Language and Page Formatting Options

Chapter 4. Authentication methods for RHOSP

The high availability fence agents and resource agents support three distinct authentication methods for communicating with RHOSP:

  • A clouds.yaml configuration file
  • An OpenRC environment script
  • User name and password authentication through Pacemaker

After determining the authentication method to use for the cluster, specify the appropriate authentication parameters when creating a fencing or cluster resource.

4.1. Authentication with a clouds.yaml file

To use a clouds.yaml file to authenticate with RHOSP, perform the following steps.

Procedure

  1. On each node that will be part of your cluster, set up a clouds.yaml file. For information on creating a clouds.yaml file, see Users and Identity Management Guide.

    The clouds.yaml file for the procedures in this document that use a clouds.yaml file for authentication is as follows. Those procedures specify ha-example for the cloud= parameter, as defined in this file.

    $ cat .config/openstack/clouds.yaml
    clouds:
      ha-example:
        auth:
          auth_url: https://<ip_address>:13000/
          project_name: rainbow
          username: unicorns
          password: <password>
          user_domain_name: Default
          project_domain_name: Default
      <. . . additional options . . .>
      region_name: regionOne
      verify: False
  2. Test whether authentication is successful and you have access to the RHOSP API with the following basic RHOSP command, substituting the name of the cloud you specified in the clouds.yaml file you created for ha-example. If this command does not successfully display a server list, contact your RHOSP administrator.

    $ openstack --os-cloud=ha-example server list
  3. Specify the cloud parameter when creating a cluster resource or a fencing resource.

4.2. Authentication with an OpenRC environment script

To use an OpenRC environment script to authenticate with RHOSP, perform the following steps.

Procedure

  1. On each node that will be part of your cluster, configure an OpenRC environment script. For information on creating an OpenRC environment script, see Set environment variables using the OpenStack RC file.
  2. Test whether authentication is successful and you have access to the RHOSP API with the following basic RHOSP command. If this command does not successfully display a server list, contact your RHOSP administrator.

    $ openstack server list
  3. Specify the openrc parameter when creating a cluster resource or a fencing resource.

4.3. Authentication with a user name and password

To authenticate with RHOSP by means of a user name and password, specify the username, password, and auth_url parameters for a cluster resource or a fencing resource when you create the resource. Additional authentication parameters may be required, depending on the RHOSP configuration. The RHOSP administrator provides the authentication parameters to use.