From 086b09b75e8b0a1c75c687669b06dabe2ba66ff5 Mon Sep 17 00:00:00 2001
From: annegentle <anne@openstack.org>
Date: Fri, 7 Dec 2012 13:02:09 -0600
Subject: [PATCH] Adds configuration information for tenant-specific image
 storage backed by object storage

fix bug 1068377

Change-Id: I07f6933b499df4bcbf01d8fc935f2a03d62159d7
---
 doc/src/docbkx/common/ch_image_mgmt.xml       |  1 +
 .../common/tenant-specific-image-storage.xml  | 36 +++++++++++++++++++
 2 files changed, 37 insertions(+)
 create mode 100644 doc/src/docbkx/common/tenant-specific-image-storage.xml

diff --git a/doc/src/docbkx/common/ch_image_mgmt.xml b/doc/src/docbkx/common/ch_image_mgmt.xml
index 60fbcc2e16d..4645698cada 100644
--- a/doc/src/docbkx/common/ch_image_mgmt.xml
+++ b/doc/src/docbkx/common/ch_image_mgmt.xml
@@ -49,6 +49,7 @@
         the Identity service, plus you have sourced the environment
         variables required by the nova client and glance
         client.</para>
+    <xi:include href="tenant-specific-image-storage.xml"></xi:include>
     <xi:include href="adding-images.xml"/>
     <section xml:id="starting-images">
         <title>Getting virtual machine images</title>
diff --git a/doc/src/docbkx/common/tenant-specific-image-storage.xml b/doc/src/docbkx/common/tenant-specific-image-storage.xml
new file mode 100644
index 00000000000..cc188b45db8
--- /dev/null
+++ b/doc/src/docbkx/common/tenant-specific-image-storage.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<section xmlns="http://docbook.org/ns/docbook"
+    xmlns:xi="http://www.w3.org/2001/XInclude"
+    xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
+    xml:id="configuring-tenant-specific-storage-for-images">
+    <title>Configuring Tenant-specific Storage Locations for Images
+        with Object Storage</title>
+    <para>For some deployers, storing all images in a single place for
+        all tenants and users to access is not ideal. To enable access
+        control to specific images for cloud users, you can configure
+        the Image service with the ability to store image data in the
+        image owner-specific locations.</para>
+    <para>These are the relevant configuration options in the
+            <filename>glance-api.conf</filename> file:</para>
+    <itemizedlist>
+        <listitem>
+            <para>swift_store_multi_tenant: this must be set to 'True'
+                to enable tenant-specific storage locations (it
+                defaults to 'False').</para>
+        </listitem>
+        <listitem>
+            <para>swift_store_admin_tenants: this is a list of
+                tenants, referenced by id, that should be granted read
+                and write access to all Object Storage containers
+                created by the Image service.</para>
+        </listitem>
+    </itemizedlist>
+    <para>Assuming you configured 'swift' as your default_store in
+            <filename>glance-api.conf</filename> and you enable this
+        feature as described above, images will be stored in an Object
+        Storage service (swift) endpoint pulled from the authenticated
+        user's service_catalog. The created image data will only be
+        accessible through the Image service by the tenant that owns
+        it and any tenants defined in swift_store_admin_tenants that
+        are identified as having admin-level accounts.</para>
+</section>