Re: [Openstack-operators] [keystone] RBAC usage at production

2015-12-29 Thread Oğuz Yarımtepe 
Using a middleware is what we are doing also. Can you give more details
about your structure? Our middleware is like the Rackspace OpenRepose. What
do you use for role definitions? Are you using any backend for Keystone
like LDAP?

Regards.



On Thu, Dec 10, 2015 at 9:55 PM, Jesse Keating  wrote:

> We use RBAC, however we've done it based on roles and some middleware. The
> policy files are essentially static.
>
>
> - jlk
>
> On Wed, Dec 9, 2015 at 12:39 AM, Oguz Yarimtepe 
> wrote:
>
>> Hi,
>>
>> I am wondering whether there are people using RBAC at production. The
>> policy.json file has a structure that requires restart of the service each
>> time you edit the file. Is there and on the fly solution or tips about it?
>>
>>
>>
>> ___
>> OpenStack-operators mailing list
>> OpenStack-operators@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>


-- 
Oğuz Yarımtepe
http://about.me/oguzy
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

[Openstack-operators] [keystone] RBAC usage at production

2015-12-09 Thread Oguz Yarimtepe 

Hi,

I am wondering whether there are people using RBAC at production. The 
policy.json file has a structure that requires restart of the service 
each time you edit the file. Is there and on the fly solution or tips 
about it?




___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] [keystone] RBAC usage at production

2015-12-09 Thread Kris G. Lindgren 
In other projects the policy.json file is read each time of api request.  So 
changes to the file take place immediately.  I was 90% sure keystone was the 
same way?

___
Kris Lindgren
Senior Linux Systems Engineer
GoDaddy







On 12/9/15, 1:39 AM, "Oguz Yarimtepe"  wrote:

>Hi,
>
>I am wondering whether there are people using RBAC at production. The 
>policy.json file has a structure that requires restart of the service 
>each time you edit the file. Is there and on the fly solution or tips 
>about it?
>
>
>
>___
>OpenStack-operators mailing list
>OpenStack-operators@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] [keystone] RBAC usage at production

2015-12-09 Thread Edgar Magana 
We use RBAC in production but basically modify networking operations and some 
compute ones. In our case we don’t need to restart the services if we modify 
the policy.json file. I am surprise that keystone is not following the same 
process. 

Edgar




On 12/9/15, 9:06 AM, "Kris G. Lindgren"  wrote:

>In other projects the policy.json file is read each time of api request.  So 
>changes to the file take place immediately.  I was 90% sure keystone was the 
>same way?
>
>___
>Kris Lindgren
>Senior Linux Systems Engineer
>GoDaddy
>
>
>
>
>
>
>
>On 12/9/15, 1:39 AM, "Oguz Yarimtepe"  wrote:
>
>>Hi,
>>
>>I am wondering whether there are people using RBAC at production. The 
>>policy.json file has a structure that requires restart of the service 
>>each time you edit the file. Is there and on the fly solution or tips 
>>about it?
>>
>>
>>
>>___
>>OpenStack-operators mailing list
>>OpenStack-operators@lists.openstack.org
>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>___
>OpenStack-operators mailing list
>OpenStack-operators@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators