openstack team mailing list archive

Thread
Date

Re: Keystone PKI support

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Adam Young <ayoung@xxxxxxxxxx>
Date: Tue, 04 Sep 2012 09:59:13 -0400
In-reply-to: <504603D9.6090404@linux.vnet.ibm.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0

On 09/04/2012 09:36 AM, boden wrote:

Hi,

I'm trying to better understand the current status of PKI
(http://wiki.openstack.org/PKI) and delegated authZ from a folsom
perspective. I can see the blueprint targets folsom-rc1, is marked as
implemented (https://blueprints.launchpad.net/keystone/+spec/pki) and
I've browsed some of the related code dropped into master.

However its not clear to me exactly where this PKI support stands as I
haven't found any docs on setting up the services to use it, nor am I
seeing PKI based tokens used when I run with the latest keystone code.

Is it safe to assume PKI will be supported for folsom and we will see
some updated docs in due time? If so will there be any known limitations?

Thx much


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

The PKI token code is very new. As such, It has not been enabled bydefault. There are changes that have gone in to the master branch thatare not available on Folsom 3 that are necessary to the properfunctioning of PKI.


I wrote to the Fedora cloud mailing list a quicjk blurb on testing them.

http://www.spinics.net/linux/fedora/fedora-cloud/msg01644.html

I will write up some more detailed steps for general usage.

References

Keystone PKI support
From: boden, 2012-09-04