diff options
| author | Alistair Coles <alistair.coles@hpe.com> | 2016-09-19 16:06:18 +0100 |
|---|---|---|
| committer | Alistair Coles <alistair.coles@hpe.com> | 2016-09-21 15:48:11 +0100 |
| commit | 18bb99971f1a793dc75b6b3cb393d5503be43575 (patch) | |
| tree | 5f05adca927423a183455a54abf5b4478dd48339 /doc/source/overview_auth.rst | |
| parent | 2355771d4bc87d003a7702405c0406363e0aa18b (diff) | |
| download | swift-18bb99971f1a793dc75b6b3cb393d5503be43575.tar.gz | |
Add more comment to authtoken sample options
Prior to the Mitaka release the install guides showed
services (including Swift) being in a default Keystone
domain which existed by default and has id=default. This
domain id is reflected in the proxy-server.conf-sample
authtoken options and also shown in man page and auth docs.
The Mitaka install guide shows a domain with *name* default
being created, and having a random UUID assigned, in which
services are created. This has caused confusion (see
discussion on linked bug report).
This patch does not change the sample options but does
add to the comments in order to emphasize that a user
may need to alter the options to match their Keystone
configuration.
Change-Id: I17bfcdbd983402eeb561bb704b8b1f1e27547c7d
Partial-Bug: #1604674
Diffstat (limited to 'doc/source/overview_auth.rst')
| -rw-r--r-- | doc/source/overview_auth.rst | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/doc/source/overview_auth.rst b/doc/source/overview_auth.rst index 34e7f64cc..e98526e7a 100644 --- a/doc/source/overview_auth.rst +++ b/doc/source/overview_auth.rst @@ -131,7 +131,7 @@ Configuring Swift to use Keystone ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Configuring Swift to use Keystone_ -is relatively straight forward. The first +is relatively straightforward. The first step is to ensure that you have the ``auth_token`` middleware installed. It can either be dropped in your python path or installed via the KeystoneMiddleware_ package. @@ -181,7 +181,13 @@ your situation, but in short: * The auth credentials (``project_domain_id``, ``user_domain_id``, ``username``, ``project_name``, ``password``) will be used to retrieve an admin token. That token will be used to authorize user tokens behind the - scenes. + scenes. These credentials must match the Keystone credentials for the Swift + service. The example values shown here assume a user named 'swift' with admin + role on a project named 'service', both being in the Keystone domain with id + 'default'. Refer to the `KeystoneMiddleware documentation + <http://docs.openstack.org/developer/keystonemiddleware/middlewarearchitecture.html#configuration>`_ + for other examples. + * ``cache`` is set to ``swift.cache``. This means that the middleware will get the Swift memcache from the request environment. * ``include_service_catalog`` defaults to ``True`` if not set. This means |