Hi Matt Fischer,
I'm really appreciating your help!
I think you point out the directions (regions & federation) which I need to
study and research on next setp.
Best Regards,
Sam Cheng
Date: Sun, 27 Sep 2015 14:26:58 -0600
Subject: Re: [Openstack-operators] "Master" keystone and "sub" keystone
From: m...@mattfischer.com
To: runner_ch...@hotmail.com
As far as I know you have to do this with regions unless there's something
special that can be done with federation. If you're not storing tokens in the
DB (which you shouldn't be doing) I'm not sure why you'd want special read-only
nodes. Where are your actual services running? Because it's not just the user
getting the token, but all your services (cinder, glance, etc) need to validate
that token and you'll need to determine which keystone cluster they'll be
talking to.
On Sat, Sep 26, 2015 at 9:19 PM, RunnerCheng <runner_ch...@hotmail.com> wrote:
Hi All,
I'm a newbie of keystone, and I'm doing some research about it recently. I have
a question about how to deploy it. The scenario is on below:
One comany has one headquarter dc and 5 sub dc locate in different cities. We
want to deploy separate OpenStack with "sub" keystone at the sub dc, and want
to deploy one "master" keystone at headquarter dc. We want to manage all users,
roles and tenants etc on the "master" keystone, however we want the end-user
can authenticate with the "sub" keystone where he or she is locate.
Is anyone understant this scenario? How to realize it without additionaly
development?
Thanks in advance!
Sam Cheng
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
