spec? Fun
>stuff.
>
>Look forward to seeing that larger project!
>
>-S
>
>
>From: Ziad Sawalha
>Sent: Friday, April 06, 2012 4:53 PM
>To: Sriram Subramanian; Dugger, Donald D; Sandy Walsh
>Cc: nova-orchestrat...@lists.launchpad.n
un Mao [yun...@gmail.com]
>Sent: Friday, April 06, 2012 5:38 PM
>To: Ziad Sawalha
>Cc: Sriram Subramanian; Dugger, Donald D; Sandy Walsh;
>nova-orchestrat...@lists.launchpad.net; openstack@lists.launchpad.net
>Subject: Re: [Nova-orchestration] [Openstack] Preliminary analysis of
>Sp
On 4/6/12 3:38 PM, "Yun Mao" wrote:
>Hi Ziad,
>
>thanks for the great work. Do we know how the states are persisted in
>Spiff? Thanks,
>
>Yun
>
>On Fri, Apr 6, 2012 at 3:53 PM, Ziad Sawalha
>wrote:
>> Here's a link to my analysis so far:
>>
Here's a link to my analysis so far:
http://wiki.openstack.org/NovaOrchestration/WorkflowEngines/SpiffWorkflow
It looks good, but I won't pass a final verdict until I have completed a
working project in it. I have one in progress and will let ya know when
it's done.
Z
On 4/3/12
Congratulations!! 5 core services and counting. It's now a "real" stack.
On 4/5/12 9:52 AM, "Thierry Carrez" wrote:
>Hello everyone,
>
>I'm very happy to announce the immediate release of OpenStack 2012.1
>(code-named "Essex"). This coordinated release contains 5 components:
>
>OpenStack Compute
Just confirming what Sandy said; I am playing around with SpiffWorkflow.
I'll post my findings when I'm done on the wiki under the Nova
Orchestration page.
So far I've found some of the documentation lacking and concepts
confusing, which has resulted in a steep learning curve and made it
difficult
Really cool! Thanks, Syed.
We should have these running at the keynote at the conference while everyone is
waiting to get started :-)
From: Armaan mailto:dce3...@gmail.com>>
Date: Mon, 5 Mar 2012 08:21:54 +0530
To: mailto:openstack@lists.launchpad.net>>
Subject: [Openstack] OpenStack Projects De
Hi Andi - It landed in E3. It was not back ported since it contains a
significant schema change. I don't think we can back port it to Diablo.
Z
From: andi abes mailto:andi.a...@gmail.com>>
Date: Fri, 10 Feb 2012 15:36:04 -0500
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com
We were working on providing the necessary functionality in Keystone but
stopped when we heard of the alternative solution. We could resume the
conversation about what is needed on the Keystone side and implement if needed.
Z
From: Sandy Walsh mailto:sandy.wa...@rackspace.com>>
Date: Thu, 2 Feb
Hey Everyone,
As you may be well aware, the existing Keystone implementation has been a
source of some consternation for deployers and various members of our
community. In response to this, over the last few months, there has been an
effort between our team and members of the community to re-a
IDATE/token
X-Auth_token: …
X-Subject-Token: {token_id}
From: Dolph Mathews mailto:dolph.math...@gmail.com>>
Date: Thu, 26 Jan 2012 17:17:12 -0600
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: Jorge Williams
mailto:jorge.willi...@rackspace.com>>, Dolph
Mathews mailto:
t;mailto:openstack@lists.launchpad.net>
(openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>)"
mailto:openstack@lists.launchpad.net>>, Ziad
Sawalha mailto:ziad.sawa...@rackspace.com>>
Subject: Re: [Openstack] Keystone: is revoke token API "officially" su
Hi Xuyun -
Object-store is the correct type based on the API spec (it's defined in the
XSDs for Keystone as well). Can you point me at documentation that lists any
other type?
IANA assigned port 35357 to Keystone last year and we've been using that for a
while. 5001 is no longer in use.
