yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1123865] Re: Move keystone auth_token configuration to quantum.conf

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 21 Feb 2013 09:11:36 -0000
Reply-to: Bug 1123865 <1123865@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: quantum
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to quantum.
https://bugs.launchpad.net/bugs/1123865

Title:
  Move keystone auth_token configuration to quantum.conf

Status in OpenStack Quantum (virtual network service):
  Fix Released

Bug description:
  Though it has already been merged into master, I will file it as a bug
  to make feature tracking easier.

  ----
  We have the configurations of keystone auth_token in api-paste.ini.
  keystoneclient.middleware.auth_token now allows the main application
  such as quantum to have auth_token configuration in its configuration
  file e.g., quantum.conf.

  I think it is better to have auth_token configurations in quantum.conf.
  If so users only need to customize quantum.conf and there is no need
  to modify api-paste.ini. I think api-paste.ini is regarded as a part of
  quantum-server since it defines the pipeline of quantum-server, so
  it would be better users do not modify it.

  Since auth_token has a backward compatibility,
  users who already use api-paste.ini can continue to use it.
  auth_token first tries the configurations in /etc/quantum/api-paste.ini
  and then the above configurations.

  I think this change has no risk and simplifies users' configurations.

  To do this, we just need to add an example to auto_token configurations
  below to quantum.conf and update the admin guide.
  (In addition, need to update devstack at some timing)

  Glance already adopts this scheme, and nova does not.

  ------------------------------------------------------------
  [keystone_authtoken]
  auth_host = 127.0.0.1
  auth_port = 35357
  auth_protocol = http
  admin_tenant_name = %SERVICE_TENANT_NAME%
  admin_user = %SERVICE_USER%
  admin_password = %SERVICE_PASSWORD%
  signing_dir = /var/lib/quantum/keystone-signing
  ------------------------------------------------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/quantum/+bug/1123865/+subscriptions