Re: [Openstack-operators] [keystone] RBAC usage at production
Using a middleware is what we are doing also. Can you give more details about your structure? Our middleware is like the Rackspace OpenRepose. What do you use for role definitions? Are you using any backend for Keystone like LDAP? Regards. On Thu, Dec 10, 2015 at 9:55 PM, Jesse Keatingwrote: > We use RBAC, however we've done it based on roles and some middleware. The > policy files are essentially static. > > > - jlk > > On Wed, Dec 9, 2015 at 12:39 AM, Oguz Yarimtepe > wrote: > >> Hi, >> >> I am wondering whether there are people using RBAC at production. The >> policy.json file has a structure that requires restart of the service each >> time you edit the file. Is there and on the fly solution or tips about it? >> >> >> >> ___ >> OpenStack-operators mailing list >> OpenStack-operators@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > -- Oğuz Yarımtepe http://about.me/oguzy ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
[Openstack-operators] [keystone] RBAC usage at production
Hi, I am wondering whether there are people using RBAC at production. The policy.json file has a structure that requires restart of the service each time you edit the file. Is there and on the fly solution or tips about it? ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [keystone] RBAC usage at production
In other projects the policy.json file is read each time of api request. So changes to the file take place immediately. I was 90% sure keystone was the same way? ___ Kris Lindgren Senior Linux Systems Engineer GoDaddy On 12/9/15, 1:39 AM, "Oguz Yarimtepe"wrote: >Hi, > >I am wondering whether there are people using RBAC at production. The >policy.json file has a structure that requires restart of the service >each time you edit the file. Is there and on the fly solution or tips >about it? > > > >___ >OpenStack-operators mailing list >OpenStack-operators@lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [keystone] RBAC usage at production
We use RBAC in production but basically modify networking operations and some compute ones. In our case we don’t need to restart the services if we modify the policy.json file. I am surprise that keystone is not following the same process. Edgar On 12/9/15, 9:06 AM, "Kris G. Lindgren"wrote: >In other projects the policy.json file is read each time of api request. So >changes to the file take place immediately. I was 90% sure keystone was the >same way? > >___ >Kris Lindgren >Senior Linux Systems Engineer >GoDaddy > > > > > > > >On 12/9/15, 1:39 AM, "Oguz Yarimtepe" wrote: > >>Hi, >> >>I am wondering whether there are people using RBAC at production. The >>policy.json file has a structure that requires restart of the service >>each time you edit the file. Is there and on the fly solution or tips >>about it? >> >> >> >>___ >>OpenStack-operators mailing list >>OpenStack-operators@lists.openstack.org >>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >___ >OpenStack-operators mailing list >OpenStack-operators@lists.openstack.org >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators