7db12e58df
According to [1], "auth_uri" has been deprecated. This patch replace it by using "www_authenticate_uri" instead. [1] https://review.openstack.org/#/c/508522 Change-Id: I7f6b2e27aff6cd45ddb900cd75249b0afae024cb
77 lines
2.4 KiB
Groff
77 lines
2.4 KiB
Groff
.TH "novajoin-server" "1" "Aug 16 2016" "novajoin" "novajoin Manual Pages"
|
|
.SH "NAME"
|
|
novajoin\-server \- REST service to accept nova dynamic metadata requests
|
|
.SH "SYNOPSIS"
|
|
novajoin\-server
|
|
|
|
.SH "DESCRIPTION"
|
|
The novajoin server provides dynamic metadata to nova in order to facilitate
|
|
enrolling new instances as IPA clients.
|
|
|
|
In order for a host to be enrolled the property ipa_enroll must be set
|
|
to True in the instance metadata.
|
|
|
|
A cloud-init script is pushed to the instance by nova. This script will
|
|
install the packages required by ipa-client-install and fetch the
|
|
OTP and hostname from nova. This request will create a host in IPA using
|
|
the hostname of instance_name + novajoin domain, and a One-Time Password
|
|
(OTP) that will be used by ipa-client-install to enroll the host.
|
|
|
|
In the case where config_drive is True in either the instance or globally
|
|
in nova then the IPA host is generated at instance creation time rather
|
|
than when needed.
|
|
|
|
.SH "CONFIGURATION"
|
|
The service is configured using \fB/etc/nova/join.conf\fR. It consists
|
|
of two sections: DEFAULT and keystone_authtoken
|
|
|
|
The DEFAULT section configures novajoin-server and keystone_authtoken
|
|
configures the keystone client to handle Openstack tokens.
|
|
|
|
The DEFAULT section options are:
|
|
|
|
\fRjoin_listen_port\fB = \fI9090\fR
|
|
Port the service listens \fIon\fR
|
|
.TP
|
|
\fRapi_paste_config\fB = \fI/etc/nova/join-api-paste.ini\fR
|
|
Path to the Paste configuration file
|
|
.TP
|
|
\fRdebug\fB = \fIFalse\fR
|
|
Additional debug logging
|
|
.TP
|
|
\fRauth_strategy\fB = \fIkeystone\fR
|
|
Authentication strategy to use
|
|
.TP
|
|
\fRkeytab\fB = \fI/etc/nova/krb5.keytab\fR
|
|
Keytab used to communicate with the IPA master
|
|
.TP
|
|
\fRdomain\fB = \fIopenstack.example.com\fR
|
|
The DNS domain to use when creating the FQDN of an instance
|
|
.TP
|
|
\fRcacert\fB = \fI/etc/ipa/ca.crt\fR
|
|
File path location of the IPA CA certificate chain
|
|
.TP
|
|
\fRconnect_retries\fB = \fI1\fR
|
|
Number of tries to attempt to reconnect to the IPA server
|
|
.TP
|
|
.TP
|
|
keystone_authtoken configuration options:
|
|
.TP
|
|
\fRwww_authenticate_uri\fB = \fIhttp://keystone.example.com:5000/v3.0\fR
|
|
The Keystone authentication uri
|
|
.TP
|
|
\fRidentity_uri\fB = \fIhttp://keystone.example.com:35357\fR
|
|
The Keystone identity service URI
|
|
.TP
|
|
\fRadmin_password\fB = \fI$NOVA_PASSWORD\fR
|
|
The nova service user password
|
|
.TP
|
|
\fRadmin_user\fB = \fInova\fR
|
|
The nova service user name
|
|
.TP
|
|
admin_tenant_name\fB = \fIservices\fR
|
|
.TP
|
|
.SH "SEEALSO"
|
|
.BR novajoin\-install(1),
|
|
.BR novajoin\-notify(1)
|