Kalle Happonen

Frantic Search

Keystone v3 API and admin token

Basic disclaimer. Still CentOS 6 + Icehouse (hope that's the last time I'll write that).

The problem

The OpenStack Python APIs are a bit, uhm, optimistically documented. As in "I'm sure people will figure it out". Well that's why I'm writing this.

I tried to get the keystone v3 API . . .

Read More

September 14, 2015

Tromp the Domains

Trying Identity API v3 and Domains

General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.

Before getting to this post, you will need your assignment separated from identities as per my previous post.

Keystone and keystone domains

Keystone - the identity management component of OpenStack - has for a while . . .

Read More

May 25, 2015

Identity Crisis

Moving Keystone from LDAP roles to SQL roles

Background

In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.

Everything wasn't perfect though. . . .

Read More

January 27, 2015

Archive