On 09/26/2015 11:19 PM, RunnerCheng wrote:
Hi All,
I'm a newbie of keystone, and I'm doing some research about it
recently. I have a question about how to deploy it. The scenario is on
below:
One comany has one headquarter dc and 5 sub dc locate in different
cities. We want to deploy separate OpenStack with "sub" keystone at
the sub dc, and want to deploy one "master" keystone at headquarter
dc. We want to manage all users, roles and tenants etc on the "master"
keystone, however we want the end-user can authenticate with the "sub"
keystone where he or she is locate.
Use LDAP for the users, don't keep them in Keystone.
Replicate roles, projects etc from master to sub.
Use Fernet tokens. Replicate revocation events both ways.
Is anyone understant this scenario? How to realize it without
additionaly development?
Thanks in advance!
Sam Cheng
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
