Fix install guide filter:authtoken config example
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
Since newton the install guide uses keystones bootstrap which creates a default domain which looks like:
(openstack) domain show default
+----
| Field | Value |
+----
| description | The default domain |
| enabled | True |
| id | default |
| name | Default |
+----
Note the specifically:
id = default
name = Default
These are the values we should be using when defining configuration options in keystone's auth_token middleware. Namely:
project_domain_id = default
user_domain_id = default
NOTE: id = default
and:
project_
user_domain_name = Default
NOTE: name = Default.
Currently the install_guide uses:
project_
user_
Which is incorrect. It must be one of the previous examples.
For example, the swift example in the install guild should read:
[filter:
paste.
...
auth_uri = http://
auth_url = http://
memcached_servers = controller:11211
auth_type = password
project_
user_domain_name = Default
project_name = service
username = swift
password = SWIFT_PASS
delay_
OR:
[filter:
paste.
...
auth_uri = http://
auth_url = http://
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = swift
password = SWIFT_PASS
delay_
The first version (*_domain_name = Default) is a better choice as apparently the name 'Default' cannot be changed in bootstrap where the id can potentially depending on ones keystone config.
Changed in swift: | |
status: | New → Confirmed |
I have personally confirmed this with a keystone + Swift dev environment, while reviewing patch https:/ /review. openstack. org/#/c/ 454386:
firstly the default values are defined:
<snip from Colleen Murphy's comment in above patch>
The name of the default domain is defined here: git.openstack. org/cgit/ openstack/ keystone/ tree/keystone/ resource/ core.py? id=69d03670d1dd cf428063d81a0f2 5b6196650876e# n841
http://
The default ID of the default domain is defined here: git.openstack. org/cgit/ openstack/ keystone/ tree/keystone/ conf/identity. py?id=69d03670d 1ddcf428063d81a 0f25b6196650876 e#n21
http://
</snip>
So params ending in _id are default and the -name are Default.. which I find annoying. But there you go. Our sample doc uses _id = default which "should" be correct.
What do others use, well according to https:/ /docs.openstack .org/developer/ keystonemiddlew are/api/ keystonemiddlew are.auth_ token.html
it gives a sample, apparently from nova that:
[keystone_ authtoken] keystone: 35357/ ingpasswords
auth_plugin = password
auth_url = http://
username = nova
user_domain_id = default
password = whyarewestillus
project_name = service
project_domain_id = default
Which using using "default" against the *_id versions of the configuration.
Now if I pop into my test keystone server, and take a look:
(openstack) domain list -----+- ------- -+----- ----+-- ------- ------- ----+ -----+- ------- -+----- ----+-- ------- ------- ----+ -----+- ------- -+----- ----+-- ------- ------- ----+ ------- --+---- ------- ------- --+ ------- --+---- ------- ------- --+ ------- --+---- ------- ------- --+
+----
| ID | Name | Enabled | Description |
+----
| default | Default | True | The default domain |
+----
(openstack) domain show default
+----
| Field | Value |
+----
| description | The default domain |
| enabled | True |
| id | default |
| name | Default |
+----
Now lets do some keystone config tests in Swift.
First using:
[filter: authtoken] filter_ factory = keystonemiddlew are.auth_ token:filter_ factory localhost: 35357 localhost: 5000 auth_decision = True
paste.
auth_url = http://
auth_uri = http://
auth_plugin = password
project_name = service
username = swift
password = Sekr3tPass
delay_
user_domain_id = default
project_domain_id = default
It works:
$ swift stat
Account: KEY_fce1546e067 5483bb3862a54a2 ed68f6
Containers: 0
Objects: 0
Bytes: 0
X-Put- Timestamp: 1491904442.67731
X- Timestamp: 1491904442.67731
X-Trans- Id: tx0814c8d8f3694 f47a13d9- 0058eca7ba
Content- Type: text/plain; charset=utf-8 Request- Id: tx0814c8d8f3694 f47a13d9- 0058eca7ba
X-Openstack-
Change to _id = Default:
[filter: authtoken] filter_ factory = keystonemiddlew are.auth_ token:filter_ factory localhost: 35357 localhost: 5000 auth_decision = True
paste.
auth_url = http://
auth_uri = http://
auth_plugin = password
project_name = service
username = swift
password = Sekr3tPass
delay_
user_domain_id = Default
project_domain_id = Default
And:
$ swift stat
Account HEA...