| Dean Troyer | 0986a7b | 2014-10-29 22:08:13 -0500 | [diff] [blame] | 1 | ===================================== |
| 2 | openrc - User Authentication Settings |
| 3 | ===================================== |
| Sean M. Collins | 09e550c | 2014-10-21 11:40:08 -0400 | [diff] [blame] | 4 | |
| 5 | ``openrc`` configures login credentials suitable for use with the |
| 6 | OpenStack command-line tools. ``openrc`` sources ``stackrc`` at the |
| 7 | beginning (which in turn sources the ``localrc`` setion of |
| 8 | ``local.conf``) in order to pick up ``HOST_IP`` and/or ``SERVICE_HOST`` |
| 9 | to use in the endpoints. The values shown below are the default values. |
| 10 | |
| Dean Troyer | ea3cdfa | 2014-11-08 08:29:16 -0600 | [diff] [blame] | 11 | OS\_PROJECT\_NAME (OS\_TENANT\_NAME) |
| 12 | Keystone has |
| 13 | standardized the term *project* as the entity that owns resources. In |
| 14 | some places references still exist to the previous term |
| 15 | *tenant* for this use. Also, *project\_name* is preferred to |
| 16 | *project\_id*. OS\_TENANT\_NAME remains supported for compatibility |
| 17 | with older tools. |
| Sean M. Collins | 09e550c | 2014-10-21 11:40:08 -0400 | [diff] [blame] | 18 | |
| 19 | :: |
| 20 | |
| Dean Troyer | ea3cdfa | 2014-11-08 08:29:16 -0600 | [diff] [blame] | 21 | OS_PROJECT_NAME=demo |
| Sean M. Collins | 09e550c | 2014-10-21 11:40:08 -0400 | [diff] [blame] | 22 | |
| 23 | OS\_USERNAME |
| Dean Troyer | ea3cdfa | 2014-11-08 08:29:16 -0600 | [diff] [blame] | 24 | In addition to the owning entity (project), OpenStack calls the entity |
| 25 | performing the action *user*. |
| Sean M. Collins | 09e550c | 2014-10-21 11:40:08 -0400 | [diff] [blame] | 26 | |
| 27 | :: |
| 28 | |
| 29 | OS_USERNAME=demo |
| 30 | |
| 31 | OS\_PASSWORD |
| Dean Troyer | ea3cdfa | 2014-11-08 08:29:16 -0600 | [diff] [blame] | 32 | Keystone's default authentication requires a password be provided. |
| 33 | The usual cautions about putting passwords in environment variables |
| 34 | apply, for most DevStack uses this may be an acceptable tradeoff. |
| Sean M. Collins | 09e550c | 2014-10-21 11:40:08 -0400 | [diff] [blame] | 35 | |
| 36 | :: |
| 37 | |
| 38 | OS_PASSWORD=secrete |
| 39 | |
| 40 | HOST\_IP, SERVICE\_HOST |
| 41 | Set API endpoint host using ``HOST_IP``. ``SERVICE_HOST`` may also |
| 42 | be used to specify the endpoint, which is convenient for some |
| Dean Troyer | ea3cdfa | 2014-11-08 08:29:16 -0600 | [diff] [blame] | 43 | ``local.conf`` configurations. Typically, ``HOST_IP`` is set in the |
| Sean M. Collins | 09e550c | 2014-10-21 11:40:08 -0400 | [diff] [blame] | 44 | ``localrc`` section. |
| 45 | |
| 46 | :: |
| 47 | |
| 48 | HOST_IP=127.0.0.1 |
| 49 | SERVICE_HOST=$HOST_IP |
| 50 | |
| 51 | OS\_AUTH\_URL |
| 52 | Authenticating against an OpenStack cloud using Keystone returns a |
| 53 | *Token* and *Service Catalog*. The catalog contains the endpoints |
| 54 | for all services the user/tenant has access to - including Nova, |
| 55 | Glance, Keystone and Swift. |
| 56 | |
| 57 | :: |
| 58 | |
| 59 | OS_AUTH_URL=http://$SERVICE_HOST:5000/v2.0 |
| 60 | |
| Sean M. Collins | 09e550c | 2014-10-21 11:40:08 -0400 | [diff] [blame] | 61 | KEYSTONECLIENT\_DEBUG, NOVACLIENT\_DEBUG |
| 62 | Set command-line client log level to ``DEBUG``. These are commented |
| 63 | out by default. |
| 64 | |
| 65 | :: |
| 66 | |
| 67 | # export KEYSTONECLIENT_DEBUG=1 |
| 68 | # export NOVACLIENT_DEBUG=1 |