diff options
author | Steve Baker <sbaker@redhat.com> | 2020-06-15 11:07:15 +1200 |
---|---|---|
committer | Steve Baker <sbaker@redhat.com> | 2020-06-15 13:05:37 +1200 |
commit | 62408b32ae945b1a5b4cc9c417057e17418f1b33 (patch) | |
tree | bfdceddb6a638405e1a18d633d9f4dcf06719d2c /doc | |
parent | 15f0dc93df6f03303f3ab3813d48fbb7da8ac0a2 (diff) | |
download | ironic-62408b32ae945b1a5b4cc9c417057e17418f1b33.tar.gz |
Document http_basic auth strategy
Change-Id: Iafb3e22e7fae84b733e2996c2512d1c9b4577359
Story: 2007656
Task: 39753
Diffstat (limited to 'doc')
-rw-r--r-- | doc/source/install/standalone.rst | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/doc/source/install/standalone.rst b/doc/source/install/standalone.rst index c1349d468..21eb7302c 100644 --- a/doc/source/install/standalone.rst +++ b/doc/source/install/standalone.rst @@ -5,12 +5,26 @@ Using Bare Metal service as a standalone service It is possible to use the Bare Metal service without other OpenStack services. You should make the following changes to ``/etc/ironic/ironic.conf``: -#. To disable usage of Identity service tokens:: +#. Choose an authentication strategy which supports standalone, one option is + ``noauth``:: [DEFAULT] ... auth_strategy=noauth + Another options is ``http_basic`` where the credentials are stored in an + `Apache htpasswd format`_ file:: + + [DEFAULT] + ... + auth_strategy=http_basic + http_basic_auth_user_file=/etc/ironic/htpasswd + + Only the ``bcrypt`` format is supported, and the Apache `htpasswd` utility can + be used to populate the file with entries, for example:: + + htpasswd -nbB myName myPassword >> /etc/ironic/htpasswd + #. If you want to disable the Networking service, you should have your network pre-configured to serve DHCP and TFTP for machines that you're deploying. To disable it, change the following lines:: @@ -62,14 +76,22 @@ Steps to start a deployment are pretty similar to those when using Compute: #. To use the :python-ironicclient-doc:`openstack baremetal CLI <cli/osc_plugin_cli.html>`, - set up these environment variables. Since no authentication strategy is - being used, the value none must be set for OS_AUTH_TYPE. OS_ENDPOINT is + set up these environment variables. If the ``noauth`` authentication strategy is + being used, the value ``none`` must be set for OS_AUTH_TYPE. OS_ENDPOINT is the URL of the ironic-api process. For example:: export OS_AUTH_TYPE=none export OS_ENDPOINT=http://localhost:6385/ + If the ``http_basic`` authentication strategy is being used, the value + ``http_basic`` must be set for OS_AUTH_TYPE. For example:: + + export OS_AUTH_TYPE=http_basic + export OS_ENDPOINT=http://localhost:6385/ + export OS_USERNAME=myUser + export OS_PASSWORD=myPassword + #. Create a node in Bare Metal service. At minimum, you must specify the driver name (for example, ``ipmi``). You can also specify all the required driver parameters in one command. This will return the node UUID:: @@ -232,3 +254,4 @@ Other references * :ref:`local-boot-without-compute` +.. _`Apache htpasswd format`: https://httpd.apache.org/docs/current/misc/password_encryptions.html |