1f3ddbbdc04287ad6f80ad98d36e3283bd8d101d
2017-08-31 14:59:08 +08:00 · 2017-08-31 14:59:08 +08:00 · e3310a1b3d
parent f89ceffc62
commit e3310a1b3d
2 changed files with 13 additions and 2 deletions
--- a/doc/source/configuration/configuration.rst
+++ b/doc/source/configuration/configuration.rst
@ -40,9 +40,11 @@ Central Plugin.
   * - ``admin_username`` = ``None``
     - (String) username of admin account, needed when auto_refresh_endpoint set to True.
   * - ``auth_url`` = ``http://127.0.0.1/identity``
-     - (String) keystone authorization url, for example, http://$service_host/identity
+     - (String) keystone authorization url, it's basically the internal or public endpoint of keystone, depends on how
+       the common.client module can reach keystone, for example, http://$service_host/identity
   * - ``identity_url`` = ``http://127.0.0.1/identity/v3``
-     - (String) keystone service url, for example, http://$service_host/identity/v3
+     - [Deprecated] (String) keystone service url, for example, http://$service_host/identity/v3 (this option is not
+       used in code since Pike release, you can simply ignore this option)
   * - ``auto_refresh_endpoint`` = ``True``
     - (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint.
   * - ``bridge_cidr`` = ``100.0.0.0/9``
--- a/doc/source/install/installation-manual.rst
+++ b/doc/source/install/installation-manual.rst
@ -91,6 +91,15 @@ Installation with Central Neutron Server
   Oslo library if you need further configuration of these modules. Change
   keystone_service_host to the address of Keystone service.

+.. note:: It's worth explaining the following options that can easily make users confused. **keystone_authtoken.auth_url**
+   is the keystone endpoint url used by services to validate user tokens. **keystone_authtoken.auth_uri** will be put in
+   the "WWW-Authenticate: Keystone uri=%s" header in the 401 response to tell users where they can get authentication.
+   These two URLs can be the same, but sometimes people would like to use an internal URL for auth_url and a public URL
+   for auth_uri. **client.auth_url** is used by the common.client module to construct a client to get authentication and
+   access other services, it can be the either internal or public endpoint of keystone, depends on how the module can
+   reach keystone. **client.identity_url** is no longer used in code since Pike release so you can simply ignore it, we
+   will deprecate and remove this option later.
+
 - 5 Create the Tricircle database(take mysql as an example)::

    mysql -uroot -p -e "create database tricircle character set utf8;"