Thanks Dan, I will post the patch. I confirmed this change does not break the backward compat. If both api-paste.ini and quantum.conf have auth_token configurations, configurations from api-paste are used.
I will also update the admin guide after G-3. "DocImpact" flag is useful for such changes. Akihiro >>>>> Date: Mon, 11 Feb 2013 02:28:32 -0800 >>>>> From: Dan Wendlandt <[email protected]> >>>>> Subject: Re: [Quantum-core] Move auth_token configuration to quantum.conf >>>>> from api-paste > > Hi Akihiro, > > I agree at least with the high-level goal of simplifying configuration to > avoid most users having > to deal with api-paste.ini, so long as backward compat is properly handled. > Thanks for working on > this. > > Dan > > On Sat, Feb 9, 2013 at 6:09 AM, Akihiro MOTOKI <[email protected]> wrote: > > Hi, > > We have the configurations of keystone auth_token in api-paste.ini. > keystoneclient.middleware.auth_token now allows the main application > such as quantum to have auth_token configuration in its configuration > file e.g., quantum.conf. > > I think it is better to have auth_token configurations in quantum.conf. > If so users only need to customize quantum.conf and there is no need > to modify api-paste.ini. I think api-paste.ini is regarded as a part of > quantum-server since it defines the pipeline of quantum-server, so > it would be better users do not modify it. > > Since auth_token has a backward compatibility, > users who already use api-paste.ini can continue to use it. > auth_token first tries the configurations in /etc/quantum/api-paste.ini > and then the above configurations. > > I think this change has no risk and simplifies users' configurations. > > To do this, we just need to add an example to auto_token configurations > below to quantum.conf and update the admin guide. > (In addition, need to update devstack at some timing) > > Glance already adopts this scheme, and nova does not. > > ------------------------------------------------------------ > [keystone_authtoken] > auth_host = 127.0.0.1 > auth_port = 35357 > auth_protocol = http > admin_tenant_name = %SERVICE_TENANT_NAME% > admin_user = %SERVICE_USER% > admin_password = %SERVICE_PASSWORD% > signing_dir = /var/lib/quantum/keystone-signing > ------------------------------------------------------------ > > Thanks, > Akihiro > > -- > Mailing list: https://launchpad.net/~quantum-core > Post to : [email protected] > Unsubscribe : https://launchpad.net/~quantum-core > More help : https://help.launchpad.net/ListHelp > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Dan Wendlandt > Nicira, Inc: www.nicira.com > twitter: danwendlandt > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > -- Mailing list: https://launchpad.net/~quantum-core Post to : [email protected] Unsubscribe : https://launchpad.net/~quantum-core More help : https://help.launchpad.net/ListHelp
