After some discussion on IRC we updated blueprint. Now it's available as review here https://review.openstack.org/#/c/96429/2 Nice looking version is here http://docs-draft.openstack.org/29/96429/3/check/gate-fuel-specs-docs/d5b32d5/doc/build/html/specs/5.1/access-control-master-node.html
Blueprint was split into 4 stages so now we can implement it in smaller steps. Please comment. Regards, On Tue, May 27, 2014 at 8:41 PM, Andrew Woodward <xar...@gmail.com> wrote: > AFIK, if we implement ironic as a replacement for cobbler, we will > have Keystone on the fuel-master anyway. Supporting OAuth as an > additional authentication entry would awesome too, but I'm not sure if > there would be much demand over Keystone. > > On Tue, May 27, 2014 at 8:31 AM, Lukasz Oles <lo...@mirantis.com> wrote: > > There is some misunderstanding here. By using keystone I mean running > > keystone on fuel master node. After all it's just python program. It's > used > > by OpenStack as authorization tool but it also can be used as standalone > > software or by different tools completely not connected with OpenStack. > > In future if want to use LDAP source, keystone already have plugin for > it. > > > > Regards > > > > > > On Tue, May 27, 2014 at 5:08 PM, David Easter <deas...@mirantis.com> > wrote: > >> > >> The other challenge of utilizing Keystone is which one to use. Fuel > >> enables the deployment of multiple cloud environments from one UI; so > when > >> accessing the Fuel Master Node, it would be ambiguous which already > deployed > >> Keystone to contact for authentication. If/When Triple-O is utilized, > one > >> could perhaps see designating the Keystone of the undercloud; but that’s > >> more a future requirement. > >> > >> For now, I’d suggest an internal authentication in the immediate short > >> term. External auth sources can be added in future milestones – most > likely > >> an LDAP source that’s outside the deployed clouds and designated by IT. > >> > >> Thanks, > >> > >> - David J. Easter > >> Director of Product Management, Mirantis > >> > >> From: Jesse Pretorius <jesse.pretor...@gmail.com> > >> Reply-To: "OpenStack Development Mailing List (not for usage questions)" > >> <openstack-dev@lists.openstack.org> > >> Date: Tuesday, May 27, 2014 at 7:43 AM > >> > >> To: "OpenStack Development Mailing List (not for usage questions)" > >> <openstack-dev@lists.openstack.org> > >> Subject: Re: [openstack-dev] [Fuel-dev] access-control-master-node > >> > >> On 27 May 2014 13:42, Lukasz Oles <lo...@mirantis.com> wrote: > >>> > >>> Hello fuelers, > >>> > >>> we(I and Kamil) would like start discussion about "Enforce access > control > >>> for Fuel UI" blueprint > >>> https://blueprints.launchpad.net/fuel/+spec/access-control-master-node > . > >>> > >>> First question to David, as he proposed this bp. Do you want to add > more > >>> requirements? > >>> > >>> To all. What do you think about using keystone as authorization tool? > We > >>> described all pros/cons in the specification. > >> > >> > >> I would suggest both an internal authentication database and the option > of > >> plugging additional options in, with keystone being one of them and > perhaps > >> something like oauth being another. > >> > >> Keystone may not be available at the time of the build, or accessible > from > >> the network that's used for the initial build. > >> _______________________________________________ OpenStack-dev mailing > list > >> OpenStack-dev@lists.openstack.org > >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >> > >> -- > >> Mailing list: https://launchpad.net/~fuel-dev > >> Post to : fuel-...@lists.launchpad.net > >> Unsubscribe : https://launchpad.net/~fuel-dev > >> More help : https://help.launchpad.net/ListHelp > >> > > > > > > > > -- > > Łukasz Oleś > > > > -- > > Mailing list: https://launchpad.net/~fuel-dev > > Post to : fuel-...@lists.launchpad.net > > Unsubscribe : https://launchpad.net/~fuel-dev > > More help : https://help.launchpad.net/ListHelp > > > > > > -- > Andrew > Mirantis > Ceph community > -- Łukasz Oleś
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev