Explain the configuration of `rgw keystone admin user`, tenant and
password which avoids the need for setting the keystone admin token
shared secret in ceph configuration, since this token is recommended to
be disabled in production environments.
Fixes: #13066, #13519
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
This, unfortunately, introduces possible double lookups, but
they should be cached. Also, the logic appears somewhat convoluted,
although the intent is quite simple: if you're an OpenStack user
with a Keystone authentication, we allow an implicit tenant of
the same name as the user.
Signed-off-by: Pete Zaitcev <zaitcev@redhat.com>
Conflicts:
src/rgw/rgw_swift.cc
Adding info about `rgw keystone verify ssl` to configuration reference,
also adding a note in rgw keystone to explain the usage.
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
Update the OpenStack doc with more options, recommendations and best
practices.
Update the Keystone configuration for the Kilo release with Rados
Gateway.
Signed-off-by: Sébastien Han <seb@redhat.com>
