12.5. Configure Telemetry Service Authentication

⁠12.5. Configure Telemetry Service Authentication

After creating and configuring the required Telemetry service users and roles (namely, Identity records), configure the Telemetry API service (openstack-ceilometer-api) to authenticate with the Identity service. Doing so involves setting the required Identity credentials in the /etc/ceilometer/ceilometer.conf configuration file.

To configure the required Identity credentials for the Telemetry API service, perform the following procedure.

⁠

Procedure 12.2. Configuring the Telemetry service to authenticate through the Identity service

Set the Telemetry service's authentication host (auth_host) configuration key:
```
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken auth_host IP
```
Replace IP with the IP address or host name of the Identity server.
Set the Telemetry service's authentication port (auth_port) configuration key:
```
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken auth_port PORT
```
Replace PORT with the authentication port used by the Identity server.

Set the Telemetry service to use the http protocol for authenticating:

# openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken auth_protocol PORT

Set the Telemetry service to authenticate as the correct tenant:
```
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken admin_tenant_name services
```
Where services is the name of the tenant created for the use of the Telemetry service. Examples in this guide use services.

Set the Telemetry service to authenticate using the ceilometer administration user account:

# openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken admin_user ceilometer

Set the Telemetry service to use the correct ceilometer administration user account password:
```
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken admin_password SERVICE_PASSWORD
```
Where SERVICE_PASSWORD is the password set during the creation of the ceilometer user.
Set the Telemetry secret. This is a string used to help secure communication between all components of the Telemetry service across multiple hosts (for example, between the Collector agent and a Compute node agent). To set the Telemetry secret:
```
# openstack-config --set /etc/ceilometer/ceilometer.conf \
	publisher_rpc metering_secret SECRET
```
Replace SECRET with the string that all Telemetry service components should use to sign and verify messages that are sent or received over AMQP.

After configuring the credentials of the Telemetry API service, configure the service endpoints to be used by the Central agent, Compute agents, and Alarm Evaluator. To do so, run the following commands on each host where these components are deployed:

# openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_auth_url http://IP:35357/v2.0
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_username ceilometer
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_tenant_name services   
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_password SERVICE_PASSWORD

Where:

IP is the IP address or host name of the Identity server.
SERVICE_PASSWORD is the password set during the creation of the ceilometer user.