Chapter 4. Setting up an authentication method for RHOSP
The high availability fence agents and resource agents support three authentication methods for communicating with RHOSP:
-
Authentication with a
clouds.yamlconfiguration file - Authentication with an OpenRC environment script
-
Authentication with a
usernameand password through Pacemaker
After determining the authentication method to use for the cluster, specify the appropriate authentication parameters when creating a fencing or cluster resource.
4.1. Authenticating with RHOSP by using a clouds.yaml file
The procedures in this document that use a a clouds.yaml file for authentication use the clouds.yaml file shown in this procedure. Those procedures specify ha-example for the cloud= parameter, as defined in this file.
Procedure
On each node that will be part of your cluster, create a
clouds.yamlfile, as in the following example. For information about creating aclouds.yamlfile, see Users and Identity Management Guide.$ cat .config/openstack/clouds.yaml clouds: ha-example: auth: auth_url: https://<ip_address>:13000/ project_name: rainbow username: unicorns password: <password> user_domain_name: Default project_domain_name: Default <. . . additional options . . .> region_name: regionOne verify: FalseTest whether authentication is successful and you have access to the RHOSP API with the following basic RHOSP command, substituting the name of the cloud you specified in the
clouds.yamlfile you created forha-example. If this command does not display a server list, contact your RHOSP administrator.$ openstack --os-cloud=ha-example server list- Specify the cloud parameter when creating a cluster resource or a fencing resource.
4.2. Authenticating with RHOSP by using an OpenRC environment script
To use an OpenRC environment script to authenticate with RHOSP, perform the following steps.
Procedure
- On each node that will be part of your cluster, configure an OpenRC environment script. For information about creating an OpenRC environment script, see Set environment variables using the OpenStack RC file.
Test whether authentication is successful and you have access to the RHOSP API with the following basic RHOSP command. If this command does not display a server list, contact your RHOSP administrator.
$ openstack server list-
Specify the
openrcparameter when creating a cluster resource or a fencing resource.
4.3. Authenticating with RHOSP by means of a username and password
To authenticate with RHOSP by means of a username and password, specify the username, password, and auth_url parameters for a cluster resource or a fencing resource when you create the resource. Additional authentication parameters may be required, depending on the RHOSP configuration. The RHOSP administrator provides the authentication parameters to use.
