diff --git a/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml b/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml
index 9440e1d1c0..c72e69b5db 100644
--- a/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml
+++ b/doc/install-guide/object-storage/section_object-storage-install-config-proxy-node.xml
@@ -67,8 +67,55 @@
Create
/etc/swift/proxy-server.conf:
-
-
+ [DEFAULT]
+bind_port = 8888
+user = swift
+user = openstack-swift
+
+[pipeline:main]
+pipeline = healthcheck cache authtoken keystoneauth proxy-server
+
+[app:proxy-server]
+use = egg:swift#proxy
+allow_account_management = true
+account_autocreate = true
+
+[filter:keystoneauth]
+use = egg:swift#keystoneauth
+operator_roles = Member,admin,swiftoperator
+
+[filter:authtoken]
+paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
+
+# Delaying the auth decision is required to support token-less
+# usage for anonymous referrers ('.r:*').
+delay_auth_decision = true
+
+# cache directory for signing certificate
+signing_dir = /home/swift/keystone-signing
+
+# auth_* settings refer to the Keystone server
+auth_protocol = http
+auth_host = controller
+auth_port = 35357
+
+# the same admin_token as provided in keystone.conf
+admin_token = ADMIN_TOKEN
+
+# the service tenant and swift userid and password created in Keystone
+admin_tenant_name = service
+admin_user = swift
+admin_password = SWIFT_PASS
+
+[filter:cache]
+use = egg:swift#memcache
+
+[filter:catch_errors]
+use = egg:swift#catch_errors
+
+[filter:healthcheck]
+use = egg:swift#healthcheck
+
If you run multiple memcache servers, put the
multiple IP:port listings in the [filter:cache]
diff --git a/doc/install-guide/object-storage/section_object-storage-install.xml b/doc/install-guide/object-storage/section_object-storage-install.xml
index 873771c8b4..c0bbae4265 100644
--- a/doc/install-guide/object-storage/section_object-storage-install.xml
+++ b/doc/install-guide/object-storage/section_object-storage-install.xml
@@ -63,6 +63,57 @@
# zypper install openstack-swift openstack-swift-proxy \
openstack-swift-account openstack-swift-container \
openstack-swift-object memcached
+
+
+ Create a swift user that the Object
+ Storage
+ Service can use to authenticate with the Identity Service.
+ Choose a password and specify an email address for the
+ swift user. Use the
+ service tenant and give the user the
+ admin role.
+ # keystone user-create --name=swift --pass=SWIFT_PASS \
+ --email=swift@example.com
+# keystone user-role-add --user=swift --tenant=service --role=admin
+
+
+ Create a service entry for the Object Storage Service:
+ # keystone service-create --name=swift --type=object-store \
+ --description="Object Storage Service"
++-------------+----------------------------------+
+| Property | Value |
++-------------+----------------------------------+
+| description | Object Storage Service |
+| | |
+| | |
+| id | eede9296683e4b5ebfa13f5166375ef6 |
+| name | swift |
+| type | object-store |
++-------------+----------------------------------+
+ The service ID is randomly generated and is different from
+ the one shown here.
+
+
+ Specify an API endpoint for the Object Storage Service by using
+ the returned service ID. When you specify an endpoint, you
+ provide URLs for the public API, internal API, and admin API.
+ In this guide, the controller host name is
+ used.
+ # keystone endpoint-create \
+ --service-id=the_service_id_above \
+ --publicurl='http://controller:8080/v1/AUTH_%(tenant_id)s' \
+ --internalurl='http://controller:8080/v1/AUTH_%(tenant_id)s' \
+ --adminurl=http://controller:8080
++-------------+---------------------------------------------------+
+| Property | Value |
++-------------+---------------------------------------------------+
+| adminurl | http://controller:8080/ |
+| id | 9e3ce428f82b40d38922f242c095982e |
+| internalurl | http://controller:8080/v1/AUTH_%(tenant_id)s |
+| publicurl | http://controller:8080/v1/AUTH_%(tenant_id)s |
+| region | regionOne |
+| service_id | eede9296683e4b5ebfa13f5166375ef6 |
++-------------+---------------------------------------------------+
Create and populate configuration directories on
diff --git a/doc/install-guide/samples/proxy-server.conf.txt b/doc/install-guide/samples/proxy-server.conf.txt
deleted file mode 100644
index 2db8696bb9..0000000000
--- a/doc/install-guide/samples/proxy-server.conf.txt
+++ /dev/null
@@ -1,47 +0,0 @@
-[DEFAULT]
-bind_port = 8888
-user = swift
-
-[pipeline:main]
-pipeline = healthcheck cache authtoken keystoneauth proxy-server
-
-[app:proxy-server]
-use = egg:swift#proxy
-allow_account_management = true
-account_autocreate = true
-
-[filter:keystoneauth]
-use = egg:swift#keystoneauth
-operator_roles = Member,admin,swiftoperator
-
-[filter:authtoken]
-paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
-
-# Delaying the auth decision is required to support token-less
-# usage for anonymous referrers ('.r:*').
