[openstack-dev] [Fuel] Authentication is turned on - Fuel API and UI

Lukasz Oles loles at mirantis.com
Thu Jul 24 14:17:11 UTC 2014


Hi all,

one more thing. You do not need to install keystone in your development
environment. By default it runs there in fake mode. Keystone mode is
enabled only on iso. If you want to test it locally you have to install
keystone and configure nailgun as Kamil explained.

Regards,


On Thu, Jul 24, 2014 at 3:57 PM, Mike Scherbakov <mscherbakov at mirantis.com>
wrote:

> Kamil,
> thank you for the detailed information.
>
> Meg, do we have anything documented about authx yet? I think Kamil's email
> can be used as a source to prepare user and operation guides for Fuel 5.1.
>
> Thanks,
>
>
> On Thu, Jul 24, 2014 at 5:45 PM, Kamil Sambor <ksambor at mirantis.com>
> wrote:
>
>> Hi folks,
>>
>> All parts of code related to stage I and II from blueprint
>> http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.htm
>> <http://docs-draft.openstack.org/29/96429/11/gate/gate-fuel-specs-docs/2807f30/doc/build/html/specs/5.1/access-control-master-node.html> are
>> merged. In result of that, fuel (api and UI)  we now have authentication
>> via keystone and now is required as default. Keystone is installed in new
>> container during master installation. We can configure password via
>> fuelmenu during installation (default user:password - admin:admin).
>> Password is saved in astute.yaml, also admin_token is stored here.
>> Almost all endpoints in fuel are protected and they required
>> authentication token. We made exception for few endpoints and they are
>> defined in nailgun/middleware/keystone.py in public_url .
>> Default password can be changed via UI or via fuel-cli. In case of
>> changing password via UI or fuel-cli password is not stored in any file
>> only in keystone, so if you forgot password you can change it using
>> keystone client from master node and admin_token from astute.yaml using
>> command: keystone --os-endpoint=http://10.20.0.2:35357/v2.0 --os-token=admin_token
>> password-update .
>> Fuel client now use for authentication user and passwords which are
>> stored in /etc/fuel/client/config.yaml. Password in this file is not
>> changed during changing via fuel-cli or UI, user must change this password
>> manualy. If user don't want use config file can provide user and password
>> to fuel-cli by flags: --os-username=admin --os-password=test. We added also
>> possibilities to change password via fuel-cli, to do this we should
>> execute: fuel user --change-password --new-pass=new .
>> To run or disable authentication we should change
>> /etc/nailgun/settings.yaml (AUTHENTICATION_METHOD) in nailgun container.
>>
>> Best regards,
>> Kamil S.
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Mike Scherbakov
> #mihgen
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Łukasz Oleś
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140724/f5983a3c/attachment.html>


More information about the OpenStack-dev mailing list