From 9cb5f547dc6f3242edf393928dbc14b7cbfbbdd4 Mon Sep 17 00:00:00 2001 From: Brian Waldon Date: Thu, 19 Jan 2012 15:30:55 -0800 Subject: Remove admin_only ext attr in favor of authz Working on blueprint separate-nova-adminapi. This removes the admin_only extension attribute and the allow_admin_api flag. The approach we're going for now is to load all extensions, but to set an admin-only rule in our policy file for those extensions that should be limited to just admin users. Now that all of our admin api code has been moved to extensions, in order to prevent admin api code from being loaded, simply remove it from the extension list. Change-Id: Ic574e06af44922ba764013b769077fc5099fd1a2 --- doc/source/devref/distributed_scheduler.rst | 2 -- doc/source/devref/zone.rst | 2 -- 2 files changed, 4 deletions(-) (limited to 'doc/source') diff --git a/doc/source/devref/distributed_scheduler.rst b/doc/source/devref/distributed_scheduler.rst index 7a631d69f..a185095be 100644 --- a/doc/source/devref/distributed_scheduler.rst +++ b/doc/source/devref/distributed_scheduler.rst @@ -164,14 +164,12 @@ All this Zone and Distributed Scheduler stuff can seem a little daunting to conf :: - --allow_admin_api=true --enable_zone_routing=true --zone_name=zone1 --build_plan_encryption_key=c286696d887c9aa0611bbb3e2025a45b --scheduler_driver=nova.scheduler.base_scheduler.BaseScheduler --default_host_filter=nova.scheduler.filters.AllHostsFilter -`--allow_admin_api` must be set for OS API to enable the new `/zones/*` commands. `--enable_zone_routing` must be set for OS API commands such as `create()`, `pause()` and `delete()` to get routed from Zone to Zone when looking for instances. `--zone_name` is only required in child Zones. The default Zone name is `nova`, but you may want to name your child Zones something useful. Duplicate Zone names are not an issue. `build_plan_encryption_key` is the SHA-256 key for encrypting/decrypting the Host information when it leaves a Zone. Be sure to change this key for each Zone you create. Do not duplicate keys. diff --git a/doc/source/devref/zone.rst b/doc/source/devref/zone.rst index 3dc0f80fd..241cbf46c 100644 --- a/doc/source/devref/zone.rst +++ b/doc/source/devref/zone.rst @@ -55,8 +55,6 @@ Zone administrative operations are usually done using python-novaclient_ .. _python-novaclient: https://github.com/rackspace/python-novaclient -In order to use the Zone operations, be sure to enable administrator operations in OpenStack API by setting the `--allow_admin_api=true` flag. - Finally you need to enable Zone Forwarding. This will be used by the Distributed Scheduler initiative currently underway. Set `--enable_zone_routing=true` to enable this feature. Find out about this Zone -- cgit