diff --git a/doc/source/configuration/configuration.rst b/doc/source/configuration/configuration.rst index 3327fb22..0398878a 100644 --- a/doc/source/configuration/configuration.rst +++ b/doc/source/configuration/configuration.rst @@ -40,9 +40,11 @@ Central Plugin. * - ``admin_username`` = ``None`` - (String) username of admin account, needed when auto_refresh_endpoint set to True. * - ``auth_url`` = ``http://127.0.0.1/identity`` - - (String) keystone authorization url, for example, http://$service_host/identity + - (String) keystone authorization url, it's basically the internal or public endpoint of keystone, depends on how + the common.client module can reach keystone, for example, http://$service_host/identity * - ``identity_url`` = ``http://127.0.0.1/identity/v3`` - - (String) keystone service url, for example, http://$service_host/identity/v3 + - [Deprecated] (String) keystone service url, for example, http://$service_host/identity/v3 (this option is not + used in code since Pike release, you can simply ignore this option) * - ``auto_refresh_endpoint`` = ``True`` - (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint. * - ``bridge_cidr`` = ``100.0.0.0/9`` diff --git a/doc/source/install/installation-manual.rst b/doc/source/install/installation-manual.rst index f1e4b107..f37da3cd 100644 --- a/doc/source/install/installation-manual.rst +++ b/doc/source/install/installation-manual.rst @@ -91,6 +91,15 @@ Installation with Central Neutron Server Oslo library if you need further configuration of these modules. Change keystone_service_host to the address of Keystone service. +.. note:: It's worth explaining the following options that can easily make users confused. **keystone_authtoken.auth_url** + is the keystone endpoint url used by services to validate user tokens. **keystone_authtoken.auth_uri** will be put in + the "WWW-Authenticate: Keystone uri=%s" header in the 401 response to tell users where they can get authentication. + These two URLs can be the same, but sometimes people would like to use an internal URL for auth_url and a public URL + for auth_uri. **client.auth_url** is used by the common.client module to construct a client to get authentication and + access other services, it can be the either internal or public endpoint of keystone, depends on how the module can + reach keystone. **client.identity_url** is no longer used in code since Pike release so you can simply ignore it, we + will deprecate and remove this option later. + - 5 Create the Tricircle database(take mysql as an example):: mysql -uroot -p -e "create database tricircle character set utf8;"