Ok. So I will keep all authentication parameters in one place: solum.conf There will be standard section for keystone [keystone_authentication] with all common parameters like keystone URL, port, etc.
In the default section [DEFAUT] there will be a parameter enable_authentication=True. Actually it will be a deviation from a common practice as other core OpenStack components use auth_strategy=noauth (or keystone). Thanks Georgy On Wed, Nov 27, 2013 at 3:39 PM, Adrian Otto <adrian.o...@rackspace.com>wrote: > > > On Nov 27, 2013, at 2:25 PM, "Georgy Okrokvertskhov" < > gokrokvertsk...@mirantis.com> wrote: > > > > Hi, > > > > I am working on the user-authentication BP implementation. I need to > introduce a new configuration option for enable or disable keystone > authentication for incoming request. I am looking for a right place for > this option. > > > > The current situation is that we have two places for configuration, one > is oslo.config and second one is a pecan configuration. My initial > intension was to add all parameters to solum.conf file like it is done for > nova. Keystone middleware anyway use oslo.config for keystone connection > parameters. > > At the same time there are projects (Ceilometer and Ironic) which have > enable_acl parameter as a part of pecan config. > > > > From my perspective it is not reasonable to have authentication options > in two different places. I would rather use solum.conf for all parameters > and limit pecan config usage to pecan specific options. > > I agree that we should not require administrators to edit a bunch of > config files to get a working solum config. I think config options in > solum.conf should override ones et elsewhere. > > If auth is already set up for keystone in oslo.config, and no equivalent > options are set in solum.conf, then we should use the oslo.config settings. > I agree that the pecan config should only be used for pecan specific > options. > > > I am looking for your input on this. > > > > Thanks, > > Georgy > > _______________________________________________ > > OpenStack-dev mailing list > > OpenStack-dev@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Georgy Okrokvertskhov Technical Program Manager, Cloud and Infrastructure Services, Mirantis http://www.mirantis.com Tel. +1 650 963 9828 Mob. +1 650 996 3284
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev