Frantic Search

Keystone v3 API and admin token

Kalle Happonen

Geek. Manager @CSCfi

September 14, 2015

Basic disclaimer. Still CentOS 6 + Icehouse (hope that's the last time I'll write that).

The problem

The OpenStack Python APIs are a bit, uhm, optimistically documented. As in "I'm sure people will figure it out". Well that's why I'm writing this.

I tried to get the keystone v3 API . . .

Read More

Tromp the Domains

Trying Identity API v3 and Domains

Kalle Happonen

Geek. Manager @CSCfi

May 25, 2015

General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.

Before getting to this post, you will need your assignment separated from identities as per my previous post.

Keystone and keystone domains

Keystone - the identity management component of OpenStack - has for a while . . .

Read More

Identity Crisis

Moving Keystone from LDAP roles to SQL roles

Kalle Happonen

Geek. Manager @CSCfi

January 27, 2015


In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.

Everything wasn't perfect though. . . .

Read More

   Subscribe by email and never miss a post.