Here's a link to my analysis so far:
http://wiki.openstack.org/NovaOrchestration/WorkflowEngines/SpiffWorkflow
It looks good, but I won't pass a final verdict until I have completed a
working project in it. I have one in progress and will let ya know when
it's done.
Z
On 4/3/12 4:56 PM, Ziad
3:38 PM, Yun Mao yun...@gmail.com wrote:
Hi Ziad,
thanks for the great work. Do we know how the states are persisted in
Spiff? Thanks,
Yun
On Fri, Apr 6, 2012 at 3:53 PM, Ziad Sawalha ziad.sawa...@rackspace.com
wrote:
Here's a link to my analysis so far:
http://wiki.openstack.org
: Friday, April 06, 2012 5:38 PM
To: Ziad Sawalha
Cc: Sriram Subramanian; Dugger, Donald D; Sandy Walsh;
nova-orchestrat...@lists.launchpad.net; openstack@lists.launchpad.net
Subject: Re: [Nova-orchestration] [Openstack] Preliminary analysis of
SpiffWorkflow
Hi Ziad,
thanks for the great work. Do
From: Ziad Sawalha
Sent: Friday, April 06, 2012 4:53 PM
To: Sriram Subramanian; Dugger, Donald D; Sandy Walsh
Cc: nova-orchestrat...@lists.launchpad.net; openstack@lists.launchpad.net
Subject: Re: [Openstack] [Nova-orchestration] Preliminary analysis of
SpiffWorkflow
Congratulations!! 5 core services and counting. It's now a real stack.
On 4/5/12 9:52 AM, Thierry Carrez thie...@openstack.org wrote:
Hello everyone,
I'm very happy to announce the immediate release of OpenStack 2012.1
(code-named Essex). This coordinated release contains 5 components:
Just confirming what Sandy said; I am playing around with SpiffWorkflow.
I'll post my findings when I'm done on the wiki under the Nova
Orchestration page.
So far I've found some of the documentation lacking and concepts
confusing, which has resulted in a steep learning curve and made it
Really cool! Thanks, Syed.
We should have these running at the keynote at the conference while everyone is
waiting to get started :-)
From: Armaan dce3...@gmail.commailto:dce3...@gmail.com
Date: Mon, 5 Mar 2012 08:21:54 +0530
To: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Hi Andi - It landed in E3. It was not back ported since it contains a
significant schema change. I don't think we can back port it to Diablo.
Z
From: andi abes andi.a...@gmail.commailto:andi.a...@gmail.com
Date: Fri, 10 Feb 2012 15:36:04 -0500
To: Ziad Sawalha ziad.sawa
Hey Everyone,
As you may be well aware, the existing Keystone implementation has been a
source of some consternation for deployers and various members of our
community. In response to this, over the last few months, there has been an
effort between our team and members of the community to
@lists.launchpad.net
(openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net)
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net, Ziad
Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com
Subject: Re: [Openstack] Keystone: is revoke token API officially supported
/token
X-Auth_token: …
X-Subject-Token: {token_id}
From: Dolph Mathews dolph.math...@gmail.commailto:dolph.math...@gmail.com
Date: Thu, 26 Jan 2012 17:17:12 -0600
To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com
Cc: Jorge Williams
jorge.willi
Hi Xuyun -
Object-store is the correct type based on the API spec (it's defined in the
XSDs for Keystone as well). Can you point me at documentation that lists any
other type?
IANA assigned port 35357 to Keystone last year and we've been using that for a
while. 5001 is no longer in use.
Hope
Try running keystone with the –d and –t switches (./keystone –d –t). That will
output additional debug information on where the error occurred and what your
configuration is. That should help in troubleshooting.
From: Xuyun Zhang xyzhan...@gmail.commailto:xyzhan...@gmail.com
Date: Sat, 14 Jan
Vish is right, your request should have an {auth: } wrapping the credentials.
There are two ways to fix this:
1. Use a newer client that honors the Diablo contract
2. Use the latest trunk version of Keystone which by default runs a
D5_compat middleware and will respond to requests
Fellow OpenStackers,
We've put out some prototypes and information on RBAC:
1. There is a blueprint out there:
https://blueprints.launchpad.net/keystone/+spec/rbac-keystone
2. We have a prototype for the middleware that shows what it would send down to
Nova (and other services): see email
Who suggested not using python-keystoneclient?
