Add explaination about keystone url option

1. What is the problem
We lack detailed explaination about keystone url options auth_uri,
auth_url and identity_url. These options can easily make users confused.

2. What is the solution for the problem
Add some words to explain these options.

3. What features need to be implemented to the Tricircle to
realize the solution
N/A

Change-Id: I1f3ddbbdc04287ad6f80ad98d36e3283bd8d101d
This commit is contained in:
zhiyuan_cai 2017-08-31 14:59:08 +08:00
parent f89ceffc62
commit e3310a1b3d
2 changed files with 13 additions and 2 deletions

View File

@ -40,9 +40,11 @@ Central Plugin.
* - ``admin_username`` = ``None`` * - ``admin_username`` = ``None``
- (String) username of admin account, needed when auto_refresh_endpoint set to True. - (String) username of admin account, needed when auto_refresh_endpoint set to True.
* - ``auth_url`` = ``http://127.0.0.1/identity`` * - ``auth_url`` = ``http://127.0.0.1/identity``
- (String) keystone authorization url, for example, http://$service_host/identity - (String) keystone authorization url, it's basically the internal or public endpoint of keystone, depends on how
the common.client module can reach keystone, for example, http://$service_host/identity
* - ``identity_url`` = ``http://127.0.0.1/identity/v3`` * - ``identity_url`` = ``http://127.0.0.1/identity/v3``
- (String) keystone service url, for example, http://$service_host/identity/v3 - [Deprecated] (String) keystone service url, for example, http://$service_host/identity/v3 (this option is not
used in code since Pike release, you can simply ignore this option)
* - ``auto_refresh_endpoint`` = ``True`` * - ``auto_refresh_endpoint`` = ``True``
- (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint. - (Boolean) if set to True, endpoint will be automatically refreshed if timeout accessing endpoint.
* - ``bridge_cidr`` = ``100.0.0.0/9`` * - ``bridge_cidr`` = ``100.0.0.0/9``

View File

@ -91,6 +91,15 @@ Installation with Central Neutron Server
Oslo library if you need further configuration of these modules. Change Oslo library if you need further configuration of these modules. Change
keystone_service_host to the address of Keystone service. keystone_service_host to the address of Keystone service.
.. note:: It's worth explaining the following options that can easily make users confused. **keystone_authtoken.auth_url**
is the keystone endpoint url used by services to validate user tokens. **keystone_authtoken.auth_uri** will be put in
the "WWW-Authenticate: Keystone uri=%s" header in the 401 response to tell users where they can get authentication.
These two URLs can be the same, but sometimes people would like to use an internal URL for auth_url and a public URL
for auth_uri. **client.auth_url** is used by the common.client module to construct a client to get authentication and
access other services, it can be the either internal or public endpoint of keystone, depends on how the module can
reach keystone. **client.identity_url** is no longer used in code since Pike release so you can simply ignore it, we
will deprecate and remove this option later.
- 5 Create the Tricircle database(take mysql as an example):: - 5 Create the Tricircle database(take mysql as an example)::
mysql -uroot -p -e "create database tricircle character set utf8;" mysql -uroot -p -e "create database tricircle character set utf8;"