7e8861d76e
This adds CACERT configuration to the credentials section used in the user guide section and in the CLI keystone section. Change-Id: Iff59b2c27b3704bdc878cc4c406d95db608de1d7 Closes-Bug: #1163938
138 lines
6.6 KiB
XML
138 lines
6.6 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
version="5.0"
|
|
xml:id="configure_keystone_client">
|
|
<title>Set up credentials for the keystone client</title>
|
|
<para>You can configure the
|
|
<package>python-keystoneclient</package> with admin
|
|
credentials with either an authentication token or a user name
|
|
and password.</para>
|
|
<procedure>
|
|
<title>To configure the keystone client with an authentication
|
|
token</title>
|
|
<step>
|
|
<para>Export your keystone endpoint to the
|
|
<varname>OS_SERVICE_ENDPOINT</varname> environment
|
|
variable:</para>
|
|
<screen><prompt>$</prompt> <userinput>export OS_SERVICE_ENDPOINT="<keystoneEndpoint>"</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Export the administrator service token to the
|
|
<varname>OS_SERVICE_TOKEN</varname> environment
|
|
variable:</para>
|
|
<screen><prompt>$</prompt> <userinput>export OS_SERVICE_TOKEN="<serviceToken>"</userinput></screen>
|
|
<note>
|
|
<para>Alternatively, you can specify these parameters
|
|
on any keystone client command:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<parameter>--os-endpoint
|
|
<replaceable>SERVICE_ENDPOINT</replaceable></parameter>.
|
|
An endpoint to use instead of the one in
|
|
the service catalog. Defaults to
|
|
<code>env[OS_SERVICE_ENDPOINT]</code>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<parameter>--os-token
|
|
<replaceable>SERVICE_TOKEN</replaceable></parameter>.
|
|
An existing token to use instead of the
|
|
one generated by authentication. Defaults
|
|
to
|
|
<code>env[OS_SERVICE_TOKEN]</code>.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
<procedure xml:id="password-auth-method">
|
|
<title>To configure the keystone client with a user name and
|
|
password</title>
|
|
<step>
|
|
<para>Export the administrator user name to the
|
|
<varname>OS_USERNAME</varname> environment
|
|
variable:</para>
|
|
<screen><prompt>$</prompt> <userinput>export OS_USERNAME="<adminUserName>"</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Export the administrator password to the
|
|
<varname>OS_PASSWORD</varname> environment
|
|
variable:</para>
|
|
<screen><prompt>$</prompt> <userinput>export OS_PASSWORD="<adminPassword>"</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Export the tenant name to the
|
|
<varname>OS_TENANT_NAME</varname> environment
|
|
variable:</para>
|
|
<screen><prompt>$</prompt> <userinput>export OS_TENANT_NAME="<tenantName>"</userinput></screen>
|
|
</step>
|
|
<step>
|
|
<para>Export the URL of the keystone auth server, for
|
|
example <uri>http://localhost:5000/v2.0</uri>, to the
|
|
<varname>OS_AUTH_URL</varname> environment
|
|
variable:</para>
|
|
<screen><prompt>$</prompt> <userinput>export OS_AUTH_URL="<authServerURL>"</userinput></screen>
|
|
<note>
|
|
<para>Alternatively, you can specify these parameters
|
|
on any keystone client command:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>--os-username
|
|
<replaceable>OS_USERNAME</replaceable></literal>.
|
|
Name used for authentication with the
|
|
Identity Service. Defaults to
|
|
<code>env[OS_USERNAME]</code>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>--os-password
|
|
<replaceable>OS_PASSWORD</replaceable></literal>.
|
|
Password used for authentication with the
|
|
Identity Service. Defaults to
|
|
<code>env[OS_PASSWORD]</code>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>--os-tenant_name
|
|
<replaceable>OS_TENANT_NAME</replaceable></literal>.
|
|
Tenant for which to request
|
|
authentication. Defaults to
|
|
<code>env[OS_TENANT_NAME]</code>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>--os-auth_url
|
|
<replaceable>OS_AUTH_URL</replaceable></literal>.
|
|
The Identity Service endpoint to use for
|
|
authentication. Defaults to
|
|
<code>env[OS_AUTH_URL]</code>.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
<procedure>
|
|
<title>To configure the keystone client to verify the TLS (HTTPS) server certificate</title>
|
|
<step>
|
|
<para>Define the <varname>OS_CACERT</varname> environment variable to set the location for the
|
|
CA trust store (PEM formatted) for this client:</para>
|
|
<screen><prompt>$</prompt> <userinput>export OS_CACERT=<replaceable>/path/to/cacertFile</replaceable></userinput></screen>
|
|
<note>
|
|
<para>Alternatively, you can specify these parameters
|
|
on any keystone client command:</para>
|
|
<para>
|
|
<literal>--os-cacert
|
|
<replaceable>OS_CACERT</replaceable></literal>.
|
|
CA bundle file to use in verifying a TLS
|
|
(HTTPS) server certificate. Defaults to
|
|
<code>env[OS_CACERT]</code>.</para>
|
|
</note>
|
|
</step>
|
|
</procedure>
|
|
</section>
|