There are different methods of authentication for the OpenStack Compute project, including no authentication. The preferred system is the OpenStack Identity Service, code-named Keystone. Refer to Identity Management for additional information.
To customize authorization settings for Compute, see these
configuration settings in nova.conf.
| Configuration option=Default value | (Type) Description |
| api_rate_limit=True | (BoolOpt)whether to rate limit the api |
| auth_strategy=noauth | (StrOpt)The strategy to use for auth: noauth or keystone. |
To customize certificate authority settings for Compute, see these configuration settings in nova.conf.
| Configuration option=Default value | (Type) Description |
| ca_file=cacert.pem | (StrOpt)Filename of root CA |
| ca_path=$state_path/CA | (StrOpt)Where we keep our root CA |
| cert_manager=nova.cert.manager.CertManager | (StrOpt)full class name for the Manager for cert |
| cert_topic=cert | (StrOpt)the topic cert nodes listen on |
| crl_file=crl.pem | (StrOpt)Filename of root Certificate Revocation List |
| key_file=private/cakey.pem | (StrOpt)Filename of private key |
| keys_path=$state_path/keys | (StrOpt)Where we keep our keys |
| project_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=project-ca-%.16s-%s | (StrOpt)Subject for certificate for projects, %s for project, timestamp |
| use_project_ca=False | (BoolOpt)Should we use a CA for each project? |
| user_cert_subject=/C=US/ST=California/O=OpenStack/OU=NovaDev/CN=%.16s-%.16s-%s | (StrOpt)Subject for certificate for users, %s for project, user, timestamp |
To customize Compute and the Identity service to use LDAP as a backend, refer to these configuration settings in nova.conf.
| Configuration option=Default value | (Type) Description |
| ldap_dns_base_dn=ou=hosts,dc=example,dc=org | (StrOpt)Base DN for DNS entries in ldap |
| ldap_dns_password=password | (StrOpt)password for ldap DNS |
| ldap_dns_servers=['dns.example.org'] | (MultiStrOpt)DNS Servers for ldap dns driver |
| ldap_dns_soa_expiry=86400 | (StrOpt)Expiry interval (in seconds) for ldap dns driver Statement of Authority |
| [email protected] | (StrOpt)Hostmaster for ldap dns driver Statement of Authority |
| ldap_dns_soa_minimum=7200 | (StrOpt)Minimum interval (in seconds) for ldap dns driver Statement of Authority |
| ldap_dns_soa_refresh=1800 | (StrOpt)Refresh interval (in seconds) for ldap dns driver Statement of Authority |
| ldap_dns_soa_retry=3600 | (StrOpt)Retry interval (in seconds) for ldap dns driver Statement of Authority |
| ldap_dns_url=ldap://ldap.example.com:389 | (StrOpt)URL for ldap server which will store dns entries |
| ldap_dns_user=uid=admin,ou=people,dc=example,dc=org | (StrOpt)user for ldap DNS |
