Nice work Adam, as usual. I'm dropping some comments about how we could automate it in TripleO:
# Identity Provider Registration and Metadata This script could be called by Puppet or Heat at the right time, but now I don't have the best answer. # Federation Operations We can achieve it with puppet-keystone thanks to Sofer's awesome work: https://github.com/openstack/puppet-keystone/blob/master/lib/puppet/provider/keystone_identity_provider/openstack.rb # Dashboard We need to expose new parameters to puppet-horizon and consume them in THT horizon service. # Redirect Support for SAML We can easily do it in puppet-tripleo re-using current bits for haproxy config. # Federation Mapping Gilles started that a long time ago: https://review.openstack.org/#/c/202409/ We'll need to finish it. Other actions can be handled by puppet-keystone. # deploy-env.yml Please submit the missing keystone.conf parameters into puppet-keystone. Conclusion: I think we can achieve almost (if not all) everything in TripleO and Puppet modules without crazy pain. Please create launchpads bugs for every piece, it will help PTLs (Puppet + TripleO) to prioritize/task the work that needs to be done. HTH On Thu, Aug 11, 2016 at 2:20 PM, Adam Young <ayo...@redhat.com> wrote: > http://adam.younglogic.com/2016/08/ooo-ha-fed-poc/ > > > It is painful, sloppy, Mitaka based. Have at it, and lets make Federation a > reality for Newton based deployments. Feedback eagerly sought. > > Thanks for all the people that helped get me through this. Won't list you > all, as it would start to sound like an Oscars acceptance speech. > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Emilien Macchi __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev