openstack/ironic
Code Issues Proposed changes

Document http_basic auth strategy

Browse Source 
Change-Id: Iafb3e22e7fae84b733e2996c2512d1c9b4577359
Story: 2007656
Task: 39753
This commit is contained in:
Steve Baker 2020-06-15 11:07:15 +12:00
parent 15f0dc93df
commit 62408b32ae
1 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
doc/source/install/standalone.rst
View File

@ -5,12 +5,26 @@ Using Bare Metal service as a standalone service
It is possible to use the Bare Metal service without other OpenStack services. It is possible to use the Bare Metal service without other OpenStack services.
You should make the following changes to ``/etc/ironic/ironic.conf``: You should make the following changes to ``/etc/ironic/ironic.conf``:
#. To disable usage of Identity service tokens:: #. Choose an authentication strategy which supports standalone, one option is
``noauth``::
[DEFAULT] [DEFAULT]
... ...
auth_strategy=noauth auth_strategy=noauth
Another options is ``http_basic`` where the credentials are stored in an
`Apache htpasswd format`_ file::
[DEFAULT]
...
auth_strategy=http_basic
http_basic_auth_user_file=/etc/ironic/htpasswd
Only the ``bcrypt`` format is supported, and the Apache `htpasswd` utility can
be used to populate the file with entries, for example::
htpasswd -nbB myName myPassword >> /etc/ironic/htpasswd
#. If you want to disable the Networking service, you should have your network #. If you want to disable the Networking service, you should have your network
pre-configured to serve DHCP and TFTP for machines that you're deploying. pre-configured to serve DHCP and TFTP for machines that you're deploying.
To disable it, change the following lines:: To disable it, change the following lines::
@ -62,14 +76,22 @@ Steps to start a deployment are pretty similar to those when using Compute:
#. To use the #. To use the
:python-ironicclient-doc:`openstack baremetal CLI <cli/osc_plugin_cli.html>`, :python-ironicclient-doc:`openstack baremetal CLI <cli/osc_plugin_cli.html>`,
set up these environment variables. Since no authentication strategy is set up these environment variables. If the ``noauth`` authentication strategy is
being used, the value none must be set for OS_AUTH_TYPE. OS_ENDPOINT is being used, the value ``none`` must be set for OS_AUTH_TYPE. OS_ENDPOINT is
the URL of the ironic-api process. the URL of the ironic-api process.
For example:: For example::
export OS_AUTH_TYPE=none export OS_AUTH_TYPE=none
export OS_ENDPOINT=http://localhost:6385/ export OS_ENDPOINT=http://localhost:6385/
If the ``http_basic`` authentication strategy is being used, the value
``http_basic`` must be set for OS_AUTH_TYPE. For example::
export OS_AUTH_TYPE=http_basic
export OS_ENDPOINT=http://localhost:6385/
export OS_USERNAME=myUser
export OS_PASSWORD=myPassword
#. Create a node in Bare Metal service. At minimum, you must specify the driver #. Create a node in Bare Metal service. At minimum, you must specify the driver
name (for example, ``ipmi``). You can also specify all the required name (for example, ``ipmi``). You can also specify all the required
driver parameters in one command. This will return the node UUID:: driver parameters in one command. This will return the node UUID::
@ -232,3 +254,4 @@ Other references
* :ref:`local-boot-without-compute` * :ref:`local-boot-without-compute`
.. _`Apache htpasswd format`: https://httpd.apache.org/docs/current/misc/password_encryptions.html