I was asking earlier this week about keystone resources on the irc channel...
We're thinking about having a tenant per user on one of our clouds. We're using neutron. So setting this up involves: * Creating a User * Creating a Tenant * Assigning Roles * Creating the Tenants default Private network. (owned by the tenant) * Creating a Neutron Router. (owned by the tenant) * Setting the Router gateway. * Plugging in the Router to the Private network. * Setting some additional security group rules on the users default group. (Out of the box we want icmp and port 22 open) We'd like to have the heat stack maintained by the admin's tenant so they are protected. I tried but some of this stuff can't be done in heat today. I ended up having to write a shell script. I'd love to be able to use heat for this. Thanks, Kevin ________________________________________ From: Zane Bitter [[email protected]] Sent: Thursday, January 29, 2015 8:41 AM To: openstack Development Mailing List Subject: [openstack-dev] [Heat][Keystone] Native keystone resources in Heat I got a question today about creating keystone users/roles/tenants in Heat templates. We currently support creating users via the AWS::IAM::User resource, but we don't have a native equivalent. IIUC keystone now allows you to add users to a domain that is otherwise backed by a read-only backend (i.e. LDAP). If this means that it's now possible to configure a cloud so that one need not be an admin to create users then I think it would be a really useful thing to expose in Heat. Does anyone know if that's the case? I think roles and tenants are likely to remain admin-only, but we have precedent for including resources like that in /contrib... this seems like it would be comparably useful. Thoughts? cheers, Zane. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
