Merge "Minor changes in the document"
This commit is contained in:
		| @@ -43,11 +43,13 @@ To make sure Mistral client works, type:: | ||||
| Targeting non-preconfigured clouds | ||||
| ---------------------------------- | ||||
|  | ||||
| Mistral is capable of executing workflows on external OpenStack clouds, different from the one defined in the `mistral.conf` | ||||
| file in the `keystone_authtoken` section. (More detail in the :doc:`configuration_guide`). | ||||
| Mistral is capable of executing workflows on external OpenStack clouds, | ||||
| different from the one defined in the `mistral.conf` file in the | ||||
| `keystone_authtoken` section. (More detail in the :doc:`configuration_guide`). | ||||
|  | ||||
| For example, if the mistral server is configured to authenticate with the `http://keystone1.example.com` cloud | ||||
| and the user wants to execute the workflow on the `http://keystone2.example.com` cloud. | ||||
| For example, if the mistral server is configured to authenticate with the | ||||
| `http://keystone1.example.com` cloud and the user wants to execute the workflow | ||||
| on the `http://keystone2.example.com` cloud. | ||||
|  | ||||
| The mistral.conf will look like:: | ||||
|  | ||||
| @@ -57,26 +59,28 @@ The mistral.conf will look like:: | ||||
|  | ||||
| The client side parameters will be:: | ||||
|  | ||||
|     export OS_AUTH_URL=http://keystone1.example.com:5000/v3 | ||||
|     export OS_USERNAME=mistral_user | ||||
|     $ export OS_AUTH_URL=http://keystone1.example.com:5000/v3 | ||||
|     $ export OS_USERNAME=mistral_user | ||||
|     ... | ||||
|     export OS_TARGET_AUTH_URL=http://keystone2.example.com:5000/v3 | ||||
|     export OS_TARGET_USERNAME=cloud_user | ||||
|     $ export OS_TARGET_AUTH_URL=http://keystone2.example.com:5000/v3 | ||||
|     $ export OS_TARGET_USERNAME=cloud_user | ||||
|     ... | ||||
|  | ||||
| .. note:: Every `OS_*` parameter has an `OS_TARGET_*` correspondent. For more detail, check out `mistral --help` | ||||
| .. note:: Every `OS_*` parameter has an `OS_TARGET_*` correspondent. For more | ||||
|           detail, check out `mistral --help` | ||||
|  | ||||
| The `OS_*` parameters are used to authenticate and authorize the user with Mistral, | ||||
| that is, to check if the user is allowed to utilize the Mistral service. Whereas | ||||
| the `OS_TARGET_*` parameters are used to define the user that executes the workflow | ||||
| on the external cloud, keystone2.example.com/. | ||||
| The `OS_*` parameters are used to authenticate and authorize the user with | ||||
| Mistral, that is, to check if the user is allowed to utilize the Mistral | ||||
| service. Whereas the `OS_TARGET_*` parameters are used to define the user that | ||||
| executes the workflow on the external cloud, keystone2.example.com/. | ||||
|  | ||||
| Use cases | ||||
| ^^^^^^^^^ | ||||
|  | ||||
| **Authenticate in Mistral and execute OpenStack actions with different users** | ||||
|  | ||||
| As a user of Mistral, I want to execute a workflow with a different user on the cloud. | ||||
| As a user of Mistral, I want to execute a workflow with a different user on the | ||||
| cloud. | ||||
|  | ||||
| **Execute workflows on any OpenStack cloud** | ||||
|  | ||||
| @@ -87,23 +91,24 @@ Special cases | ||||
|  | ||||
| **Using Mistral with zero OpenStack configuration**: | ||||
|  | ||||
| With the targeting feature, it is possible to execute a workflow on any arbitrary cloud | ||||
| without additional configuration on the Mistral server side.  If authentication is | ||||
| turned off in the Mistral server (Pecan's `auth_enable = False` option in `mistral.conf`), there | ||||
| is no need to set the `keystone_authtoken` section. It is possible to have Mistral  | ||||
| use an external OpenStack cloud even when it isn't deploy in an OpenStack  | ||||
| environment (i.e. no Keystone integration). | ||||
| With the targeting feature, it is possible to execute a workflow on any | ||||
| arbitrary cloud without additional configuration on the Mistral server side. | ||||
| If authentication is turned off in the Mistral server (Pecan's | ||||
| `auth_enable = False` option in `mistral.conf`), there is no need to set the | ||||
| `keystone_authtoken` section. It is possible to have Mistral use an external | ||||
| OpenStack cloud even when it isn't deployed in an OpenStack environment (i.e. | ||||
| no Keystone integration). | ||||
|  | ||||
| With this setup, the following call will return the heat stack list:: | ||||
|  | ||||
|     mistral \ | ||||
|     $ mistral \ | ||||
|         --os-target-auth-url=http://keystone2.example.com:5000/v3 \ | ||||
|         --os-target-username=testuser \ | ||||
|         --os-target-tenant=testtenant \ | ||||
|         --os-target-password="MistralRuleZ" \ | ||||
|         run-action heat.stacks_list | ||||
|  | ||||
| This setup is particularly useful when Mistral is used in standalone mode, when the | ||||
| Mistral service is not part of the OpenStack cloud and runs separately. | ||||
| This setup is particularly useful when Mistral is used in standalone mode, when | ||||
| the Mistral service is not part of the OpenStack cloud and runs separately. | ||||
|  | ||||
| Note that only the OS-TARGET-* parameters enable this operation. | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Jenkins
					Jenkins