55155f301e
As per discussion in the OSA docs summit session, clean up of installation guide. This fixes typos, minor RST mark up changes, and passive voice. This patch also merges a some of the sections into the larger chapter. This is in an effort to remove multiple smaller files. This patch is the first of many to avoid major conflicts. Change-Id: I2b1582812e638e2b3b455b7c34b93d13e08a168a
41 lines
1.3 KiB
ReStructuredText
41 lines
1.3 KiB
ReStructuredText
`Home <index.html>`_ OpenStack-Ansible Installation Guide
|
|
|
|
Configuring service credentials
|
|
===============================
|
|
|
|
Configure credentials for each service in the
|
|
``/etc/openstack_deploy/*_secrets.yml`` files. Consider using `Ansible
|
|
Vault <http://docs.ansible.com/playbooks_vault.html>`_ to increase
|
|
security by encrypting any files containing credentials.
|
|
|
|
Adjust permissions on these files to restrict access by non-privileged
|
|
users.
|
|
|
|
Note that the following options configure passwords for the web
|
|
interfaces:
|
|
|
|
- ``keystone_auth_admin_password`` configures the ``admin`` tenant
|
|
password for both the OpenStack API and dashboard access.
|
|
|
|
.. note::
|
|
|
|
We recommend using the ``pw-token-gen.py`` script to generate random
|
|
values for the variables in each file that contains service credentials:
|
|
|
|
.. code-block:: shell-session
|
|
|
|
# cd /opt/openstack-ansible/scripts
|
|
# python pw-token-gen.py --file /etc/openstack_deploy/user_secrets.yml
|
|
|
|
To regenerate existing passwords, add the ``--regen`` flag.
|
|
|
|
.. warning::
|
|
|
|
The playbooks do not currently manage changing passwords in an existing
|
|
environment. Changing passwords and re-running the playbooks will fail
|
|
and may break your OpenStack environment.
|
|
|
|
--------------
|
|
|
|
.. include:: navigation.txt
|