Since admin_token is deprecated how to bootstrap Keystone install?

asked 2015-12-03 14:46:05 -0500

Rodney gravatar image

As per http://docs.openstack.org/liberty/config-reference/content/keystone-configuration-file.html (Identity service configuration file of OpenStack Configuration Reference) the following option:

*admin_token * -

This option is deprecated and may be removed in a future release...This option should not be used, use admin_user and admin_password instead

All the install guides and other documents still show setting admin_token for the initial install and bootstrapping. Should admin_user be used instead during the first install and bootstrap?

After the initial install should admin_user and admin_password options be removed in preference of a service account that was created instead?

What if admin_user option and admin_password are left in place? Is it the same security risk as admin_token was? If I create a user with the same name as admin_user but a different password from admin_password what would happen?

edit retag flag offensive close merge delete