Hope
Try running keystone with the –d and –t switches (./keystone –d –t). That will
output additional debug information on where the error occurred and what your
configuration is. That should help in troubleshooting.
From: Xuyun Zhang mailto:xyzhan...@gmail.com>>
Date: Sat, 14 Jan 2012 22:51:06 +11
Hi Xuyun,
Creating a user with a password is all you need to authenticate and get a
token. The 'keystone-manage credentials' command is to add any additional
credentials like EC2 (AWS) credentials or API keys.
I'm not an expert on the swift command, but I believe it might work if you pass
the
Vish is right, your request should have an {"auth": } wrapping the credentials.
There are two ways to fix this:
1. Use a newer client that honors the Diablo contract
2. Use the latest trunk version of Keystone which by default runs a
D5_compat middleware and will respond to requests format
Fellow OpenStackers,
We've put out some prototypes and information on RBAC:
1. There is a blueprint out there:
https://blueprints.launchpad.net/keystone/+spec/rbac-keystone
2. We have a prototype for the middleware that shows what it would send down to
Nova (and other services): see email bel
e, not being aware that we were already moving towards supporting
>python-keystoneclient, implied that someone was /against/
>python-keystoneclient.
>
>I have no objections :)
>
>-Dolph Mathews
>
>On Dec 16, 2011, at 4:56 PM, Ziad Sawalha
>wrote:
>
>> Who suggested
Who suggested not using python-keystoneclient?
On 12/16/11 4:12 PM, "Jesse Andrews" wrote:
>python-keystoneclient is based on python-novaclient, and is already in
>use by horizon as mentioned.
>
>What are the reasons for not using python-keystoneclient?
>
>Jesse
>
>On Fri, Dec 16, 2011 at 1:47
Hi Bryan -
There are a couple of points here:
1. The Service API is a subset of the Admin API. There are calls in the
Admin API that need a token with privileged access to be called. The use
of the Service API is a deployment option, but not a requirement (i.e. You
can run Keystone on one endpoin
Hi Ygsnian -
I'm not sure which version of Keystone your install deployed. One issue we
had is that there were significant changes in the API between D5 (which
was not officially released) and Diablo. However, there were some packages
and deployments that used D5.
We've tried to address this with
Very cool!
Any plans to have a silent (or daily, or on demand) one running against
trunk for all projects?
On 12/8/11 4:12 PM, "James E. Blair" wrote:
>Hi,
>
>A lot of people would like to see us with more commit gating jobs that
>test functionality across the full range of core OpenStack proje
Great. BTW, Dolph just started work on this, so we've updated the status of the
blueprint.
Z
From: Judd Maltin mailto:openst...@newgoliath.com>>
Date: Fri, 2 Dec 2011 11:27:57 -0500
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: "openstack@lists.launchpa
for the current Keystone schema I don't have any alternative
suggestions unfortunately.
Does this help?
From: Judd Maltin mailto:openst...@newgoliath.com>>
Date: Thu, 1 Dec 2011 16:32:00 -0500
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Subject: Re: [Openstack]
st...@newgoliath.com>>
Date: Fri, 25 Nov 2011 11:31:50 -0500
To: "Rouault, Jason (Cloud Services)"
mailto:jason.roua...@hp.com>>
Cc: John Dickinson mailto:m...@not.mn>>, Ziad Sawalha
mailto:ziad.sawa...@rackspace.com>>,
"openstack@lists.launchpad.n
Hi Pete - the brackets were a mistake in the documentation. The correct
syntax is %tenant_id%.
Z
On 11/25/11 5:00 PM, "Pete Zaitcev" wrote:
>On Wed, 23 Nov 2011 09:28:01 -0300
>Leandro Reox wrote:
>
>> keystone-manage endpointTemplates add RegionOne swift
>> http://172.16.0.88:8080/v1/AUTH_%te
Hi Paul - thank you for the good feedback.
I'm going to address your points individually below, but before I want to
to set some context and address some of your broader concerns.