-delay_auth_decision = true
-
-# cache directory for signing certificate
-signing_dir = /home/swift/keystone-signing
-
-# auth_* settings refer to the Keystone server
-auth_protocol = http
-auth_host = 192.168.56.3
-auth_port = 35357
-
-# the same admin_token as provided in keystone.conf
-admin_token = 012345SECRET99TOKEN012345
-
-# the service tenant and swift userid and password created in Keystone
-admin_tenant_name = service
-admin_user = swift
-admin_password = swift
-
-[filter:cache]
-use = egg:swift#memcache
-
-[filter:catch_errors]
-use = egg:swift#catch_errors
-
-[filter:healthcheck]
-use = egg:swift#healthcheck
diff --git a/doc/install-guide/samples/proxy-server.conf.txt-openSUSE b/doc/install-guide/samples/proxy-server.conf.txt-openSUSE
deleted file mode 100644
index 3378e19f2e..0000000000
--- a/doc/install-guide/samples/proxy-server.conf.txt-openSUSE
+++ /dev/null
@@ -1,47 +0,0 @@
-[DEFAULT]
-bind_port = 8888
-user = openstack-swift
-
-[pipeline:main]
-pipeline = healthcheck cache authtoken keystoneauth proxy-server
-
-[app:proxy-server]
-use = egg:swift#proxy
-allow_account_management = true
-account_autocreate = true
-
-[filter:keystoneauth]
-use = egg:swift#keystoneauth
-operator_roles = Member,admin,swiftoperator
-
-[filter:authtoken]
-paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
-
-# Delaying the auth decision is required to support token-less
-# usage for anonymous referrers ('.r:*').
-delay_auth_decision = true
-
-# cache directory for signing certificate
-signing_dir = /home/swift/keystone-signing
-
-# auth_* settings refer to the Keystone server
-auth_protocol = http
-auth_host = 192.168.56.3
-auth_port = 35357
-
-# the same admin_token as provided in keystone.conf
-admin_token = 012345SECRET99TOKEN012345
-
-# the service tenant and swift userid and password created in Keystone
-admin_tenant_name = service
-admin_user = swift
-admin_password = swift
-
-[filter:cache]
-use = egg:swift#memcache
-
-[filter:catch_errors]
-use = egg:swift#catch_errors
-
-[filter:healthcheck]
-use = egg:swift#healthcheck
diff --git a/doc/install-guide/section_keystone-services.xml b/doc/install-guide/section_keystone-services.xml
index 23c822d01b..2df442bdf5 100644
--- a/doc/install-guide/section_keystone-services.xml
+++ b/doc/install-guide/section_keystone-services.xml
@@ -1,25 +1,24 @@
+ xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="keystone-services"
+ version="5.0" os="rhel;centos;fedora;opensuse;sles;ubuntu">
Define services and API endpoints
- The Identity Service also tracks what OpenStack services are installed
- and where to locate them on the network. Run these commands for each
- service in your OpenStack installation:
+ So that the Identity Service can track which OpenStack services are
+ installed and where they are located on the network, you must register each
+ service in your OpenStack installation. To register a service, run these
+ commands:
keystone service-create. Describes the
service.
- keystone endpoint-create. Associates
- API endpoints with the service.
+ keystone endpoint-create. Associates API
+ endpoints with the service.
- For now, create a service for the Identity Service itself that
- uses normal authentication instead of the authorization token when
- you run the keystone command in the
- future.
+ You must also register the Identity Service itself. Use the
+ OS_SERVICE_TOKEN environment variable, as set previously, for
+ authentication.
Create a service entry for the Identity Service:
@@ -33,16 +32,15 @@
| name | keystone |
| type | identity |
+-------------+----------------------------------+
- The service ID is randomly generated and is different from
- the one shown here.
+ The service ID is randomly generated and is different from the one
+ shown here.
- Specify an API endpoint for the Identity Service by using
- the returned service ID. When you specify an endpoint, you
- provide URLs for the public API, internal API, and admin API.
- In this guide, the controller host name is
- used. Note that the Identity Service uses a different port for
- the admin API.
+ Specify an API endpoint for the Identity Service by using the
+ returned service ID. When you specify an endpoint, you provide URLs for
+ the public API, internal API, and admin API. In this guide, the
+ controller host name is used. Note that the
+ Identity Service uses a different port for the admin API.
# keystone endpoint-create \
--service-id=the_service_id_above \
--publicurl=http://controller:5000/v2.0 \
@@ -60,9 +58,8 @@
+-------------+-----------------------------------+
- As you add other services to your OpenStack installation,
- call these commands to register the services with the Identity
- Service.
+ As you add other services to your OpenStack installation, call these
+ commands to register the services with the Identity Service.