From e3310a1b3dc3b0195ac18d71751b317d0f4ca32a Mon Sep 17 00:00:00 2001 From: zhiyuan_cai Date: Thu, 31 Aug 2017 14:59:08 +0800 Subject: [PATCH] Add explaination about keystone url option 1. What is the problem We lack detailed explaination about keystone url options auth_uri, auth_url and identity_url. These options can easily make users confused. 2. What is the solution for the problem Add some words to explain these options. 3. What features need to be implemented to the Tricircle to realize the solution N/A Change-Id: I1f3ddbbdc04287ad6f80ad98d36e3283bd8d101d --- doc/source/configuration/configuration.rst | 6 ++++-- doc/source/install/installation-manual.rst | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/doc/source/configuration/configuration.rst b/doc/source/configuration/configuration.rst index 3327fb22..0398878a 100644 --- a/doc/source/configuration/configuration.rst +++ b/doc/source/configuration/configuration.rst @@ -40,9 +40,11 @@ Central Plugin. * - ``admin_username`` = ``None`` - (String) username of admin account, needed when auto_refresh_endpoint set to True. * - ``auth_url`` = ``http://127.0.0.1/identity`` - - (String) keystone authorization url, for example, http://$service_host/identity + - (String) keystone authorization url, it's basically the internal or public endpoint of keystone, depends on how + the common.client module can reach keystone, for example, http://$service_host/identity * - ``identity_url`` = ``http://127.0.0.1/identity/v3`` - - (String) keystone service url, for example, http://$service_host/identity/v3 + - [Deprecated] (String) keystone service url, for example, http://$service_host/identity/v3 (this option is not + used in code since Pike release, you can simply ignore this option) * - ``auto_refresh_endpoint`` = ``True`` - (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint. * - ``bridge_cidr`` = ``100.0.0.0/9`` diff --git a/doc/source/install/installation-manual.rst b/doc/source/install/installation-manual.rst index f1e4b107..f37da3cd 100644 --- a/doc/source/install/installation-manual.rst +++ b/doc/source/install/installation-manual.rst @@ -91,6 +91,15 @@ Installation with Central Neutron Server Oslo library if you need further configuration of these modules. Change keystone_service_host to the address of Keystone service. +.. note:: It's worth explaining the following options that can easily make users confused. **keystone_authtoken.auth_url** + is the keystone endpoint url used by services to validate user tokens. **keystone_authtoken.auth_uri** will be put in + the "WWW-Authenticate: Keystone uri=%s" header in the 401 response to tell users where they can get authentication. + These two URLs can be the same, but sometimes people would like to use an internal URL for auth_url and a public URL + for auth_uri. **client.auth_url** is used by the common.client module to construct a client to get authentication and + access other services, it can be the either internal or public endpoint of keystone, depends on how the module can + reach keystone. **client.identity_url** is no longer used in code since Pike release so you can simply ignore it, we + will deprecate and remove this option later. + - 5 Create the Tricircle database(take mysql as an example):: mysql -uroot -p -e "create database tricircle character set utf8;"