The 2.0 API for Keystone is released and multiple implementers are already
working on it (in fact, we at Rackspace ha
Hi Judd – I'm not sire I understand. Can you give me an example of two tenants,
their usernames, and the endpoints you would like them to have in Keystone?
From: Judd Maltin mailto:j...@newgoliath.com>>
Date: Fri, 18 Nov 2011 15:22:09 -0500
To: mailto:openstack@lists.launchpad.net>>
Subject: [Op
Hi Joe - Here are some additional responses and comments inlineŠ
On 10/25/11 3:48 PM, "Joseph Heck" wrote:
>
>On Oct 25, 2011, at 12:54 PM, Jesse Andrews wrote:
>
>> I'm not an expert ... adding some comments
>>
>> On Tue, Oct 25, 2011 at 12:05 PM, Joseph Heck wrote:
>>> I've just dropped in
de to move to that. Feels like Essex+1 to me.
Is there a piece of this or a blocker we need to address today?
From: Marcelo Martins
mailto:btorch...@zeroaccess.org>>
Date: Tue, 1 Nov 2011 10:16:34 -0500
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: Joseph Heck mailto:he...@
register as many endpoints and endpoint types as
they needed.
Z
From: Marcelo Martins
mailto:btorch...@zeroaccess.org>>
Date: Mon, 31 Oct 2011 19:26:12 -0500
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: Joseph Heck mailto:he...@mac.com>>,
"openstack@lists.launchp
The list of URLs comes from what we have historically done at Rackspace and the
conversations had in OpenStack about a management/admin API.
I agree that not all services need those three. And some may want to create
additional ones. You mention "type" below. Not to be confused with the
service
I think this was it:
https://github.com/openstack/keystone/commit/2bb474331d73e7c6d2a507cb097c50
cfe65ad6b6
Will try to get it in the back ports.
Z
On 10/28/11 1:57 PM, "Razique Mahroua" wrote:
>Hey,
>I never found out, in fact I only recall some mails exchange on a mailing
>list, basically,
ggestion and use SQL Alchemy migrate_repo. We'll do that
for schema changes currently in our branches and will work towards adopting the
BP above.
Z
From: Paul Voccio mailto:paul.voc...@rackspace.com>>
Date: Tue, 25 Oct 2011 19:33:57 -0500
To: Brian Schott
mailto:brian.sch...@nimb
So you would do a diff if the generated WADL against the expected WADL. That
would mean we use both. I think that's a reasonable approach.
On Oct 26, 2011, at 12:31 PM, "Monsyne Dragon" wrote:
>
> On Oct 26, 2011, at 10:48 AM, Kevin L. Mitchell wrote:
>
>> On Tue, 2011-10-25 at 15:30 -0700,
Hi Nati - I might be opening a can of worms here, but I thought the API spec
and WADL were complete and we were working on implementing it. It sounds to me
like you are doing the reverse and matching the WADL to the current state of
the code. There's value in that, but i know it will cause probl
Our schema right now is auto generated from the model using sqlalchemy.
Whenever we change the model, the generated schema is different for new
installations but this does not address existing deployments.
Looking for feedback on how to handle this better:
anotherjesses offered:
https://github.
Hi-
Hishaharu - yes, we are working on the documentation during this milestone.
Razique - thank you for helping out :-)
Ziad
On 10/20/11 4:38 PM, "Hisaharu Ishii"
wrote:
>Hi folks,
>
>> The auth. scheme has changed recently. Here is a working set with the
>>last
>> version :
>
>However these d
I filed this as a bug. We'll need to fix it so special characters get encoded
correctly: https://bugs.launchpad.net/keystone/+bug/872287
Thanks,
Ziad
From: DeadSun mailto:mwjpi...@gmail.com>>
Date: Tue, 11 Oct 2011 16:29:21 +0800
To: mailto:openstack@lists.launchpad.net>>
Subject: [Openstack] Ca
Good people at the OpenStack summit in Boston reminded me that I did not
announce the Keystone release that we tagged here:
https://github.com/openstack/keystone/tree/2011.3
This is the Diablo release running the latest and final 2.0 API.
