openstack team mailing list archive

[Chuck Thier <cthier@xxxxxxxxx>]

Hi Javier,

On Tue, Nov 6, 2012 at 5:07 AM, Javier Fontan <jfontan@xxxxxxxxxxxxxx> wrote:
> Hello,
>
> We recently had interest from some of our enterprise users to use
> Swift Object Store as the backend for the VM images. I have been
> researching on a possible integration with OpenNebula but I have some
> questions.
>
> AFAIK Swift is only Object Store and exposes the object through a REST
> interface. Is there any plan to add block storage support like Ceph so
> VMs can use the objects directly?
>

There isn't currently any plans for this.  At one time we considered
it, but decided that it would not be a good idea to build block
storage on top of Swift.

> We would love to have the same users and permissions in both
> OpenNebula and Swift so the management is only done in one place. It
> seems that the "TempAuth" system is the way to go to perform this
> authentication. Is it going to be supported in the future or is it
> going to be dumped in favor of just Keystone?
>

You should be able to write your own auth middleware that integrates
swift into the OpenNebula auth system.  Docs are here:

http://docs.openstack.org/developer/swift/development_auth.html

You can also use TempAuth as an example to work from.

> Are the object ACLs stored within Swift? Can I provide the object ACLs
> from the Auth subsystem (OpenNebula in this case)? I plan to map Swift
> objects to OpenNebula Images and they already have ACLs in place.
>

Currently ACLs are at the container level in swift and not at the
object level.  That said, for your specific use case, I think you
could implement the image ACLs in your auth middleware, but it has
been a while since I have looked at that code.

--
Chuck