Hi all, one more thing. You do not need to install keystone in your development environment. By default it runs there in fake mode. Keystone mode is enabled only on iso. If you want to test it locally you have to install keystone and configure nailgun as Kamil explained.
Regards, On Thu, Jul 24, 2014 at 3:57 PM, Mike Scherbakov <mscherba...@mirantis.com> wrote: > Kamil, > thank you for the detailed information. > > Meg, do we have anything documented about authx yet? I think Kamil's email > can be used as a source to prepare user and operation guides for Fuel 5.1. > > Thanks, > > > On Thu, Jul 24, 2014 at 5:45 PM, Kamil Sambor <ksam...@mirantis.com> > wrote: > >> Hi folks, >> >> All parts of code related to stage I and II from blueprint >> http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.htm >> <http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.html> >> are >> merged. In result of that, fuel (api and UI) we now have authentication >> via keystone and now is required as default. Keystone is installed in new >> container during master installation. We can configure password via >> fuelmenu during installation (default user:password - admin:admin). >> Password is saved in astute.yaml, also admin_token is stored here. >> Almost all endpoints in fuel are protected and they required >> authentication token. We made exception for few endpoints and they are >> defined in nailgun/middleware/keystone.py in public_url . >> Default password can be changed via UI or via fuel-cli. In case of >> changing password via UI or fuel-cli password is not stored in any file >> only in keystone, so if you forgot password you can change it using >> keystone client from master node and admin_token from astute.yaml using >> command: keystone --os-endpoint=http://10.20.0.2:35357/v2.0 >> --os-token=admin_token >> password-update . >> Fuel client now use for authentication user and passwords which are >> stored in /etc/fuel/client/config.yaml. Password in this file is not >> changed during changing via fuel-cli or UI, user must change this password >> manualy. If user don't want use config file can provide user and password >> to fuel-cli by flags: --os-username=admin --os-password=test. We added also >> possibilities to change password via fuel-cli, to do this we should >> execute: fuel user --change-password --new-pass=new . >> To run or disable authentication we should change >> /etc/nailgun/settings.yaml (AUTHENTICATION_METHOD) in nailgun container. >> >> Best regards, >> Kamil S. >> >> _______________________________________________ >> OpenStack-dev mailing list >> OpenStack-dev@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Mike Scherbakov > #mihgen > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Łukasz Oleś
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