We're discussing at the summit what to work on next. RBA
FWIW, we've received excellent support from the CI team on Gerrit and it
is working well for Keystone. The workflow has been simplified with the
rfc.sh script and the system has been available and performing reliably.
The ability to pull down, modify, and resubmit reviews works well and is
simple
Not sure. 80?
On 8/23/11 10:09 AM, "Ewan Mellor" wrote:
>OK, I get you. So "keystone-control admin start" brings up both APIs on
>port 35357, so which port should "keystone-control auth start" be using?
>
>Ewan.
>
>> -Original M
Yes, but I'd also like to give the sysadmin's the choice at least in case they
are dealing with deployment constraints that are imposed on them.
From: Yuriy Taraday mailto:yorik@gmail.com>>
Date: Tue, 23 Aug 2011 20:05:26 +0400
To: Ziad Sawalha mailto:ziad.sawa...@rackspac
wrote:
>If the Admin API is a superset of the Service API, then what's the
>difference between "keystone-control admin start" and "keystone-control
>ALL start"?
>
>Thanks,
>
>Ewan.
>
>> -Original Message-
>> From: Ziad Sawalha [
need two? (Or maybe just one with a flag that said
>"enable admin functions")
>
>Ewan.
>
>> -Original Message-
>> From: Ziad Sawalha [mailto:ziad.sawa...@rackspace.com]
>> Sent: 23 August 2011 19:37
>> To: Ewan Mellor; Mark Nottingham;
Hi Rafael -
These are special roles that allow you to administer Keystone itself or act as
a service (register yourself, your endpoints, and your roles). Those operations
are global and make no sense at the tenant level (at least I haven't seen a
valid use case for them at the tenant level).
A
r=citrix@lists.launchpad.net
>> [mailto:openstack-bounces+ewan.mellor=citrix@lists.launchpad.net]
>> On Behalf Of Ziad Sawalha
>> Sent: 16 August 2011 22:17
>> To: Mark Nottingham;
>> Cc: openstack@lists.launchpad.net
>> Subject: Re: [Openstack] Default
Hi Everyone,
Here's a quick Keystone API update. We had aimed to lock down the API last
Sunday but have been running behind. However, we now have an updated spec.
We've updated the documentation, WADL, XSD, and sample files in Keystone to
reflect the core Keystone API we are aiming to implement
API endpoint on top of a system
which dynamically evaluates and returns a list of roles based on the
credentials provided (or maybe even the time of day they were presented).
Z
From: "Rouault, Jason (Cloud Services)"
mailto:jason.roua...@hp.com>>
Date: Thu, 21 Jul 2011 19:53:14 +0
Agreed. My suggestion (in a direct email to Jan) was:
1. A tenant (Tenant-X) has resources in Nova (VM1)
GET nova/Tenant-X/servers/VM1returns {name: VM1, interface:
instance-0001-eth0 }
2. A user (john) creates a network in Quantum (or in Nova? Or in Quantum
through Nova?)
gt;>service catalog serves that purpose.
>> c) Also, on the port numbers, I assume they will manifest as universal
>>constants and/or a configuration file in a universally (or
>>intergalactically ;o)) known place.
>> Cheers
>>
>> Original Message
Hi Marc -
service_host points to the service (Nova in this case). This is only used if
you're running the auth middleware on a separate server (that's an advanced
configuration for being able to scale out in the future). However, even if you
set that incorrectly to the Keystone server, it proba
Hi -
We're working on the blueprint to allow services to register themselves and
manage their own roles and endpoints in Keystone. We have some sample use cases
listed on the ether pad for the blueprint.
Etherpad: http://etherpad.openstack.org/service-registry
Blueprint:
https://blueprints.lau
https://github.com/openstack/keystone is now the main repo for Keystone
(rackspace/keystone is now a fork).
All changes should go through the new workflow documented here:
http://wiki.openstack.org/GerritWorkflow
Thanks to the OpenStack CI team for their support.
On 7/18/11 4:20 PM, "Monty Tay
rements… and let me know if the dates don't work for you or
your projects/teams.
