[openstack-dev] [Fuel] Authentication is turned on - Fuel API and UI

Mike Scherbakov mscherbakov at mirantis.com
Thu Jul 24 13:57:34 UTC 2014 

Kamil,
thank you for the detailed information.

Meg, do we have anything documented about authx yet? I think Kamil's email
can be used as a source to prepare user and operation guides for Fuel 5.1.

Thanks,


On Thu, Jul 24, 2014 at 5:45 PM, Kamil Sambor <ksambor at mirantis.com> wrote:

> Hi folks,
>
> All parts of code related to stage I and II from blueprint
> http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.htm
> <http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.html> are
> merged. In result of that, fuel (api and UI)  we now have authentication
> via keystone and now is required as default. Keystone is installed in new
> container during master installation. We can configure password via
> fuelmenu during installation (default user:password - admin:admin).
> Password is saved in astute.yaml, also admin_token is stored here.
> Almost all endpoints in fuel are protected and they required
> authentication token. We made exception for few endpoints and they are
> defined in nailgun/middleware/keystone.py in public_url .
> Default password can be changed via UI or via fuel-cli. In case of
> changing password via UI or fuel-cli password is not stored in any file
> only in keystone, so if you forgot password you can change it using
> keystone client from master node and admin_token from astute.yaml using
> command: keystone --os-endpoint=http://10.20.0.2:35357/v2.0 --os-token=admin_token
> password-update .
> Fuel client now use for authentication user and passwords which are stored
> in /etc/fuel/client/config.yaml. Password in this file is not changed
> during changing via fuel-cli or UI, user must change this password manualy.
> If user don't want use config file can provide user and password to
> fuel-cli by flags: --os-username=admin --os-password=test. We added also
> possibilities to change password via fuel-cli, to do this we should
> execute: fuel user --change-password --new-pass=new .
> To run or disable authentication we should change
> /etc/nailgun/settings.yaml (AUTHENTICATION_METHOD) in nailgun container.
>
> Best regards,
> Kamil S.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Mike Scherbakov
#mihgen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140724/e9c095c7/attachment.html>

More information about the OpenStack-dev mailing list