On 12/16/11 4:12 PM, Jesse Andrews anotherje...@gmail.com wrote:
python-keystoneclient is based on python-novaclient, and is already in
use by horizon as mentioned.
What are the reasons for not using python-keystoneclient?
Jesse
On Fri, Dec 16,
, not being aware that we were already moving towards supporting
python-keystoneclient, implied that someone was /against/
python-keystoneclient.
I have no objections :)
-Dolph Mathews
On Dec 16, 2011, at 4:56 PM, Ziad Sawalha ziad.sawa...@rackspace.com
wrote:
Who suggested not using python
Hi Bryan -
There are a couple of points here:
1. The Service API is a subset of the Admin API. There are calls in the
Admin API that need a token with privileged access to be called. The use
of the Service API is a deployment option, but not a requirement (i.e. You
can run Keystone on one
Very cool!
Any plans to have a silent (or daily, or on demand) one running against
trunk for all projects?
On 12/8/11 4:12 PM, James E. Blair cor...@inaugust.com wrote:
Hi,
A lot of people would like to see us with more commit gating jobs that
test functionality across the full range of core
Great. BTW, Dolph just started work on this, so we've updated the status of the
blueprint.
Z
From: Judd Maltin openst...@newgoliath.commailto:openst...@newgoliath.com
Date: Fri, 2 Dec 2011 11:27:57 -0500
To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com
Cc: openstack
...@newgoliath.commailto:openst...@newgoliath.com
Date: Fri, 25 Nov 2011 11:31:50 -0500
To: Rouault, Jason (Cloud Services)
jason.roua...@hp.commailto:jason.roua...@hp.com
Cc: John Dickinson m...@not.mnmailto:m...@not.mn, Ziad Sawalha
ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com,
openstack
Hi Paul - thank you for the good feedback.
I'm going to address your points individually below, but before I want to
to set some context and address some of your broader concerns.
The 2.0 API for Keystone is released and multiple implementers are already
working on it (in fact, we at Rackspace
Hi Judd – I'm not sire I understand. Can you give me an example of two tenants,
their usernames, and the endpoints you would like them to have in Keystone?
From: Judd Maltin j...@newgoliath.commailto:j...@newgoliath.com
Date: Fri, 18 Nov 2011 15:22:09 -0500
To:
Hi Joe - Here are some additional responses and comments inlineŠ
On 10/25/11 3:48 PM, Joseph Heck he...@me.com wrote:
On Oct 25, 2011, at 12:54 PM, Jesse Andrews wrote:
I'm not an expert ... adding some comments
On Tue, Oct 25, 2011 at 12:05 PM, Joseph Heck he...@me.com wrote:
I've just
to register as many endpoints and endpoint types as
they needed.
Z
From: Marcelo Martins
btorch...@zeroaccess.orgmailto:btorch...@zeroaccess.org
Date: Mon, 31 Oct 2011 19:26:12 -0500
To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com
Cc: Joseph Heck he...@mac.commailto:he
to that. Feels like Essex+1 to me.
Is there a piece of this or a blocker we need to address today?
From: Marcelo Martins
btorch...@zeroaccess.orgmailto:btorch...@zeroaccess.org
Date: Tue, 1 Nov 2011 10:16:34 -0500
To: Ziad Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com
Cc
The list of URLs comes from what we have historically done at Rackspace and the
conversations had in OpenStack about a management/admin API.
I agree that not all services need those three. And some may want to create
additional ones. You mention type below. Not to be confused with the
...@nimbisservices.commailto:brian.sch...@nimbisservices.com, Ziad
Sawalha ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com
Cc: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Subject: Re: [Openstack] Handling Schema Changes
So you would do a diff if the generated WADL against the expected WADL. That
would mean we use both. I think that's a reasonable approach.
On Oct 26, 2011, at 12:31 PM, Monsyne Dragon mdra...@rackspace.com wrote:
On Oct 26, 2011, at 10:48 AM, Kevin L. Mitchell wrote:
On Tue, 2011-10-25
Hi Nati - I might be opening a can of worms here, but I thought the API spec
and WADL were complete and we were working on implementing it. It sounds to me
like you are doing the reverse and matching the WADL to the current state of
the code. There's value in that, but i know it will cause
Hi-
Hishaharu - yes, we are working on the documentation during this milestone.
