Hi, We have the configurations of keystone auth_token in api-paste.ini. keystoneclient.middleware.auth_token now allows the main application such as quantum to have auth_token configuration in its configuration file e.g., quantum.conf.
I think it is better to have auth_token configurations in quantum.conf. If so users only need to customize quantum.conf and there is no need to modify api-paste.ini. I think api-paste.ini is regarded as a part of quantum-server since it defines the pipeline of quantum-server, so it would be better users do not modify it. Since auth_token has a backward compatibility, users who already use api-paste.ini can continue to use it. auth_token first tries the configurations in /etc/quantum/api-paste.ini and then the above configurations. I think this change has no risk and simplifies users' configurations. To do this, we just need to add an example to auto_token configurations below to quantum.conf and update the admin guide. (In addition, need to update devstack at some timing) Glance already adopts this scheme, and nova does not. ------------------------------------------------------------ [keystone_authtoken] auth_host = 127.0.0.1 auth_port = 35357 auth_protocol = http admin_tenant_name = %SERVICE_TENANT_NAME% admin_user = %SERVICE_USER% admin_password = %SERVICE_PASSWORD% signing_dir = /var/lib/quantum/keystone-signing ------------------------------------------------------------ Thanks, Akihiro -- Mailing list: https://launchpad.net/~quantum-core Post to : [email protected] Unsubscribe : https://launchpad.net/~quantum-core More help : https://help.launchpad.net/ListHelp
