Chapter 4. Setting up an authentication method for RHOSP
The high availability fence agents and resource agents support three authentication methods for communicating with RHOSP:
-
Authentication with a
clouds.yaml
configuration file - Authentication with an OpenRC environment script
-
Authentication with a
username
and password through Pacemaker
After determining the authentication method to use for the cluster, specify the appropriate authentication parameters when creating a fencing or cluster resource.
4.1. Authenticating with RHOSP by using a clouds.yaml
file
The procedures in this document that use a a clouds.yaml
file for authentication use the clouds.yaml
file shown in this procedure. Those procedures specify ha-example
for the cloud= parameter
, as defined in this file.
Procedure
On each node that will be part of your cluster, create a
clouds.yaml
file, as in the following example. For information about creating aclouds.yaml
file, see Users and Identity Management Guide.$ cat .config/openstack/clouds.yaml clouds: ha-example: auth: auth_url: https://<ip_address>:13000/ project_name: rainbow username: unicorns password: <password> user_domain_name: Default project_domain_name: Default <. . . additional options . . .> region_name: regionOne verify: False
Test whether authentication is successful and you have access to the RHOSP API with the following basic RHOSP command, substituting the name of the cloud you specified in the
clouds.yaml
file you created forha-example
. If this command does not display a server list, contact your RHOSP administrator.$ openstack --os-cloud=ha-example server list
- Specify the cloud parameter when creating a cluster resource or a fencing resource.
4.2. Authenticating with RHOSP by using an OpenRC environment script
To use an OpenRC environment script to authenticate with RHOSP, perform the following steps.
Procedure
- On each node that will be part of your cluster, configure an OpenRC environment script. For information about creating an OpenRC environment script, see Set environment variables using the OpenStack RC file.
Test whether authentication is successful and you have access to the RHOSP API with the following basic RHOSP command. If this command does not display a server list, contact your RHOSP administrator.
$ openstack server list
-
Specify the
openrc
parameter when creating a cluster resource or a fencing resource.
4.3. Authenticating with RHOSP by means of a username
and password
To authenticate with RHOSP by means of a username
and password, specify the username
, password
, and auth_url
parameters for a cluster resource or a fencing resource when you create the resource. Additional authentication parameters may be required, depending on the RHOSP configuration. The RHOSP administrator provides the authentication parameters to use.