Re: [Openstack-operators] Ops Keystone / Federation Session

[Adam Young]

On 05/23/2015 02:50 PM, Tim Bell wrote:

Joe,

Thanks for the notes.

We had a productive discussion with the Glance folk on how to share 
images across clouds 
(https://libertydesignsummit.sched.org/event/6b4a5dbd177cde2aad7a9927a82534d0#.VWDLPpOqqko) 
and we’ll be working on that spec.


We also had some forward looking discussions with the Keystone team on 
how to manage multi-cloud nested projects.


As joe said, Federated identity is needed but giving users a 
transparent exprience will take much, much more.


Are there blueprints created for this gap ?

I don't think so, as they really are cross-project blueprints.

I  was thinking that there needs to be an owner, and the down in the big 
tent is something like this:


Ceilometer is responsible for responding to events and kicking off workflows

Mistral is responsible for defining workflows.

While neither should be essential, or required, we should have a 
big-tent-only solution that people can use for reference.


Keysteon can provide the user first seen event
We need a time out for user not seen since X  to archive their work
We then need a Delete all resources  at a later date.
If a project is deliberately deleted, we need to catch and clean up 
those events as well.


I suspect if we documented that much, we'd get most of the way home.





Tim

From: joe j...@topjian.net mailto:j...@topjian.net
Date: Friday 22 May 2015 23:26
To: openstack-operators openstack-operators@lists.openstack.org 
mailto:openstack-operators@lists.openstack.org

Subject: [Openstack-operators] Ops Keystone / Federation Session

Hello,

Better late than never, here's a summary of the Ops Keystone / 
Federation Session from this past Tuesday:


First, I want to thank everyone from the Keystone team for attending 
the session -- it was very cool to have you guys on-hand to directly 
answer questions and give input and insight into the various items 
being discussed.


This was the first time we had a discussion session dedicated to this 
topic and we could have easily spent entire sessions on each of the 
main items listed in the Etherpad 
https://etherpad.openstack.org/p/YVR-ops-federation. I think that 
shows there's a lot to be discussed with regard to federated clouds.


The biggest discussion item to come out of the session was that a 
federated cloud means so much more than just Keystone. Allocating, 
restricting, automatic provisioning, reporting, and cleanup of any 
type of OpenStack-enabled resource in a federated cloud are all areas 
Operators are interested in learning about, but those areas are either 
not well defined (perhaps because what works for one federation won't 
work for another), are not possible to do yet, or are possible but 
Operators aren't sure how to implement them.


I encourage operators who are interested in this area to keep the 
discussion going on this list by sharing your questions, concerns, and 
trials. As well, I hope to see this topic in future Ops meetups and 
tracks as a more formal way to touch base on this area.


Etherpad: https://etherpad.openstack.org/p/YVR-ops-federation

Thanks,
Joe


___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Ops Keystone / Federation Session

[Tim Bell]

Joe,

Thanks for the notes.

We had a productive discussion with the Glance folk on how to share images 
across clouds 
(https://libertydesignsummit.sched.org/event/6b4a5dbd177cde2aad7a9927a82534d0#.VWDLPpOqqko)
 and we’ll be working on that spec.

We also had some forward looking discussions with the Keystone team on how to 
manage multi-cloud nested projects.

As joe said, Federated identity is needed but giving users a transparent 
exprience will take much, much more.

Are there blueprints created for this gap ?

Tim

From: joe j...@topjian.netmailto:j...@topjian.net
Date: Friday 22 May 2015 23:26
To: openstack-operators 
openstack-operators@lists.openstack.orgmailto:openstack-operators@lists.openstack.org
Subject: [Openstack-operators] Ops Keystone / Federation Session

Hello,

Better late than never, here's a summary of the Ops Keystone / Federation 
Session from this past Tuesday:

First, I want to thank everyone from the Keystone team for attending the 
session -- it was very cool to have you guys on-hand to directly answer 
questions and give input and insight into the various items being discussed.

This was the first time we had a discussion session dedicated to this topic and 
we could have easily spent entire sessions on each of the main items listed in 
the Etherpadhttps://etherpad.openstack.org/p/YVR-ops-federation. I think that 
shows there's a lot to be discussed with regard to federated clouds.

The biggest discussion item to come out of the session was that a federated 
cloud means so much more than just Keystone. Allocating, restricting, 
automatic provisioning, reporting, and cleanup of any type of OpenStack-enabled 
resource in a federated cloud are all areas Operators are interested in 
learning about, but those areas are either not well defined (perhaps because 
what works for one federation won't work for another), are not possible to do 
yet, or are possible but Operators aren't sure how to implement them.

I encourage operators who are interested in this area to keep the discussion 
going on this list by sharing your questions, concerns, and trials. As well, I 
hope to see this topic in future Ops meetups and tracks as a more formal way to 
touch base on this area.

Etherpad: https://etherpad.openstack.org/p/YVR-ops-federation

Thanks,
Joe
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators