Keystone v3 API and admin token
Basic disclaimer. Still CentOS 6 + Icehouse (hope that's the last time I'll write that).
The OpenStack Python APIs are a bit, uhm, optimistically documented. As in "I'm sure people will figure it out". Well that's why I'm writing this.
I tried to get the keystone v3 API . . .
Migrating from CentOS 6 to CentOS 7
We have run OpenStack for a while, and always on CentOS 6. It's old and virtualization-wise somewhat restricted. Currently we're on OpenStack Icehouse. The Juno packages don't exist for CentOS 6 so we need to make the challenging jump to CentOS 7 before upgrading.
This is mainly a problem for the compute nodes. The . . .
Trying Identity API v3 and Domains
General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.
Before getting to this post, you will need your assignment separated from identities as per my previous post.
Keystone and keystone domains
Keystone - the identity management component of OpenStack - has for a while . . .
Normal disclaimer: RDO Icehouse
I ran into an issue where a VM previously had a floating IP, but it was released back to the pool. It was important to get that IP back for that VM.
Icehouse-era Neutron does not allow you to specify which specific floating ip you want, but kilo might. So how could this be fixed? I guess I . . .
Moving Keystone from LDAP roles to SQL roles
In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.
Everything wasn't perfect though. . . .