12.6. Configure Telemetry Service Authentication

Procedure 12.4. Configuring the Telemetry Service to Authenticate Through the Identity Service

1. Set the Identity service host that the Telemetry API service must use:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      keystone_authtoken auth_host IP

   Copy to Clipboard Toggle word wrap
   Replace IP with the IP address or host name of the server hosting the Identity service.
2. Set the authentication port that the Telemetry API service must use:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      keystone_authtoken auth_port PORT

   Copy to Clipboard Toggle word wrap
   Replace PORT with the authentication port used by the Identity service, usually 35357.
3. Set the Telemetry API service to use the http protocol for authenticating:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      keystone_authtoken auth_protocol http

   Copy to Clipboard Toggle word wrap
4. Set the Telemetry API service to authenticate as the correct tenant:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      keystone_authtoken admin_tenant_name services

   Copy to Clipboard Toggle word wrap
   Replace services with the name of the tenant created for the use of the Telemetry service. Examples in this guide use services.
5. Set the Telemetry service to authenticate using the ceilometer administrative user account:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      keystone_authtoken admin_user ceilometer

   Copy to Clipboard Toggle word wrap
6. Set the Telemetry service to use the correct ceilometer administrative user account password:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      keystone_authtoken admin_password PASSWORD

   Copy to Clipboard Toggle word wrap
   Replace PASSWORD with the password set when the ceilometer user was created.
7. The Telemetry secret is a string used to help secure communication between all components of the Telemetry service across multiple hosts (for example, between the Collector agent and a Compute node agent). Set the Telemetry secret:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      publisher_rpc metering_secret SECRET

   Copy to Clipboard Toggle word wrap
   Replace SECRET with the string that all Telemetry service components should use to sign and verify messages that are sent or received over AMQP.
8. Configure the service endpoints to be used by the Central agent, Compute agents, and Evaluator on the host where each component is deployed:

   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      DEFAULT os_auth_url http://IP:35357/v2.0
   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      DEFAULT os_username ceilometer
   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      DEFAULT os_tenant_name services   
   # openstack-config --set /etc/ceilometer/ceilometer.conf \
      DEFAULT os_password PASSWORD

   Copy to Clipboard Toggle word wrap
   Replace the following values:
   • Replace IP with the IP address or host name of the server hosting the Identity service.
   • Replace PASSWORD with the password set when the ceilometer user was created.