Configuring Drydock

Drydock uses an INI-like standard oslo_config file. A sample file can be generated via tox:

$ tox -e genconfig

Customize your configuration based on the information below

Keystone Integration

Drydock requires a service account to use for validating client tokens:

$ openstack domain create 'ucp'
$ openstack project create --domain 'ucp' 'service'
$ openstack user create --domain ucp --project service --project-domain 'ucp' --password drydock drydock
$ openstack role add --project-domain ucp --user-domain ucp --user drydock --project service admin

The service account must then be included in the drydock.conf:

auth_uri = http://<keystone_ip>:5000/v3
auth_version = 3
delay_auth_decision = true
auth_type = password
auth_section = keystone_authtoken_password
auth_url = http://<keystone_ip>:5000
project_name = service
project_domain_name = ucp
user_name = drydock
user_domain_name = ucp
password = drydock

MaaS Integration

Drydock uses Canonical MaaS to provision new nodes. This requires a running MaaS instance and providing Drydock with the address and credentials. The MaaS API enforces authentication via a API key generated by MaaS and used to sign API calls. Configure Drydock with the MaaS API URL and a valid API key.:

maas_api_url = http://<maas_ip>:<maas_port>/MAAS
maas_api_key = <valid API key>