Open Stack

Ok. So I will keep all authentication parameters in one place: solum.conf

There will be standard section for keystone [keystone_authentication] with
all common parameters like keystone URL, port, etc.

In the default section [DEFAUT] there will be a parameter
enable_authentication=True.
Actually it will be a deviation from a common practice as other core
OpenStack components use auth_strategy=noauth (or keystone).

Thanks
Georgy


On Wed, Nov 27, 2013 at 3:39 PM, Adrian Otto <adrian.otto at rackspace.com>wrote:

>
> > On Nov 27, 2013, at 2:25 PM, "Georgy Okrokvertskhov" <
> gokrokvertskhov at mirantis.com> wrote:
> >
> > Hi,
> >
> > I am working on the user-authentication BP implementation. I need to
> introduce a new configuration option for enable or disable keystone
> authentication for incoming request. I am looking for a right place for
> this option.
> >
> > The current situation is that we have two places for configuration, one
> is oslo.config and second one is a pecan configuration. My initial
> intension was to add all parameters to solum.conf file like it is done for
> nova. Keystone middleware anyway use oslo.config for keystone connection
> parameters.
> > At the same time there are projects (Ceilometer and Ironic) which have
> enable_acl parameter as a part of pecan config.
> >
> > From my perspective it is not reasonable to have authentication options
> in two different places. I would rather use solum.conf for all parameters
> and limit pecan config usage to pecan specific options.
>
> I agree that we should not require administrators to edit a bunch of
> config files to get a working solum config. I think config options in
> solum.conf should override ones et elsewhere.
>
> If auth is already set up for keystone in oslo.config, and no equivalent
> options are set in solum.conf, then we should use the oslo.config settings.
> I agree that the pecan config should only be used for pecan specific
> options.
>
> > I am looking for your input on this.
> >
> > Thanks,
> > Georgy
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Georgy Okrokvertskhov
Technical Program Manager,
Cloud and Infrastructure Services,
Mirantis
http://www.mirantis.com
Tel. +1 650 963 9828
Mob. +1 650 996 3284
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131127/fa0cf5f3/attachment.html>