Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / aabbda6e26f5a1456ec4443e62a05e4ac658c12c^! / . / README.rst
commitaabbda6e26f5a1456ec4443e62a05e4ac658c12c[log] [tgz]
authorAles Komarek <ales.komarek@tcpcloud.eu>Tue Mar 15 08:38:35 2016 +0100
committerAles Komarek <ales.komarek@tcpcloud.eu>Tue Mar 15 09:19:11 2016 +0100
treed635043a097e73439ebdf3b3db256cd4ccec5dab
parenta4081e8fdb272659f066f5c2a76e763c43515aa1 [diff] [blame]
Multi-region service endpoint support

Change-Id: I2aa6bb39e81b6128ef162ffce16d539419bd9f6d

diff --git a/README.rst b/README.rst
index 73c515a..f3c0643 100644
--- a/README.rst
+++ b/README.rst

@@ -172,11 +172,11 @@
           assignment:
             backend: sql
           ldap:
-            url: "ldaps://idm01.workshop.cloudlab.cz"
-            suffix: "dc=workshop,dc=cloudlab,dc=cz"
-            # Will bind as uid=keystone,cn=users,cn=accounts,dc=workshop,dc=cloudlab,dc=cz
+            url: "ldaps://idm.domain.com"
+            suffix: "dc=cloud,dc=domain,dc=com"
+            # Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
             uid: keystone
-            password: cloudlab
+            password: password
 
 Using LDAP backend for default domain
 
@@ -188,11 +188,53 @@
         assignment:
           backend: sql
         ldap:
-          url: "ldaps://idm01.workshop.cloudlab.cz"
-          suffix: "dc=workshop,dc=cloudlab,dc=cz"
-          # Will bind as uid=keystone,cn=users,cn=accounts,dc=workshop,dc=cloudlab,dc=cz
+          url: "ldaps://idm.domain.com"
+          suffix: "dc=cloud,dc=domain,dc=com"
+          # Will bind as uid=keystone,cn=users,cn=accounts,dc=cloud,dc=domain,dc=com
           uid: keystone
-          password: cloudlab
+          password: password
+
+Simple service endpoint definition (defaults to RegionOne)
+
+.. code-block:: yaml
+
+    keystone:
+      server:
+        service:
+          ceilometer:
+            type: metering
+            description: OpenStack Telemetry Service
+            user:
+              name: ceilometer
+              password: password
+            bind:
+              ...
+
+Region-aware service endpoints definition
+
+.. code-block:: yaml
+
+    keystone:
+      server:
+        service:
+          ceilometer_region01:
+            service: ceilometer
+            type: metering
+            region: region01
+            description: OpenStack Telemetry Service
+            user:
+              name: ceilometer
+              password: password
+            bind:
+              ...
+          ceilometer_region02:
+            service: ceilometer
+            type: metering
+            region: region02
+            description: OpenStack Telemetry Service
+            bind:
+              ...
+
 
 Read more
 =========
@@ -204,13 +246,3 @@
 * http://www.sebastien-han.fr/blog/2012/12/12/cleanup-keystone-tokens/
 * http://www-01.ibm.com/support/knowledgecenter/SS4KMC_2.2.0/com.ibm.sco.doc_2.2/t_memcached_keystone.html?lang=en
 * https://bugs.launchpad.net/tripleo/+bug/1203910
-
-Things to improve
-=================
-
-* Keystone as service provider (SP) - must be running under Apache (same as with PKI token)
-* Keystone with MongoDB backend - where is it?
-* IdP is owned by domain, domain corresponds to billable account - IdP administration
-* IdP Shiboleth alternatives - mod_auth_mellon
-
-Generally this SP/IdP stuff is a little unstable - how to let SP know identity has changed, no visibility in UI (IBM has some not in upstream yet)