From ca81de658394c545c784c40dd7369b75bc6e3a2d Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Fri, 18 Oct 2013 09:23:38 -0400
Subject: [PATCH] Add auth_token settings to cinder.conf.sample.

Updates our example config file so that it includes configuration
settings for the auth_token middleware.

A step towards using cinder.conf instead of the api-paste.ini config file
for authtoken configuration.

Once https://review.openstack.org/#/c/52259/ lands I'll push another
review which removes the settings from api-paste.ini (which takes priority).

Related-Bug #1240753

Change-Id: I6636d33ee522757145ac97fc354324a8b9379700
---
 etc/cinder/cinder.conf.sample | 29 +++++++++++++++++++++++++++++
 tools/conf/generate_sample.sh | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+)

diff --git a/etc/cinder/cinder.conf.sample b/etc/cinder/cinder.conf.sample
index 1cedb846be5..fb6b6b532c0 100644
--- a/etc/cinder/cinder.conf.sample
+++ b/etc/cinder/cinder.conf.sample
@@ -1778,3 +1778,32 @@
 #volume_dd_blocksize=1M
 
 
+[keystone_authtoken]
+
+#
+# Options defined in keystoneclient's authtoken middleware
+#
+
+# Host providing the admin Identity API endpoint
+auth_host = 127.0.0.1
+
+# Port of the admin Identity API endpoint
+auth_port = 35357
+
+# Protocol of the admin Identity API endpoint
+auth_protocol = http
+
+# Keystone service account tenant name to validate user tokens
+admin_tenant_name = %SERVICE_TENANT_NAME%
+
+# Keystone account username
+admin_user = %SERVICE_USER%
+
+# Keystone account password
+admin_password = %SERVICE_PASSWORD%
+
+# Directory used to cache files related to PKI tokens
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the cinder process is running as.
+#signing_dir = /var/lib/cinder/keystone-signing
diff --git a/tools/conf/generate_sample.sh b/tools/conf/generate_sample.sh
index 0cbd777a78d..e0f9542100b 100755
--- a/tools/conf/generate_sample.sh
+++ b/tools/conf/generate_sample.sh
@@ -49,3 +49,35 @@ PYTHONPATH=./:${PYTHONPATH} \
 
 # When we use openstack.common.config.generate we won't need this any more
 sed -i 's/^#connection=sqlite.*/#connection=sqlite:\/\/\/\/cinder\/openstack\/common\/db\/$sqlite_db/' $OUTPUTFILE
+
+cat >> $OUTPUTFILE <<-EOF_CAT
+[keystone_authtoken]
+
+#
+# Options defined in keystoneclient's authtoken middleware
+#
+
+# Host providing the admin Identity API endpoint
+auth_host = 127.0.0.1
+
+# Port of the admin Identity API endpoint
+auth_port = 35357
+
+# Protocol of the admin Identity API endpoint
+auth_protocol = http
+
+# Keystone service account tenant name to validate user tokens
+admin_tenant_name = %SERVICE_TENANT_NAME%
+
+# Keystone account username
+admin_user = %SERVICE_USER%
+
+# Keystone account password
+admin_password = %SERVICE_PASSWORD%
+
+# Directory used to cache files related to PKI tokens
+# signing_dir is configurable, but the default behavior of the authtoken
+# middleware should be sufficient.  It will create a temporary directory
+# in the home directory for the user the cinder process is running as.
+#signing_dir = /var/lib/cinder/keystone-signing
+EOF_CAT