Best,
Ziad
From: Ziad Sawalha
mailto:ziad.sawa...@rackspace.com>>
Date: Fri, 10 Jun 2011 18:24:21 -0500
To: "openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>"
mailto:op
"Khandeshi, Divyesh"
mailto:divyesh.khande...@hp.com>>
Date: Mon, 18 Jul 2011 15:47:31 +0100
To: Ziad Sawalha
mailto:ziad.sawa...@rackspace.com>>,
"'openstack@lists.launchpad.net'"
mailto:openstack@lists.launchpad.net>>
Subject: RE: [Openstack] [Key
I know there is a middleware piece:
https://github.com/rackspace/keystone/blob/master/keystone/middleware/swift_auth.py
I'll defer to the swift folks on the other parts…
From: "Khandeshi, Divyesh"
mailto:divyesh.khande...@hp.com>>
Date: Mon, 18 Jul 2011 15:47:31 +
My thoughts are positive. Yuriy is working on LDAP as a backend. As soon as we
have that you/we should be able to try it with OpenLDAP. What federation use
cases do you have a need for?
Z
From: Thor Wolpert mailto:t...@wolpert.ca>>
Date: Sat, 16 Jul 2011 17:32:48 -0700
To: Ziad S
m that allows mapping the OpenStack
use cases back to any operator implementation.
Look for an an LDAP implementation to come very soon … and we should pick the
thread back up with more concrete examples?
Kind regards,
Z
From: Thor Wolpert mailto:t...@wolpert.ca>>
Date: We
unces+liem_m_nguyen<mailto:openstack-bounces%2Bliem_m_nguyen>=<http://hp.com>hp.com<http://hp.com>@<http://lists.launchpad.net>lists.launchpad.net<http://lists.launchpad.net>]
On Behalf Of Ziad Sawalha
Sent: Thursday, July 14, 2011 12:22 PM
To: Rouault, Jason (Cloud Services); Y
t;
[mailto:openstack-bounces+liem_m_nguyen<mailto:openstack-bounces%2Bliem_m_nguyen>=<http://hp.com><http://hp.com>hp.com<http://hp.com>@<http://lists.launchpad.net><http://lists.launchpad.net>lists.launchpad.net<http://lists.launchpad.net>]
On Behalf Of Ziad Sawalha
Sent
Swift account and tenant should be the same. This does not prescribe that Swift
not store them locally (Nova still stores projects).
The synchronization can be lazy (Nova does this with a shim in Keystone. If a
request is authorized by Keystone on a tenant that does not have a
corresponding pro
In the example I gave below they are not members of any group and have no roles
assigned to them. Should they still be authenticated?
From: "Rouault, Jason (Cloud Services)"
mailto:jason.roua...@hp.com>>
Date: Thu, 14 Jul 2011 16:25:22 +
To: Ziad Sawalha
mailto:ziad.sawa.
"
mailto:jason.roua...@hp.com>>
Date: Wed, 13 Jul 2011 13:18:44 +
To: Ziad Sawalha
mailto:ziad.sawa...@rackspace.com>>, Yuriy Taraday
mailto:yorik@gmail.com>>,
"openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>"
mailto:openstack@lists.l
1 11:30 AM, "Bryan Taylor" wrote:
>How is this different in effect than letting swift or nova be tenants?
>Each tenant gets to define users, roles, and groups, right?
>
>On 07/13/2011 10:39 AM, Jay Pipes wrote:
>> On Wed, Jul 13, 2011 at 12:45 AM, Ziad Sawalha
>>
though; PEPs, PDPs,
COPS, MAIDs, etc…
Z
From: andi abes mailto:andi.a...@gmail.com>>
Date: Wed, 13 Jul 2011 23:22:32 -0400
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: "Rouault, Jason (Cloud Services)"
mailto:jason.roua...@hp.com>>,
"openstac
And some current Nova users have created 'dummy' tenants to house global
users. That's ugly and hard to maintain, so we wanted to avoid 'dummy'
tenant solutions if possible. Given we're creating the spec right here and
now, we can do that :-)
On 7/13/11 12:14 PM, "Jay Pipes" wrote:
>On Wed, Ju
rent implementations (Ex: compute:admin)
Thoughts?
