AFIK, if we implement ironic as a replacement for cobbler, we will have Keystone on the fuel-master anyway. Supporting OAuth as an additional authentication entry would awesome too, but I'm not sure if there would be much demand over Keystone.
On Tue, May 27, 2014 at 8:31 AM, Lukasz Oles <[email protected]> wrote: > There is some misunderstanding here. By using keystone I mean running > keystone on fuel master node. After all it's just python program. It's used > by OpenStack as authorization tool but it also can be used as standalone > software or by different tools completely not connected with OpenStack. > In future if want to use LDAP source, keystone already have plugin for it. > > Regards > > > On Tue, May 27, 2014 at 5:08 PM, David Easter <[email protected]> wrote: >> >> The other challenge of utilizing Keystone is which one to use. Fuel >> enables the deployment of multiple cloud environments from one UI; so when >> accessing the Fuel Master Node, it would be ambiguous which already deployed >> Keystone to contact for authentication. If/When Triple-O is utilized, one >> could perhaps see designating the Keystone of the undercloud; but that’s >> more a future requirement. >> >> For now, I’d suggest an internal authentication in the immediate short >> term. External auth sources can be added in future milestones – most likely >> an LDAP source that’s outside the deployed clouds and designated by IT. >> >> Thanks, >> >> - David J. Easter >> Director of Product Management, Mirantis >> >> From: Jesse Pretorius <[email protected]> >> Reply-To: "OpenStack Development Mailing List (not for usage questions)" >> <[email protected]> >> Date: Tuesday, May 27, 2014 at 7:43 AM >> >> To: "OpenStack Development Mailing List (not for usage questions)" >> <[email protected]> >> Subject: Re: [openstack-dev] [Fuel-dev] access-control-master-node >> >> On 27 May 2014 13:42, Lukasz Oles <[email protected]> wrote: >>> >>> Hello fuelers, >>> >>> we(I and Kamil) would like start discussion about "Enforce access control >>> for Fuel UI" blueprint >>> https://blueprints.launchpad.net/fuel/+spec/access-control-master-node. >>> >>> First question to David, as he proposed this bp. Do you want to add more >>> requirements? >>> >>> To all. What do you think about using keystone as authorization tool? We >>> described all pros/cons in the specification. >> >> >> I would suggest both an internal authentication database and the option of >> plugging additional options in, with keystone being one of them and perhaps >> something like oauth being another. >> >> Keystone may not be available at the time of the build, or accessible from >> the network that's used for the initial build. >> _______________________________________________ OpenStack-dev mailing list >> [email protected] >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> -- >> Mailing list: https://launchpad.net/~fuel-dev >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~fuel-dev >> More help : https://help.launchpad.net/ListHelp >> > > > > -- > Łukasz Oleś > > -- > Mailing list: https://launchpad.net/~fuel-dev > Post to : [email protected] > Unsubscribe : https://launchpad.net/~fuel-dev > More help : https://help.launchpad.net/ListHelp > -- Andrew Mirantis Ceph community -- Mailing list: https://launchpad.net/~fuel-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~fuel-dev More help : https://help.launchpad.net/ListHelp
