<div dir="ltr">Kamil,<div>thank you for the detailed information.</div><div><br></div><div>Meg, do we have anything documented about authx yet? I think Kamil's email can be used as a source to prepare user and operation guides for Fuel 5.1.</div>
<div><br></div><div>Thanks,</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 24, 2014 at 5:45 PM, Kamil Sambor <span dir="ltr"><<a href="mailto:ksambor@mirantis.com" target="_blank">ksambor@mirantis.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif">Hi folks,</font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><br></div><div style="font-family:arial,sans-serif;font-size:13px">
<font face="arial, helvetica, sans-serif">All parts of code related to stage I and II from blueprint </font><a href="http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.html" target="_blank">http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.htm</a><font face="arial, helvetica, sans-serif"> are merged. In result of that, fuel (api and UI) </font><span style="font-family:arial,helvetica,sans-serif"> we now have authentication via keystone and now is required as default. Keystone is installed in new container during master installation. We can configure password via fuelmenu during installation (default user:password - admin:admin). Password is saved in astute.yaml, also admin_token is stored here.</span></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif">Almost all endpoints in fuel are protected and they required authentication token. We made exception for few endpoints and they are defined in nailgun/middleware/keystone.py in public_url .</font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif">Default password can be changed via UI or via fuel-cli. In case of changing password via UI or fuel-cli password is not stored in any file only in keystone, so if you forgot password you can change it using keystone client from master node and admin_token from astute.yaml using command: keystone --os-endpoint=<a href="http://10.20.0.2:35357/v2.0" target="_blank">http://10.20.0.2:35357/v2.0</a> --os-token=admin_token password-update .</font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif">Fuel client now use for authentication user and passwords which are stored in /etc/fuel/client/config.yaml. Password in this file is not changed during changing via fuel-cli or UI, user must change this password manualy. If user don't want use config file can provide user and password to fuel-cli by flags: --os-username=admin --os-password=test. We added also possibilities to change password via fuel-cli, to do this we should execute: fuel user --change-password --new-pass=new . </font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif">To run or disable authentication we should change /etc/nailgun/settings.yaml (AUTHENTICATION_METHOD) in nailgun container.</font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif"><br></font></div><div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif">Best regards,</font></div>
<div style="font-family:arial,sans-serif;font-size:13px"><font face="arial, helvetica, sans-serif">Kamil S.</font></div></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Mike Scherbakov<br>#mihgen<br><br></div>
</div>