And comments inline ZNS>>
From: "Rouault, Jason (Cloud Services)"
mailto:jason.roua...@hp.com>>
Date: Thu, 16 Jun 2011 19:54:22 +
To: andi abes mailto:andi.a...@gmail.com>>
Cc: Ziad Sawalha
mailto:ziad.sawa...@
Our goal is to support Nova use cases right now. You can provide access to
multiple tenants using a role assignment (assigning a user a role on a specific
tenant effectively binds them to that tenant).
However, this raises the issue of what the 'implied' role of a user is when
they are bound to
Stack-only solution for
now). The service can be started on any port using the –p/--port parameter or
config setting.
Z
From: mailto:ksan...@doubleclix.net>>
Date: Mon, 27 Jun 2011 08:58:25 -0700
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: Thierry Carrez mailto
We have the service catalog functionality in Keystone which provides
discovery.
We still need to complete the user story of how a service registers
itself; the functionality is available, but not fully documented as a
story.
The question of ports still remains, though. How do you find Keystone?
O
The effort Jay (and others) are doing on standardizing across services
could also be helpful here; having a -p --ports command-line and config
setting that works with all services would make it easier to stand up a
set of services on non-conflicting ports.
On 6/25/11 9:11 PM, "Todd Willey" wrote:
Hi Yuriy,
The project home is http://launchpad.net/keystone. On that page are links to
many of the discussions on the topic.
The code is available on the github repository mentioned there;
http://github.com/rackspace/keystone. There are also a number of issues listed
there which contain conver
Where's the best place to keep track of default ports for services to avoid
conflicts? A wiki page on wiki.openstack.org?
We had a discussion while working on Keystone about default ports for OpenStack
services (https://github.com/rackspace/keystone/issues/31). We want OpenStack
to work 'out-of
OpenStack core services.
From: "Rouault, Jason (Cloud Services)"
mailto:jason.roua...@hp.com>>
Date: Wed, 15 Jun 2011 14:32:22 +
To: Ziad Sawalha
mailto:ziad.sawa...@rackspace.com>>,
"openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>"
.
(https://github.com/rackspace/keystone/issues/58)
Regards,
Ziad
From: Bryan Taylor mailto:btay...@rackspace.com>>
Date: Mon, 20 Jun 2011 23:17:02 -0500
To: Ziad Sawalha
mailto:ziad.sawa...@rackspace.com>>,
"openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.n
Hi Jason -
The mapping is that a Tenant in Keystone is the same thing as an Account in
Swift and a Project in Nova.
Specifically answering your questions:
1. 1-to-1
2. 1-to-1
3. We're debating this one. We started with a User being 'Contained' in one
(and only one) tenant. Then we mad
ill work with as many back-end stores as possible.
You're welcome,
Z
From: andi abes mailto:andi.a...@gmail.com>>
Date: Sun, 12 Jun 2011 10:58:54 -0400
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: "openstack@lists.launchpad.net<mailto:openstack@lists.launchpa
et me know if that gets you going, Andi.
Regards,
Ziad
From: Ziad Sawalha
mailto:ziad.sawa...@rackspace.com>>
Date: Sat, 11 Jun 2011 14:44:12 +
To: Andiabes mailto:andi.a...@gmail.com>>
Cc: "openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>"
token for that user) which you can use.
We'll clarify that in the dev guide.
Thanks Andi
Ziad
From: Andiabes mailto:andi.a...@gmail.com>>
Date: Fri, 10 Jun 2011 21:08:18 -0400
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: "openstack@lists.launchpa
Time flies! It's June 10th already. In my last email to this community I had
proposed today as the day to lock down the Keystone API so we can finalize
implementation by Diablo-D2 (June 30th).
