Arnike/watcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update docs for password auth configuration options

Browse Source 
Watcher uses now auth_type 'password' plugin for authentication.
Configuration related to credentials used to validate and apply
for a token has been updated.

Change-Id: If71bb908741130cb01d5d1525a12cf9a68b58a58
Closes-Bug: #1541296
This commit is contained in:
David TARDIVEL
2016-02-03 12:42:22 +01:00
parent 25d27f0288
commit 376d669af6
2 changed files with 75 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
doc/source/deploy/configuration.rst
View File

@@ -243,46 +243,63 @@ so that the watcher service is configured for your needs.
#rabbit_port = 5672 #rabbit_port = 5672
#. Configure the Watcher Service to use these credentials with the Identity #. Watcher API shall validate the token provided by every incoming request,
Service. Replace IDENTITY_IP with the IP of the Identity server, and via keystonemiddleware, which requires the Watcher service to be configured
replace WATCHER_PASSWORD with the password you chose for the ``watcher`` with the right credentials for the Identity service.
user in the Identity Service::
In the configuration section here below:
* replace IDENTITY_IP with the IP of the Identity server
* replace WATCHER_PASSWORD with the password you chose for the ``watcher``
user
* replace KEYSTONE_SERVICE_PROJECT_NAME with the name of project created
for OpenStack services (e.g. ``service``) ::
[keystone_authtoken] [keystone_authtoken]
# Complete public Identity API endpoint (string value) # Authentication type to load (unknown value)
#auth_uri=<None> # Deprecated group/name - [DEFAULT]/auth_plugin
auth_uri=http://IDENTITY_IP:5000/ #auth_type = <None>
auth_type = password
# API version of the admin Identity API endpoint. (string value) # Authentication URL (unknown value)
#auth_version=<None> #auth_url = <None>
auth_version=v3 auth_url = http://IDENTITY_IP:35357
# Complete admin Identity API endpoint. This should specify the # Username (unknown value)
# unversioned root endpoint e.g. https://localhost:35357/ (string # Deprecated group/name - [DEFAULT]/username
# value) #username = <None>
#identity_uri = <None> username=watcher
identity_uri = http://IDENTITY_IP:5000
# Keystone account username (string value) # User's password (unknown value)
#admin_user=<None> #password = <None>
admin_user=watcher password = WATCHER_PASSWORD
# Keystone account password (string value) # Domain ID containing project (unknown value)
#admin_password=<None> #project_domain_id = <None>
admin_password=WATCHER_DBPASSWORD project_domain_id = default
# Keystone service account tenant name to validate user tokens # User's domain id (unknown value)
# (string value) #user_domain_id = <None>
#admin_tenant_name=admin user_domain_id = default
admin_tenant_name=KEYSTONE_SERVICE_PROJECT_NAME
# Directory used to cache files related to PKI tokens (string # Project name to scope to (unknown value)
# value) # Deprecated group/name - [DEFAULT]/tenant-name
#signing_dir=<None> #project_name = <None>
project_name = KEYSTONE_SERVICE_PROJECT_NAME
#. Configure the credentials to use to authenticate with the Identity Service #. Watcher's decision engine and applier interact with other OpenStack
for the different project clients:: projects through those projects' clients. In order to instantiate these
clients, Watcher needs to request a new session from the Identity service
using the right credentials.
In the configuration section here below:
* replace IDENTITY_IP with the IP of the Identity server
* replace WATCHER_PASSWORD with the password you chose for the ``watcher``
user
* replace KEYSTONE_SERVICE_PROJECT_NAME with the name of project created
for OpenStack services (e.g. ``service``) ::
[watcher_clients_auth] [watcher_clients_auth]
@@ -312,6 +329,11 @@ so that the watcher service is configured for your needs.
#user_domain_id = <None> #user_domain_id = <None>
user_domain_id = default user_domain_id = default
# Project name to scope to (unknown value)
# Deprecated group/name - [DEFAULT]/tenant-name
#project_name = <None>
project_name = KEYSTONE_SERVICE_PROJECT_NAME
#. Configure the clients to use a specific version if desired. For example, to #. Configure the clients to use a specific version if desired. For example, to
configure Watcher to use a Nova client with version 2.1, use:: configure Watcher to use a Nova client with version 2.1, use::

2
tox.ini
View File

@@ -67,4 +67,4 @@ import_exceptions = watcher._i18n
[doc8] [doc8]
extension=.rst extension=.rst
# todo: stop ignoring doc/source/man when https://bugs.launchpad.net/doc8/+bug/1502391 is fixed # todo: stop ignoring doc/source/man when https://bugs.launchpad.net/doc8/+bug/1502391 is fixed
ignore-path=doc/source/image_src,doc/source/man ignore-path=doc/source/image_src,doc/source/man,doc/source/api