← Back to team overview

fuel-dev team mailing list archive

Authentication is turned on - Fuel API and UI

 

Hi folks,

All parts of code related to stage I and II from blueprint
http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.htm
<http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.html>
are
merged. In result of that, fuel (api and UI)  we now have authentication
via keystone and now is required as default. Keystone is installed in new
container during master installation. We can configure password via
fuelmenu during installation (default user:password - admin:admin).
Password is saved in astute.yaml, also admin_token is stored here.
Almost all endpoints in fuel are protected and they required authentication
token. We made exception for few endpoints and they are defined in
nailgun/middleware/keystone.py in public_url .
Default password can be changed via UI or via fuel-cli. In case of changing
password via UI or fuel-cli password is not stored in any file only in
keystone, so if you forgot password you can change it using keystone client
from master node and admin_token from astute.yaml using command: keystone
--os-endpoint=http://10.20.0.2:35357/v2.0 --os-token=admin_token
password-update .
Fuel client now use for authentication user and passwords which are stored
in /etc/fuel/client/config.yaml. Password in this file is not changed
during changing via fuel-cli or UI, user must change this password manualy.
If user don't want use config file can provide user and password to
fuel-cli by flags: --os-username=admin --os-password=test. We added also
possibilities to change password via fuel-cli, to do this we should
execute: fuel user --change-password --new-pass=new .
To run or disable authentication we should change
/etc/nailgun/settings.yaml (AUTHENTICATION_METHOD) in nailgun container.

Best regards,
Kamil S.

Follow ups