Hi everyone, I'm currently building a customer panel to offer public cloud services based on openstack. I'd like to share my plans to validate my approach is good and hear suggestions/feedback from others working on the same kind of project.
I'm trying to get the following behaviour: Users register and get access to the panel, I'm keeping user/pass and permissions/groups in my own mysql DB. I wish that the API is not active by default, the user can go to his/her profile and tick a checkbox to get access to the API. For this, I came up with this plan: 1. The user registers, I keep his username/pass in my DB, generate a random hashed keystoneuser/keystonepass and call keystone to create the user/tenant (using keystoneuser as tenant-name). I store this keystone user/pass/tenant info in my DB (which may be a security hole if someone is able to access this DB as the pass is saved as plain text) 2. On user login with his panel credentials, I'll get his keystoneuser/keystonepass to create a token and use this token during his session on the panel. 3. If the user wish to activate access to the API, he'll go to his profile/api page, where he'll see his keystoneuser/tenant name. 3.1. If he/she ticks activate, I'll show him his current keystonepass (from my own DB). 3.2. If he/she ticks deactivate, I'll generate a new random keystonepass, and call keystone to change the password in Openstack. I don't show this password to the user, so he can't use the API anymore, but the panel can get new tokens to continue working. Does this makes sense? Do you guys have any recommendation/suggestion to this implementation? Keep in mind I'm not a python guy, I tried to understand how to write a keystone driver for identity and policy but got lost in the docs/code. Also, is it currently possible to implement a panel like VPS.net where you buy "nodes" (1 node = 256MB/10GB) and then you launch instances/services based on the number of nodes you have purchased? (And thus get a fixed bill amount each month) Could anybody point me in the right direction to achieve this? Thanks for your help! Adrian Moya
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