Razique - thank you for helping out :-)
Ziad
On 10/20/11 4:38 PM, Hisaharu Ishii
ishii.hisah...@nttdata-agilenet.com wrote:
Hi folks,
The auth. scheme has changed recently. Here is a working set with the
last
I filed this as a bug. We'll need to fix it so special characters get encoded
correctly: https://bugs.launchpad.net/keystone/+bug/872287
Thanks,
Ziad
From: DeadSun mwjpi...@gmail.commailto:mwjpi...@gmail.com
Date: Tue, 11 Oct 2011 16:29:21 +0800
To:
FWIW, we've received excellent support from the CI team on Gerrit and it
is working well for Keystone. The workflow has been simplified with the
rfc.sh script and the system has been available and performing reliably.
The ability to pull down, modify, and resubmit reviews works well and is
simple
Hi Rafael -
These are special roles that allow you to administer Keystone itself or act as
a service (register yourself, your endpoints, and your roles). Those operations
are global and make no sense at the tenant level (at least I haven't seen a
valid use case for them at the tenant level).
Yes, but I'd also like to give the sysadmin's the choice at least in case they
are dealing with deployment constraints that are imposed on them.
From: Yuriy Taraday yorik@gmail.commailto:yorik@gmail.com
Date: Tue, 23 Aug 2011 20:05:26 +0400
To: Ziad Sawalha ziad.sawa
that purpose.
c) Also, on the port numbers, I assume they will manifest as universal
constants and/or a configuration file in a universally (or
intergalactically ;o)) known place.
Cheers
k/
Original Message
Subject: [Openstack] Default ports for services
From: Ziad Sawalha ziad.sawa
Hi Marc -
service_host points to the service (Nova in this case). This is only used if
you're running the auth middleware on a separate server (that's an advanced
configuration for being able to scale out in the future). However, even if you
set that incorrectly to the Keystone server, it
Hi -
We're working on the blueprint to allow services to register themselves and
manage their own roles and endpoints in Keystone. We have some sample use cases
listed on the ether pad for the blueprint.
Etherpad: http://etherpad.openstack.org/service-registry
Blueprint:
projects/teams.
Best,
Ziad
From: Ziad Sawalha
ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com
Date: Fri, 10 Jun 2011 18:24:21 -0500
To: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Subject
To: Ziad Sawalha
ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com,
'openstack@lists.launchpad.netmailto:'openstack@lists.launchpad.net'
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
Subject: RE: [Openstack] [Keystone] [Swift] Keystone Tenant vs Swift Account
Ziad,
1
, Divyesh
divyesh.khande...@hp.commailto:divyesh.khande...@hp.com
Date: Mon, 18 Jul 2011 15:47:31 +0100
To: Ziad Sawalha
ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com,
'openstack@lists.launchpad.netmailto:'openstack@lists.launchpad.net'
openstack@lists.launchpad.netmailto:openstack
://lists.launchpad.netlists.launchpad.nethttp://lists.launchpad.net]
On Behalf Of Ziad Sawalha
Sent: Thursday, July 14, 2011 12:22 PM
To: Rouault, Jason (Cloud Services); Yuriy Taraday;
mailto:openstack@lists.launchpad.net mailto:openstack@lists.launchpad.net
openstack@lists.launchpad.netmailto:openstack
://hp.comhp.comhttp://hp.com@http://lists.launchpad.netlists.launchpad.nethttp://lists.launchpad.net]
On Behalf Of Ziad Sawalha
Sent: Thursday, July 14, 2011 12:22 PM
To: Rouault, Jason (Cloud Services); Yuriy Taraday;
mailto:openstack@lists.launchpad.net
openstack@lists.launchpad.netmailto:openstack
In the example I gave below they are not members of any group and have no roles
assigned to them. Should they still be authenticated?
From: Rouault, Jason (Cloud Services)
jason.roua...@hp.commailto:jason.roua...@hp.com
Date: Thu, 14 Jul 2011 16:25:22 +
To: Ziad Sawalha
ziad.sawa
Taylor btay...@rackspace.com wrote:
How is this different in effect than letting swift or nova be tenants?
Each tenant gets to define users, roles, and groups, right?
On 07/13/2011 10:39 AM, Jay Pipes wrote:
On Wed, Jul 13, 2011 at 12:45 AM, Ziad Sawalha
ziad.sawa...@rackspace.com wrote
...@hp.commailto:jason.roua...@hp.com
Date: Wed, 13 Jul 2011 13:18:44 +
To: Ziad Sawalha
ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com, Yuriy Taraday
yorik@gmail.commailto:yorik@gmail.com,
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
openstack
Our goal is to support Nova use cases right now. You can provide access to
multiple tenants using a role assignment (assigning a user a role on a specific
tenant effectively binds them to that tenant).
