You can also configure the Identity Service authentication
middleware using the admin_user
and
admin_password
options. When using the
admin_user
and
admin_password
options the
admin_token
parameter is optional. If
admin_token
is specified, it is used only if
the specified token is still valid.
For services that have a separate paste-deploy .ini file,
you can configure the authentication middleware in the
[keystone_authtoken]
section of the main
configuration file, such as nova.conf
. In
Compute, for example, you can remove the middleware parameters
from api-paste.ini
, as follows:
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
And set the following values in
nova.conf
as follows:
[DEFAULT] ... auth_strategy=keystone [keystone_authtoken] auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http auth_uri = http://127.0.0.1:5000/ admin_user = admin admin_password = SuperSekretPassword admin_tenant_name = service
Note | |
---|---|
The middleware parameters in the paste config take priority. You must remove them to use the values in the [keystone_authtoken] section. |
This sample paste config filter makes use of the
admin_user
and
admin_password
options:
[filter:authtoken] paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory service_port = 5000 service_host = 127.0.0.1 auth_port = 35357 auth_host = 127.0.0.1 auth_token = 012345SECRET99TOKEN012345 admin_user = admin admin_password = keystone123
Note | |
---|---|
Using this option requires an admin tenant/role relationship. The admin user is granted access to the admin role on the admin tenant. |