49c5d1daf9
Add draft directory but hide the link on the index.rst so a preview build is available for patch reviews Change-Id: I40fdd4e6c0301c05641fc63643b40f409d5361c3 Implements: blueprint osa-install-guide-overhaul
41 lines
1.3 KiB
ReStructuredText
41 lines
1.3 KiB
ReStructuredText
`Home <index.html>`_ OpenStack-Ansible Installation Guide
|
|
|
|
Configuring service credentials
|
|
===============================
|
|
|
|
Configure credentials for each service in the
|
|
``/etc/openstack_deploy/*_secrets.yml`` files. Consider using `Ansible
|
|
Vault <http://docs.ansible.com/playbooks_vault.html>`_ to increase
|
|
security by encrypting any files containing credentials.
|
|
|
|
Adjust permissions on these files to restrict access by non-privileged
|
|
users.
|
|
|
|
Note that the following options configure passwords for the web
|
|
interfaces:
|
|
|
|
- ``keystone_auth_admin_password`` configures the ``admin`` tenant
|
|
password for both the OpenStack API and dashboard access.
|
|
|
|
.. note::
|
|
|
|
We recommend using the ``pw-token-gen.py`` script to generate random
|
|
values for the variables in each file that contains service credentials:
|
|
|
|
.. code-block:: shell-session
|
|
|
|
# cd /opt/openstack-ansible/scripts
|
|
# python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
|
|
|
|
To regenerate existing passwords, add the ``--regen`` flag.
|
|
|
|
.. warning::
|
|
|
|
The playbooks do not currently manage changing passwords in an existing
|
|
environment. Changing passwords and re-running the playbooks will fail
|
|
and may break your OpenStack environment.
|
|
|
|
--------------
|
|
|
|
.. include:: navigation.txt
|