[Openstack] Glance authentication with Keystone woes...
Jay Pipes
jaypipes at gmail.com
Wed Feb 1 02:53:12 UTC 2012
Hi Ann! cc'ing the mailing list since this is generally useful
information...
On 01/31/2012 08:59 PM, Anne Gentle wrote:
> Hi Jay -
>
> I'm pretty sure this has tripped me up before and I'm going to have to
> change the docs for the install/deploy guide. What exactly is the call
> for the long-lived service token? Is it a keystone admin api call -
> admin tenant, admin user on the admin tenant?
Yeah, it's confusing, I know :( The best information on this particular
subject is here:
http://keystone.openstack.org/configuringservices.html#defining-an-administrative-service-token
Basically, in Keystone, you can create a token that can be used by a
service (for service-to-service communication, like that needed by the
Glance API to Glance registry communication) by using the
keystone-manage command like so:
keystone-manage token add <TOKEN_ID> <SERVICE_USER> <SERVICE_TENANT>
<TIMESTAMP>
where <TIMESTAMP> is something like 2015-02-05T00:00
Cheers!
-jay
More information about the Openstack
mailing list