On 02/11/2013 04:46 PM, Akihiro MOTOKI wrote:
Thanks Dan,
I will post the patch.
I confirmed this change does not break the backward compat.
If both api-paste.ini and quantum.conf have auth_token configurations,
configurations from api-paste are used.
I will also update the admin guide after G-3.
"DocImpact" flag is useful for such changes.
I am in favor of the change. I think that this requires a devstack
change. This should be in prior to us approving the Quantum patch.
Akihiro
Date: Mon, 11 Feb 2013 02:28:32 -0800
From: Dan Wendlandt<[email protected]>
Subject: Re: [Quantum-core] Move auth_token configuration to quantum.conf from
api-paste
Hi Akihiro,
I agree at least with the high-level goal of simplifying configuration to avoid
most users having
to deal with api-paste.ini, so long as backward compat is properly handled.
Thanks for working on
this.
Dan
On Sat, Feb 9, 2013 at 6:09 AM, Akihiro MOTOKI<[email protected]> wrote:
Hi,
We have the configurations of keystone auth_token in api-paste.ini.
keystoneclient.middleware.auth_token now allows the main application
such as quantum to have auth_token configuration in its configuration
file e.g., quantum.conf.
I think it is better to have auth_token configurations in quantum.conf.
If so users only need to customize quantum.conf and there is no need
to modify api-paste.ini. I think api-paste.ini is regarded as a part of
quantum-server since it defines the pipeline of quantum-server, so
it would be better users do not modify it.
Since auth_token has a backward compatibility,
users who already use api-paste.ini can continue to use it.
auth_token first tries the configurations in /etc/quantum/api-paste.ini
and then the above configurations.
I think this change has no risk and simplifies users' configurations.
To do this, we just need to add an example to auto_token configurations
below to quantum.conf and update the admin guide.
(In addition, need to update devstack at some timing)
Glance already adopts this scheme, and nova does not.
------------------------------------------------------------
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
signing_dir = /var/lib/quantum/keystone-signing
------------------------------------------------------------
Thanks,
Akihiro
--
Mailing list: https://launchpad.net/~quantum-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~quantum-core
More help : https://help.launchpad.net/ListHelp
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
Mailing list: https://launchpad.net/~quantum-core
Post to : [email protected]
Unsubscribe : https://launchpad.net/~quantum-core
More help : https://help.launchpad.net/ListHelp
