← Back to team overview

openstack team mailing list archive

Integrating keystone for a public cloud panel

 

Hi everyone, I'm currently building a customer panel to offer public cloud
services based on openstack. I'd like to share my plans to validate my
approach is good and hear suggestions/feedback from others working on the
same kind of project.

I'm trying to get the following behaviour:

Users register and get access to the panel, I'm keeping user/pass and
permissions/groups in my own mysql DB.
I wish that the API is not active by default, the user can go to his/her
profile and tick a checkbox to get access to the API.

For this, I came up with this plan:

1. The user registers, I keep his username/pass in my DB, generate a random
hashed keystoneuser/keystonepass and call keystone to create the
user/tenant (using keystoneuser as tenant-name).
I store this keystone user/pass/tenant info in my DB (which may be a
security hole if someone is able to access this DB as the pass is saved as
plain text)

2. On user login with his panel credentials, I'll get his
keystoneuser/keystonepass to create a token and use this token during his
session on the panel.

3. If the user wish to activate access to the API, he'll go to his
profile/api page, where he'll see his keystoneuser/tenant name.

3.1. If he/she ticks activate, I'll show him his current keystonepass (from
my own DB).

3.2. If he/she ticks deactivate, I'll generate a new random keystonepass,
and call keystone to change the password in Openstack.
I don't show this password to the user, so he can't use the API anymore,
but the panel can get new tokens to continue working.

Does this makes sense? Do you guys have any recommendation/suggestion to
this implementation? Keep in mind I'm not a python guy, I tried to
understand how to write a keystone driver for identity and policy but got
lost in the docs/code.

Also, is it currently possible to implement a panel like VPS.net where you
buy "nodes" (1 node = 256MB/10GB) and then you launch
instances/services based on the number of nodes you have purchased? (And
thus get a fixed bill amount each month) Could anybody point me in the
right direction to achieve this?

Thanks for your help!

Adrian Moya

Follow ups