12.6. Configure Telemetry Service Authentication

Configure the Telemetry API service (openstack-ceilometer-api) to use the Identity service for authentication. All steps in this procedure must be performed on the server hosting the Telemetry API service, while logged in as the root user.

Procedure 12.4. Configuring the Telemetry Service to Authenticate Through the Identity Service

  1. Set the Identity service host that the Telemetry API service must use: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken auth_host IP
    Replace IP with the IP address or host name of the server hosting the Identity service.
  2. Set the authentication port that the Telemetry API service must use: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken auth_port PORT
    Replace PORT with the authentication port used by the Identity service, usually 35357.
  3. Set the Telemetry API service to use the http protocol for authenticating: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken auth_protocol http
  4. Set the Telemetry API service to authenticate as the correct tenant: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken admin_tenant_name services
    Replace services with the name of the tenant created for the use of the Telemetry service. Examples in this guide use services.
  5. Set the Telemetry service to authenticate using the ceilometer administrative user account: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken admin_user ceilometer
  6. Set the Telemetry service to use the correct ceilometer administrative user account password: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   keystone_authtoken admin_password PASSWORD
    Replace PASSWORD with the password set when the ceilometer user was created.
  7. The Telemetry secret is a string used to help secure communication between all components of the Telemetry service across multiple hosts (for example, between the Collector agent and a Compute node agent). Set the Telemetry secret: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   publisher_rpc metering_secret SECRET
    Replace SECRET with the string that all Telemetry service components should use to sign and verify messages that are sent or received over AMQP.
  8. Configure the service endpoints to be used by the Central agent, Compute agents, and Evaluator on the host where each component is deployed: 
    # openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_auth_url http://IP:35357/v2.0
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_username ceilometer
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_tenant_name services   
# openstack-config --set /etc/ceilometer/ceilometer.conf \
   DEFAULT os_password PASSWORD
    Replace the following values:
    • Replace IP with the IP address or host name of the server hosting the Identity service.
    • Replace PASSWORD with the password set when the ceilometer user was created.