For IBM® Cloud Orchestrator to
access your Keystone,
the simple token extension must be installed.
About this task
Complete the following steps on the server where the
Keystone service
is installed. Refer to your
OpenStack documentation.
Procedure
- Log on to the OpenStack Controller as
a root user.
- Change directory to the directory where you store the OpenStack Controller scripts:
cd /opt/ico_scripts
- Copy the simpletoken.py file to the
middleware directory of your Keystone server.
- In the /etc/keystone/keystone.conf file,
define:
[authentication]
simple_token_header = SimpleToken
simple_token_secret = Y6A8MiJGYDr1bzZPP/kt/A==
The simple
token here must also be given the IBM Cloud Orchestrator installer as
an input parameter. The secret must be a base64 encoded value. To
generate a secret, run the following command:dd if=/dev/urandom bs=16 count=1 2>/dev/null | base64
- In /etc/keystone/keystone-paste.ini define
the filter for simple token:
[filter:simpletoken]
paste.filter_factory=keystone.middleware.simpletoken:SimpleTokenAuthentication.factory
- In the /etc/keystone/keystone-paste.ini file,
add the filter to the pipeline that you want to run. The filter must
come after the json_body and xml_body filters,
but before the actual application in the pipelines [pipeline:public_api], [pipeline:admin_api],
and [pipeline:api_v3].
- Restart Keystone by running
the following command:
sytemctl restart openstack-keystone