openstack team mailing list archive

[andi abes <andi.abes@xxxxxxxxx>]

>
>
>>  To summarize the intent:
>>
>>    - we add a string UID to the database schema
>>    - For deployments with the integer ID, we copy that into the UID field
>>    - For deployments where the ID is a string (cactus and pre-Diablo) we
>>    copy that into the UID field
>>    - We use the UID field in the URLs displayed by Keystone
>>
>> That will allow migrations into Keystone and you can decide in your data
>> import what value to make the ID that shows up as the REST URL.
>>
>>
>>
Did this code land somewhere? Any chance it can be back ported to
diablo/stable?




>   From: Judd Maltin <openstack@xxxxxxxxxxxxxx>
>> Date: Thu, 1 Dec 2011 16:32:00 -0500
>> To: Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>
>> Subject: Re: [Openstack] Keystone & Swift: swiftauth tenant namespace
>> collisions?
>>
>>  Hi Ziad,
>>
>> The current authentication systems for Swift use a hash as the
>> tenant_id.  I saw that keystone is using a sequential integer from the DB
>> as the tenant_id.  This doesn't allow Keystone to match an existing Swift
>> tenant_id (called "account" in Swift).  This prevents Keystone from just
>> "taking over" for swauth or tempauth.
>>
>> If the definition of tenant_id is changed in Keystone to be configurable
>> by the administrator, or at least NOT be a seq from the DB, then migration
>> from swauth to keystone is possible, and may even be automated.
>>
>> Looking forward to your thoughts,
>> -judd
>>
>> On Sun, Nov 27, 2011 at 12:51 AM, Ziad Sawalha <
>> ziad.sawalha@xxxxxxxxxxxxx> wrote:
>>
>>>  Hi Judd –
>>>
>>>  Account in swift is the same thing as tenant in Keystone.
>>>
>>>  Is the problem that you are specifying account 'name' instead of the
>>> ID?
>>>
>>>  I'm asking because we have had a number of users having problems
>>> migrating into Keystone after we switched to ID/Name for tenants and users
>>> and we are considering a schema change that would allow for simpler
>>> migration into Keystone and support tenant ID and name being the same.
>>>
>>>  I'm not sure that would help you, but if it would we would like to get
>>> your input on the design we are considering.
>>>
>>>   From: Judd Maltin <openstack@xxxxxxxxxxxxxx>
>>> Date: Fri, 25 Nov 2011 11:31:50 -0500
>>> To: "Rouault, Jason (Cloud Services)" <jason.rouault@xxxxxx>
>>> Cc: John Dickinson <me@xxxxxx>, Ziad Sawalha <ziad.sawalha@xxxxxxxxxxxxx>,
>>> "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
>>>
>>> Subject: Re: [Openstack] Keystone & Swift: swiftauth tenant namespace
>>> collisions?
>>>
>>>  Thanks Jason,
>>>
>>> I am indeed working off stable/diablo.  It looks like I'm going to have
>>> to use mod_proxy and mod_rewrite to migrate my users form
>>> AUTH_<account_name> to AUTH_<tenant_id>  Any other ideas for this sort of
>>> migration?
>>>
>>> -judd
>>>
>>>
>>>
>>>
>>> On Mon, Nov 21, 2011 at 9:42 AM, Rouault, Jason (Cloud Services) <
>>> jason.rouault@xxxxxx> wrote:
>>>
>>>> Yes, I am aware of the new swift code for Keystone, but the question
>>>> came
>>>> from Judd who may be working off of Diablo-stable.
>>>>
>>>> -----Original Message-----
>>>> From: John Dickinson [mailto:me@xxxxxx]
>>>> Sent: Sunday, November 20, 2011 8:59 AM
>>>> To: Rouault, Jason (Cloud Services)
>>>> Cc: Ziad Sawalha; Judd Maltin; openstack@xxxxxxxxxxxxxxxxxxx
>>>> Subject: Re: [Openstack] Keystone & Swift: swiftauth tenant namespace
>>>> collisions?
>>>>
>>>> I don't think that is exactly right, but my understanding of tenants vs
>>>> accounts vs users may be lacking. Nonetheless, auth v2.0 support was
>>>> added
>>>> to the swift cli tool by Chmouel recently. Have you tried with the code
>>>> in
>>>> swift's trunk (also the 1.4.4 release scheduled for Tuesday)?
>>>>
>>>> --John
>>>>
>>>>
>>>> On Nov 20, 2011, at 8:55 AM, Rouault, Jason (Cloud Services) wrote:
>>>>
>>>> > Ziad,
>>>> >
>>>> > I think the problem is that the 'swift' command scopes a user to an
>>>> account(tenant) via the concatenation of account:username when providing
>>>> credentials for a valid token.  With Keystone and /v2.0 auth the
>>>> tenantId
>>>> (or tenantName) are passed in the body of the request.
>>>> >
>>>> > Jason
>>>> >
>>>> > From: openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx
>>>> [mailto:openstack-bounces+jason.rouault=hp.com@xxxxxxxxxxxxxxxxxxx] On
>>>> Behalf Of Ziad Sawalha
>>>> > Sent: Friday, November 18, 2011 2:10 PM
>>>> > To: Judd Maltin; openstack@xxxxxxxxxxxxxxxxxxx
>>>> > Subject: Re: [Openstack] Keystone & Swift: swiftauth tenant namespace
>>>> collisions?
>>>> >
>>>> > Hi Judd - I'm not sire I understand. Can you give me an example of two
>>>> tenants, their usernames, and the endpoints you would like them to have
>>>> in
>>>> Keystone?
>>>> >
>>>> >
>>>> > From: Judd Maltin <judd@xxxxxxxxxxxxxx>
>>>> > Date: Fri, 18 Nov 2011 15:22:09 -0500
>>>> > To: <openstack@xxxxxxxxxxxxxxxxxxx>
>>>> > Subject: [Openstack] Keystone & Swift: swiftauth tenant namespace
>>>> collisions?
>>>> >
>>>> > In keystone auth for swift (swiftauth), is there a way to eliminate
>>>> namespace conflicts across tenants?"
>>>> >
>>>> > i.e. in tempauth we use account:username password
>>>> >
>>>> > curl -k  -v -H 'X-Auth-User: test:tester' -H 'X-Auth-Token: testing'
>>>> http://127.0.0.1:8080/auth/v1.0
>>>> >
>>>> > in swiftauth we use username password:
>>>> > $ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v
>>>> > StorageURL: http://127.0.0.1:8888/v1/AUTH_1234
>>>> > Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3
>>>> > Account: AUTH_12
>>>> >
>>>> > How can I indicate my tenant (aka account) in this scheme.  I already
>>>> have
>>>> lots of data.
>>>> >
>>>> > Further, should I create custom endpoint templates for each tenant to
>>>> address "Account: AUTH_12" being unknown to my current swift account db?
>>>> >
>>>> > Thanks very much,
>>>> > -judd
>>>> >
>>>> >
>>>> > --
>>>> > Judd Maltin
>>>> > T: 917-882-1270
>>>> > F: 501-694-7809
>>>> > A loving heart is never wrong.
>>>> >
>>>> >
>>>> >
>>>> > _______________________________________________ Mailing list:
>>>> https://launchpad.net/~openstack Post to :openstack@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~openstack More help :
>>>> https://help.launchpad.net/ListHelp
>>>> > _______________________________________________
>>>> > Mailing list: https://launchpad.net/~openstack
>>>> > Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>>>> > Unsubscribe : https://launchpad.net/~openstack
>>>> > More help   : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>
>>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>