Add auth_token settings to cinder.conf.sample.

Updates our example config file so that it includes configuration settings for the auth_token middleware. A step towards using cinder.conf instead of the api-paste.ini config file for authtoken configuration. Once https://review.openstack.org/#/c/52259/ lands I'll push another review which removes the settings from api-paste.ini (which takes priority). Related-Bug #1240753 Change-Id: I6636d33ee522757145ac97fc354324a8b9379700
openstack · Oct 18, 2013 · ca81de6 · ca81de6
1 parent 9b599d0
commit ca81de6
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 0 deletions.
diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
@@ -1778,3 +1778,32 @@
 #volume_dd_blocksize=1M
 
 
+[keystone_authtoken]
+
+#
+# Options defined in keystoneclient's authtoken middleware
+#
+
+# Host providing the admin Identity API endpoint
+auth_host = 127.0.0.1
+
+# Port of the admin Identity API endpoint
+auth_port = 35357
+
+# Protocol of the admin Identity API endpoint
+auth_protocol = http
+
+# Keystone service account tenant name to validate user tokens
+admin_tenant_name = %SERVICE_TENANT_NAME%
+
+# Keystone account username
+admin_user = %SERVICE_USER%
+
+# Keystone account password
+admin_password = %SERVICE_PASSWORD%
+
+# Directory used to cache files related to PKI tokens
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the cinder process is running as.
+#signing_dir = /var/lib/cinder/keystone-signing
diff --git a/tools/conf/generate_sample.sh b/tools/conf/generate_sample.sh
@@ -49,3 +49,35 @@ PYTHONPATH=./:${PYTHONPATH} \
 
 # When we use openstack.common.config.generate we won't need this any more
 sed -i 's/^#connection=sqlite.*/#connection=sqlite:\/\/\/\/cinder\/openstack\/common\/db\/$sqlite_db/' $OUTPUTFILE
+
+cat >> $OUTPUTFILE <<-EOF_CAT
+[keystone_authtoken]
+
+#
+# Options defined in keystoneclient's authtoken middleware
+#
+
+# Host providing the admin Identity API endpoint
+auth_host = 127.0.0.1
+
+# Port of the admin Identity API endpoint
+auth_port = 35357
+
+# Protocol of the admin Identity API endpoint
+auth_protocol = http
+
+# Keystone service account tenant name to validate user tokens
+admin_tenant_name = %SERVICE_TENANT_NAME%
+
+# Keystone account username
+admin_user = %SERVICE_USER%
+
+# Keystone account password
+admin_password = %SERVICE_PASSWORD%
+
+# Directory used to cache files related to PKI tokens
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the cinder process is running as.
+#signing_dir = /var/lib/cinder/keystone-signing
+EOF_CAT