You can also configure Identity authentication middleware using the
admin_user
and admin_password
options.
Note
The admin_token
option is deprecated and no longer used for
configuring auth_token middleware.
For services that have a separate paste-deploy .ini
file, you can
configure the authentication middleware in the [keystone_authtoken]
section of the main configuration file, such as nova.conf
. In
Compute, for example, you can remove the middleware parameters from
api-paste.ini
, as follows:
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
And set the following values in nova.conf
as follows:
[DEFAULT]
# ...
auth_strategy=keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/v3
identity_uri = http://controller:35357
admin_user = admin
admin_password = SuperSekretPassword
admin_tenant_name = service
Note
The middleware parameters in the paste config take priority. You
must remove them to use the values in the [keystone_authtoken]
section.
Note
Comment out any auth_host
, auth_port
, and
auth_protocol
options because the identity_uri
option
replaces them.
This sample paste config filter makes use of the admin_user
and
admin_password
options:
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://controller:5000/v3
identity_uri = http://controller:35357
auth_token = 012345SECRET99TOKEN012345
admin_user = admin
admin_password = keystone123
Note
Using this option requires an admin project/role relationship. The admin user is granted access to the admin role on the admin project.
Note
Comment out any auth_host
, auth_port
, and
auth_protocol
options because the identity_uri
option
replaces them.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.