[install-guide] add section on Glance+Swift config

Describes steps and prerequisites necessary to use Swift TempUrls for
downloading images from Glance.

Change-Id: Iccdad3ba4732f33162d4e065f8fc21504a8d66a8
Closes-Bug: #1628846

install-guide/source/configure-glance-swift.rst

@@ -0,0 +1,76 @@
+.. _image-store:
+
+Configure the Image service for temporary URLs
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Some drivers of the Baremetal service (in particular, any ``agent_*`` drivers,
+any new-style drivers using ``direct`` deploy interface,
+and some virtual media drivers) require target user images to be available
+over clean HTTP(S) URL with no authentication involved
+(neither username/password-based, nor token-based).
+
+When using the Baremetal service integrated in OpenStack,
+this can be achieved by specific configuration of the Image service
+and Object Storage service as described below.
+
+#. Configure the Image service to have object storage as a backend for
+   storing images.
+   For more details, please refer to the Image service configuration guide.
+
+   .. note::
+      When using Ceph+RadosGW for Object Storage service, images stored in
+      Image service must be available over Object Storage service as well.
+
+#. Enable TempURLs for the Object Storage account used by the Image service
+   for storing images in the Object Storage service.
+
+   #. Check if TempURLs are enabled:
+
+      .. code-block:: shell
+
+         # executed under credentials of the user used by Image service
+         # to access Object Storage service
+         $ openstack object store account show
+         +------------+---------------------------------------+
+         | Field      | Value                                 |
+         +------------+---------------------------------------+
+         | Account    | AUTH_bc39f1d9dcf9486899088007789ae643 |
+         | Bytes      | 536661727                             |
+         | Containers | 1                                     |
+         | Objects    | 19                                    |
+         | properties | Temp-Url-Key='secret'                 |
+         +------------+---------------------------------------+
+
+   #. If property ``Temp-Url-Key`` is set, note its value.
+
+   #. If property ``Temp-Url-Key`` is not set, you have to configure it
+      (``secret`` is used in the example below for the value):
+
+      .. code-block:: shell
+
+         $ openstack object store account set --property Temp-Url-Key=secret
+
+
+#. Configure the ironic-conductor service.
+   The configuration file is typically located at
+   ``/etc/ironic/ironic.conf``.
+   Some of the required values are available in the response of an
+   ``openstack object store account show`` command;
+   others have to match those configured in Image and Object Store services
+   configuration files. Below is a example of a minimal set of configuration
+   options to specify when Object Storage service is provided by swift
+   (check configuration file sample included within ironic
+   code ``etc/ironic/ironic.conf.sample`` for full list of available options
+   and their detailed descriptions):
+
+   .. code-block:: ini
+
+      [glance]
+
+      temp_url_endpoint_type = swift
+      swift_endpoint_url = http://openstack/swift
+      swift_account = AUTH_bc39f1d9dcf9486899088007789ae643
+      swift_container = glance
+      swift_temp_url_key = secret
+
+#. (Re)start the ironic-conductor service.

install-guide/source/configure-integration.rst

@@ -8,6 +8,7 @@ Integration with other OpenStack services
    configure-identity
    configure-compute
    configure-networking
+   configure-glance-swift
    enabling-https
    configure-cleaning
    configure-tenant-networks.rst