We've been working on this feverishly over the past couple of weeks and have
just pushed out a propose
Project is indeed the equivalent of tenant.
The multi-tenant-accounting blueprint says usage must be TAGGED with the
tenant so that an operator can map and aggregate usage as is appropriate
for their own business logic.
If we aggregate by tenant, we just need ton recognize that there may
eventual
Agreed. We could create a list of potential standards, protocols, and
integration work and maintain it in the README file. I'll get that in…
From: James Weir mailto:james.w...@usharesoft.com>>
Date: Fri, 27 May 2011 10:24:36 +0200
To: Ziad Sawalha mailto:ziad.sawa...@rackspa
o add more
clarifications let us know (it has been over half a year since we created the
spec after all).
Regards,
Ziad
From: Devin Carlen mailto:devin.car...@gmail.com>>
Date: Thu, 26 May 2011 13:44:06 -0700
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: "openstack@lists.lau
011 09:52:54 +0200
To: Ziad Sawalha mailto:ziad.sawa...@rackspace.com>>
Cc: "openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>"
mailto:openstack@lists.launchpad.net>>
Subject: Re: [Openstack] Keystone Release #1 - seeking community input
Hi,
Unsure
Hi Everyone!
It's been a while since the summit in Santa Clara. It was great meeting with
everyone who was there – looking forward to the next one!
Since the summit, we've been working on Keystone and figuring out how to
integrate it into OpenStack (Nova, Swift, Glance, and the dashboard). Ther
Gholt brings up a good point in https://github.com/khussein/keystone/issues/36.
In order to support the existing ecosystem of clients out there designed to
work against swift and the Rackspace auth 1.0 API (as documented here
http://docs.rackspacecloud.com/files/api/v1/cfdevguide_d5/content/ch03
Also see project Keystone. Identity for OpenStack:
http://launchpad.net/keystone.
On 5/16/11 3:02 PM, "Marek Denis" wrote:
>
>Hi!
>
>Just for the record:
>
>I think, this link may be also very helpful:
>
>http://wiki.openstack.org/openstack-authn
>
>On 15.05.2011 18:18, andi abes wrote:
>> Hav
Thanks, Rostik. Good suggestions. We have heard much demand for SAML and I am
sure someone will implement it very soon.
On #1, that is a user experience question. Not every OpenStack deployment will
enforce the same level of complexity. We need to make that configurable on the
backend and leave
And here is a launchpad mirror: https://launchpad.net/keystone
<https://launchpad.net/keystone>
On Apr 26, 2011, at 5:25 PM, Ziad Sawalha wrote:
As a follow-up, and to keep the conversation moving, we've built and posted a
proof of concept for the OpenStack Identity servic
e at the summit this week and available to explain, demo,
hack, discuss, and collaborate with anyone interested.
Reach out to us, we look forward to meeting everyone:
- Ziad Sawalha
- Jorge Williams
- Khaled Hussein
Thanks for everyone who contributed to the code, especially Jesse and Vish for
different deployments are compatible.
>
> -Eric
>
> On Mon, Apr 18, 2011 at 06:42:22AM -0500, Ziad Sawalha wrote:
>> Hi Everyone,
>> For OpenStack to achieve the goal of being a "massively scalable cloud
>> operating system", it needs a common a
Original Message
Subject: [Openstack] Proposing an Identity Service in OpenStack (a.k.a.
Auth)
From: Ziad Sawalha mailto:z...@sawalha.com>>
Date: Mon, April 18, 2011 4:42 am
To: "openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net>"
mailto:op
Hi Everyone,
For OpenStack to achieve the goal of being a "massively scalable cloud
operating system", it needs a common approach to some of the problems that an
"operating system"deals with such as Authentication (auth-n) and Authorization
(auth-z). There has been much discussion on the topic
Licensing - Has there been a conversation around licensing? Glance may not be
the place to manage licenses (issue, track, revoke, renew, register, etc...)
but one attribute of an image is whether it needs a license or not and if it
does, where does one go to get one.
Licensing service? Maybe it
95 matches
Mail list logo
