diff options
author | Jenkins <jenkins@review.openstack.org> | 2012-12-22 20:39:42 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2012-12-22 20:39:42 +0000 |
commit | 469ff6571e49f70662107a1db393b856214eea3c (patch) | |
tree | a3a179eb130f0587301dad8b958fb32efe77041a /doc | |
parent | 4fb7ef4faf0b0ef3077c0175d158df3ab601e4bf (diff) | |
parent | e577cd60871e1810b45236d3642d60e460dc4858 (diff) | |
download | keystone-469ff6571e49f70662107a1db393b856214eea3c.tar.gz keystone-469ff6571e49f70662107a1db393b856214eea3c.tar.xz keystone-469ff6571e49f70662107a1db393b856214eea3c.zip |
Merge "Remove swift auth."
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/configuringservices.rst | 147 |
1 files changed, 2 insertions, 145 deletions
diff --git a/doc/source/configuringservices.rst b/doc/source/configuringservices.rst index 4dbba55e..2a8c1472 100644 --- a/doc/source/configuringservices.rst +++ b/doc/source/configuringservices.rst @@ -176,151 +176,8 @@ Configuring Swift to use Keystone --------------------------------- Similar to Nova, swift can be configured to use Keystone for authentication -rather than its built in 'tempauth'. - -1. Add a service endpoint for Swift to Keystone - -2. Configure the paste file for swift-proxy (`/etc/swift/swift-proxy.conf`) - -3. Reconfigure Swift's proxy server to use Keystone instead of TempAuth. - Here's an example `/etc/swift/proxy-server.conf`:: - - [DEFAULT] - bind_port = 8888 - user = <user> - - [pipeline:main] - pipeline = catch_errors healthcheck cache authtoken keystone proxy-server - - [app:proxy-server] - use = egg:swift#proxy - account_autocreate = true - - [filter:keystone] - paste.filter_factory = keystone.middleware.swift_auth:filter_factory - operator_roles = admin, swiftoperator - - [filter:authtoken] - paste.filter_factory = keystone.middleware.auth_token:filter_factory - # Delaying the auth decision is required to support token-less - # usage for anonymous referrers ('.r:*') or for tempurl/formpost - # middleware. - delay_auth_decision = 1 - auth_port = 35357 - auth_host = 127.0.0.1 - auth_token = ADMIN - admin_token = ADMIN - - [filter:cache] - use = egg:swift#memcache - set log_name = cache - - [filter:catch_errors] - use = egg:swift#catch_errors - - [filter:healthcheck] - use = egg:swift#healthcheck - -.. Note:: - Your user needs to have the role swiftoperator or admin by default - to be able to operate on an swift account or as specified by the - variable `operator_roles`. - -4. Restart swift - -5. Verify that keystone is providing authentication to Swift - - $ swift -V 2 -A http://localhost:5000/v2.0 -U admin:admin -K ADMIN stat - -.. NOTE:: - Instead of connecting to Swift here, as you would with other services, we - are connecting directly to Keystone. - -Configuring Swift with S3 emulation to use Keystone ---------------------------------------------------- - -Keystone supports validating S3 tokens using the same tokens as the -generated EC2 tokens. When you have generated a pair of EC2 access -token and secret you can access your swift cluster directly with the -S3 API. - -1. Ensure you have defined the S3 service in your `keystone.conf`. First, define the filter as follows:: - - [filter:s3_extension] - paste.filter_factory = keystone.contrib.s3:S3Extension.factory - -Then, ensure that the filter is being called by the admin_api pipeline, as follows:: - - [pipeline:admin_api] - pipeline = token_auth [....] ec2_extension s3_extension [...] - -2. Configure the paste file for swift-proxy - (`/etc/swift/swift-proxy.conf` to use S3token and Swift3 - middleware. - - Here's an example that by default communicates with keystone via https :: - - [DEFAULT] - bind_port = 8080 - user = <user> - - [pipeline:main] - pipeline = catch_errors healthcheck cache swift3 s3token authtoken keystone proxy-server - - [app:proxy-server] - use = egg:swift#proxy - account_autocreate = true - - [filter:catch_errors] - use = egg:swift#catch_errors - - [filter:healthcheck] - use = egg:swift#healthcheck - - [filter:cache] - use = egg:swift#memcache - - [filter:swift3] - use = egg:swift#swift3 - - [filter:keystone] - paste.filter_factory = keystone.middleware.swift_auth:filter_factory - operator_roles = admin, swiftoperator - - [filter:s3token] - paste.filter_factory = keystone.middleware.s3_token:filter_factory - # uncomment the following line if you don't want to use SSL - # auth_protocol = http - auth_port = 35357 - auth_host = 127.0.0.1 - - [filter:authtoken] - paste.filter_factory = keystone.middleware.auth_token:filter_factory - # uncomment the following line if you don't want to use SSL - # auth_protocol = http - auth_port = 35357 - auth_host = 127.0.0.1 - auth_token = ADMIN - admin_token = ADMIN - -3. You can then access directly your Swift via the S3 API, here's an - example with the `boto` library:: - - import boto - import boto.s3.connection - - connection = boto.connect_s3( - aws_access_key_id='<ec2 access key for user>', - aws_secret_access_key='<ec2 secret access key for user>', - port=8080, - host='localhost', - is_secure=False, - calling_format=boto.s3.connection.OrdinaryCallingFormat()) - - -.. Note:: - With the S3 middleware you are connecting to the `Swift` proxy and - not to `keystone`. +rather than its built in 'tempauth'. Refer to the `overview_auth` documentation +in Swift. Auth-Token Middleware with Username and Password ------------------------------------------------ |