fuel-dev team mailing list archive

Thread
Date

Re: [openstack-dev] access-control-master-node

To: David Easter <deaster@xxxxxxxxxxxx>
From: Lukasz Oles <loles@xxxxxxxxxxxx>
Date: Tue, 27 May 2014 17:31:22 +0200
Cc: "fuel-dev@xxxxxxxxxxxxxxxxxxx" <fuel-dev@xxxxxxxxxxxxxxxxxxx>, "OpenStack Development Mailing List \(not for usage questions\)" <openstack-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CFA9F6F8.276B0%deaster@mirantis.com>

There is some misunderstanding here. By using keystone I mean running
keystone on fuel master node. After all it's just python program. It's used
by OpenStack as authorization tool but it also can be used as standalone
software or by different tools completely not connected with OpenStack.
In future if  want to use LDAP source, keystone already have plugin for it.

Regards


On Tue, May 27, 2014 at 5:08 PM, David Easter <deaster@xxxxxxxxxxxx> wrote:

> The other challenge of utilizing Keystone is which one to use.  Fuel
> enables the deployment of multiple cloud environments from one UI; so when
> accessing the Fuel Master Node, it would be ambiguous which already
> deployed Keystone to contact for authentication.  If/When Triple-O is
> utilized, one could perhaps see designating the Keystone of the undercloud;
> but that’s more a future requirement.
>
> For now, I’d suggest an internal authentication in the immediate short
> term.  External auth sources can be added in future milestones – most
> likely an LDAP source that’s outside the deployed clouds and designated by
> IT.
>
> Thanks,
>
> - David J. Easter
>   Director of Product Management, Mirantis
>
> From: Jesse Pretorius <jesse.pretorius@xxxxxxxxx>
> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev@xxxxxxxxxxxxxxxxxxx>
> Date: Tuesday, May 27, 2014 at 7:43 AM
>
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev@xxxxxxxxxxxxxxxxxxx>
> Subject: Re: [openstack-dev] [Fuel-dev] access-control-master-node
>
> On 27 May 2014 13:42, Lukasz Oles <loles@xxxxxxxxxxxx> wrote:
>
>> Hello fuelers,
>>
>> we(I and Kamil) would like start discussion about "Enforce access control
>> for Fuel UI" blueprint
>> https://blueprints.launchpad.net/fuel/+spec/access-control-master-node.
>>
>> First question to David, as he proposed this bp. Do you want to add more
>> requirements?
>>
>> To all. What do you think about using keystone as authorization tool? We
>> described all pros/cons in the specification.
>>
>
> I would suggest both an internal authentication database and the option of
> plugging additional options in, with keystone being one of them and perhaps
> something like oauth being another.
>
> Keystone may not be available at the time of the build, or accessible from
> the network that's used for the initial build.
> _______________________________________________ OpenStack-dev mailing list
> OpenStack-dev@xxxxxxxxxxxxxxxxxxx
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> --
> Mailing list: https://launchpad.net/~fuel-dev
> Post to     : fuel-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~fuel-dev
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
Łukasz Oleś

Follow ups

Re: [openstack-dev] access-control-master-node
From: Andrew Woodward, 2014-05-27

References

Re: [openstack-dev] access-control-master-node
From: David Easter, 2014-05-27