openstack team mailing list archive

Thread
Date

Re: Glance authentication with Keystone woes...

To: Anne Gentle <anne@xxxxxxxxxxxxx>
From: Jay Pipes <jaypipes@xxxxxxxxx>
Date: Tue, 31 Jan 2012 21:53:12 -0500
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAD0KtVE=hM5V2=UmxQgj7WkvmDVb19UKLre_N96b+gXWERHtvg@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111229 Thunderbird/9.0

Hi Ann! cc'ing the mailing list since this is generally usefulinformation...


On 01/31/2012 08:59 PM, Anne Gentle wrote:

Hi Jay -

I'm pretty sure this has tripped me up before and I'm going to have to
change the docs for the install/deploy guide. What exactly is the call
for the long-lived service token? Is it a keystone admin api call -
admin tenant, admin user on the admin tenant?

Yeah, it's confusing, I know :( The best information on this particularsubject is here:


http://keystone.openstack.org/configuringservices.html#defining-an-administrative-service-token

Basically, in Keystone, you can create a token that can be used by aservice (for service-to-service communication, like that needed by theGlance API to Glance registry communication) by using thekeystone-manage command like so:

keystone-manage token add <TOKEN_ID> <SERVICE_USER> <SERVICE_TENANT><TIMESTAMP>


where <TIMESTAMP> is something like 2015-02-05T00:00

Cheers!
-jay

Follow ups

Re: Glance authentication with Keystone woes...
From: Anne Gentle, 2012-02-01

References

Glance authentication with Keystone woes...
From: Lillie Ross-CDSR11, 2012-01-31
Re: Glance authentication with Keystone woes...
From: Jay Pipes, 2012-02-01