However, this raises the issue of what the 'implied' role of a user is when
they are bound
Hi Yuriy,
The project home is http://launchpad.net/keystone. On that page are links to
many of the discussions on the topic.
The code is available on the github repository mentioned there;
http://github.com/rackspace/keystone. There are also a number of issues listed
there which contain
The effort Jay (and others) are doing on standardizing across services
could also be helpful here; having a -p --ports command-line and config
setting that works with all services would make it easier to stand up a
set of services on non-conflicting ports.
On 6/25/11 9:11 PM, Todd Willey
We have the service catalog functionality in Keystone which provides
discovery.
We still need to complete the user story of how a service registers
itself; the functionality is available, but not fully documented as a
story.
The question of ports still remains, though. How do you find Keystone?
Hi Jason -
The mapping is that a Tenant in Keystone is the same thing as an Account in
Swift and a Project in Nova.
Specifically answering your questions:
1. 1-to-1
2. 1-to-1
3. We're debating this one. We started with a User being 'Contained' in one
(and only one) tenant. Then we
services.
From: Rouault, Jason (Cloud Services)
jason.roua...@hp.commailto:jason.roua...@hp.com
Date: Wed, 15 Jun 2011 14:32:22 +
To: Ziad Sawalha
ziad.sawa...@rackspace.commailto:ziad.sawa...@rackspace.com,
openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
openstack
Time flies! It's June 10th already. In my last email to this community I had
proposed today as the day to lock down the Keystone API so we can finalize
implementation by Diablo-D2 (June 30th).
We've been working on this feverishly over the past couple of weeks and have
just pushed out a
Agreed. We could create a list of potential standards, protocols, and
integration work and maintain it in the README file. I'll get that in…
From: James Weir james.w...@usharesoft.commailto:james.w...@usharesoft.com
Date: Fri, 27 May 2011 10:24:36 +0200
To: Ziad Sawalha ziad.sawa
Project is indeed the equivalent of tenant.
The multi-tenant-accounting blueprint says usage must be TAGGED with the
tenant so that an operator can map and aggregate usage as is appropriate
for their own business logic.
If we aggregate by tenant, we just need ton recognize that there may
Thanks, Rostik. Good suggestions. We have heard much demand for SAML and I am
sure someone will implement it very soon.
On #1, that is a user experience question. Not every OpenStack deployment will
enforce the same level of complexity. We need to make that configurable on the
backend and
And here is a launchpad mirror: https://launchpad.net/keystone
https://launchpad.net/keystone
On Apr 26, 2011, at 5:25 PM, Ziad Sawalha wrote:
As a follow-up, and to keep the conversation moving, we've built and posted a
proof of concept for the OpenStack Identity service at
https
this week and available to explain, demo,
hack, discuss, and collaborate with anyone interested.
Reach out to us, we look forward to meeting everyone:
- Ziad Sawalha
- Jorge Williams
- Khaled Hussein
Thanks for everyone who contributed to the code, especially Jesse and Vish for
helping us
Hi Everyone,
For OpenStack to achieve the goal of being a massively scalable cloud
operating system, it needs a common approach to some of the problems that an
operating systemdeals with such as Authentication (auth-n) and Authorization
(auth-z). There has been much discussion on the topic
/
Original Message
Subject: [Openstack] Proposing an Identity Service in OpenStack (a.k.a.
Auth)
From: Ziad Sawalha z...@sawalha.commailto:z...@sawalha.com
Date: Mon, April 18, 2011 4:42 am
To: openstack@lists.launchpad.netmailto:openstack@lists.launchpad.net
openstack
-0500, Ziad Sawalha wrote:
Hi Everyone,
For OpenStack to achieve the goal of being a massively scalable cloud
operating system, it needs a common approach to some of the problems that
an operating systemdeals with such as Authentication (auth-n) and
Authorization (auth-z). There has been
Licensing - Has there been a conversation around licensing? Glance may not be
the place to manage licenses (issue, track, revoke, renew, register, etc...)
but one attribute of an image is whether it needs a license or not and if it
does, where does one go to get one.
Licensing service? Maybe
62 matches
Mail list logo
