diff options
| author | Brian Waldon <bcwaldon@gmail.com> | 2012-01-19 15:30:55 -0800 |
|---|---|---|
| committer | Brian Waldon <bcwaldon@gmail.com> | 2012-01-24 10:30:32 -0800 |
| commit | 9cb5f547dc6f3242edf393928dbc14b7cbfbbdd4 (patch) | |
| tree | 0efb27538dac20c03fd86e479d7fc3ab53ed18fc /doc/source | |
| parent | 3ad3292efd7fcba7b58bc9c8b1cb84e8b00a10fa (diff) | |
| download | nova-9cb5f547dc6f3242edf393928dbc14b7cbfbbdd4.tar.gz nova-9cb5f547dc6f3242edf393928dbc14b7cbfbbdd4.tar.xz nova-9cb5f547dc6f3242edf393928dbc14b7cbfbbdd4.zip | |
Remove admin_only ext attr in favor of authz
Working on blueprint separate-nova-adminapi. This removes the
admin_only extension attribute and the allow_admin_api flag. The
approach we're going for now is to load all extensions, but
to set an admin-only rule in our policy file for those extensions
that should be limited to just admin users. Now that all of our
admin api code has been moved to extensions, in order to
prevent admin api code from being loaded, simply remove it from
the extension list.
Change-Id: Ic574e06af44922ba764013b769077fc5099fd1a2
Diffstat (limited to 'doc/source')
| -rw-r--r-- | doc/source/devref/distributed_scheduler.rst | 2 | ||||
| -rw-r--r-- | doc/source/devref/zone.rst | 2 |
2 files changed, 0 insertions, 4 deletions
diff --git a/doc/source/devref/distributed_scheduler.rst b/doc/source/devref/distributed_scheduler.rst index 7a631d69f..a185095be 100644 --- a/doc/source/devref/distributed_scheduler.rst +++ b/doc/source/devref/distributed_scheduler.rst @@ -164,14 +164,12 @@ All this Zone and Distributed Scheduler stuff can seem a little daunting to conf :: - --allow_admin_api=true --enable_zone_routing=true --zone_name=zone1 --build_plan_encryption_key=c286696d887c9aa0611bbb3e2025a45b --scheduler_driver=nova.scheduler.base_scheduler.BaseScheduler --default_host_filter=nova.scheduler.filters.AllHostsFilter -`--allow_admin_api` must be set for OS API to enable the new `/zones/*` commands. `--enable_zone_routing` must be set for OS API commands such as `create()`, `pause()` and `delete()` to get routed from Zone to Zone when looking for instances. `--zone_name` is only required in child Zones. The default Zone name is `nova`, but you may want to name your child Zones something useful. Duplicate Zone names are not an issue. `build_plan_encryption_key` is the SHA-256 key for encrypting/decrypting the Host information when it leaves a Zone. Be sure to change this key for each Zone you create. Do not duplicate keys. diff --git a/doc/source/devref/zone.rst b/doc/source/devref/zone.rst index 3dc0f80fd..241cbf46c 100644 --- a/doc/source/devref/zone.rst +++ b/doc/source/devref/zone.rst @@ -55,8 +55,6 @@ Zone administrative operations are usually done using python-novaclient_ .. _python-novaclient: https://github.com/rackspace/python-novaclient -In order to use the Zone operations, be sure to enable administrator operations in OpenStack API by setting the `--allow_admin_api=true` flag. - Finally you need to enable Zone Forwarding. This will be used by the Distributed Scheduler initiative currently underway. Set `--enable_zone_routing=true` to enable this feature. Find out about this Zone |