Re: [openstack-dev] [nova][scheduler] Availability Zones and Host aggregates..

2014-03-27 Thread Sangeeta Singh 


On 3/27/14, 11:03 AM, "Day, Phil"  wrote:

>> 
>> The need arises when you need a way to use both the zones to be
>>used for
>> scheduling when no specific zone is specified. The only way to do that
>>is
>> either have a AZ which is a superset of the two AZ or the other way
>>could be
>> if the default_scheduler_zone can take a list of zones instead of just
>>1.
>
>If you don't configure a default_schedule_zone, and don't specify an
>availability_zone to the request  - then I thought that would make the AZ
>filter in effect ignore AZs for that request.  Isn't that want you need ?


 No what I want is a default_schedule_zone that uses hosts from two other
AZs but in my deployment I might have other AZs defined as well which I
want to be filtered out when the boot command does not specify a AZ.

Thanks,
Sangeeta

>
>___
>OpenStack-dev mailing list
>OpenStack-dev@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova][scheduler] Availability Zones and Host aggregates..

2014-03-26 Thread Sangeeta Singh 
Hi,

To update the thread the initial problem that I mentioned that when I add a 
host to multiple availability zone(AZ) and then do a
“nova boot” without specifying a AZ expecting the default zone to be picked up.

This is due to the bug [1] as mentioned by Vish. I have updated the bug with 
the problem.

The validation fails during instance create due to the [1]

Thanks,
Sangeeta

[1] https://bugs.launchpad.net/nova/+bug/1277230
From: Sylvain Bauza mailto:sylvain.ba...@gmail.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Date: Wednesday, March 26, 2014 at 1:34 PM
To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [nova][scheduler] Availability Zones and Host 
aggregates..

I can't agree more on this. Although the name sounds identical to AWS, Nova AZs 
are *not* for segregating compute nodes, but rather exposing to users a certain 
sort of grouping.
Please see this pointer for more info if needed : 
http://russellbryantnet.wordpress.com/2013/05/21/availability-zones-and-host-aggregates-in-openstack-compute-nova/

Regarding the bug mentioned by Vish [1], I'm the owner of it. I took it a while 
ago, but things and priorities changed so I can take a look over it this week 
and hope to deliver a patch by next week.

Thanks,
-Sylvain

[1] https://bugs.launchpad.net/nova/+bug/1277230




2014-03-26 19:00 GMT+01:00 Chris Friesen 
mailto:chris.frie...@windriver.com>>:
On 03/26/2014 11:17 AM, Khanh-Toan Tran wrote:

I don't know why you need a
compute node that belongs to 2 different availability-zones. Maybe
I'm wrong but for me it's logical that availability-zones do not
share the same compute nodes. The "availability-zones" have the role
of partition your compute nodes into "zones" that are physically
separated (in large term it would require separation of physical
servers, networking equipments, power sources, etc). So that when
user deploys 2 VMs in 2 different zones, he knows that these VMs do
not fall into a same host and if some zone falls, the others continue
working, thus the client will not lose all of his VMs.

See Vish's email.

Even under the original meaning of availability zones you could realistically 
have multiple orthogonal availability zones based on "room", or "rack", or 
"network", or "dev" vs "production", or even "has_ssds" and a compute node 
could reasonably be part of several different zones because they're logically 
in different namespaces.

Then an end-user could boot an instance, specifying "networkA", "dev", and 
"has_ssds" and only hosts that are part of all three zones would match.

Even if they're not used for orthogonal purposes, multiple availability zones 
might make sense.  Currently availability zones are the only way an end-user 
has to specify anything about the compute host he wants to run on.  So it's not 
entirely surprising that people might want to overload them for purposes other 
than physical partitioning of machines.

Chris


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova][scheduler] Availability Zones and Host aggregates..

2014-03-26 Thread Sangeeta Singh 
Yes, Vish description describes the uses cases and the need for multiple
overlapping 
availability zones nicely.

If multiple availability zone can be specified in the launch command that
will allow
End user to select hosts that satisfy all there constraints.

Thanks,
Sangeeta

On 3/26/14, 11:00 AM, "Chris Friesen"  wrote:

>On 03/26/2014 11:17 AM, Khanh-Toan Tran wrote:
>
>> I don't know why you need a
>> compute node that belongs to 2 different availability-zones. Maybe
>> I'm wrong but for me it's logical that availability-zones do not
>> share the same compute nodes. The "availability-zones" have the role
>> of partition your compute nodes into "zones" that are physically
>> separated (in large term it would require separation of physical
>> servers, networking equipments, power sources, etc). So that when
>> user deploys 2 VMs in 2 different zones, he knows that these VMs do
>> not fall into a same host and if some zone falls, the others continue
>> working, thus the client will not lose all of his VMs.
>
>See Vish's email.
>
>Even under the original meaning of availability zones you could
>realistically have multiple orthogonal availability zones based on
>"room", or "rack", or "network", or "dev" vs "production", or even
>"has_ssds" and a compute node could reasonably be part of several
>different zones because they're logically in different namespaces.
>
>Then an end-user could boot an instance, specifying "networkA", "dev",
>and "has_ssds" and only hosts that are part of all three zones would
>match.
>
>Even if they're not used for orthogonal purposes, multiple availability
>zones might make sense.  Currently availability zones are the only way
>an end-user has to specify anything about the compute host he wants to
>run on.  So it's not entirely surprising that people might want to
>overload them for purposes other than physical partitioning of machines.
>
>Chris
>
>___
>OpenStack-dev mailing list
>OpenStack-dev@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova][scheduler] Availability Zones and Host aggregates..

2014-03-26 Thread Sangeeta Singh 


On 3/26/14, 10:17 AM, "Khanh-Toan Tran" 
wrote:

>
>
>- Original Message -
>> From: "Sangeeta Singh" 
>> To: "OpenStack Development Mailing List (not for usage questions)"
>>
>> Sent: Tuesday, March 25, 2014 9:50:00 PM
>> Subject: [openstack-dev] [nova][scheduler] Availability Zones and Host
>>aggregates..
>> 
>> Hi,
>> 
>> The availability Zones filter states that theoretically a compute node
>>can be
>> part of multiple availability zones. I have a requirement where I need
>>to
>> make a compute node part to 2 AZ. When I try to create a host aggregates
>> with AZ I can not add the node in two host aggregates that have AZ
>>defined.
>> However if I create a host aggregate without associating an AZ then I
>>can
>> add the compute nodes to it. After doing that I can update the
>> host-aggregate an associate an AZ. This looks like a bug.
>> 
>> I can see the compute node to be listed in the 2 AZ with the
>> availability-zone-list command.
>> 
>
>Yes it appears a bug to me (apparently the AZ metadata indertion is
>considered as a normal metadata so no check is done), and so does the
>message in the AvailabilityZoneFilter. I don't know why you need a
>compute node that belongs to 2 different availability-zones. Maybe I'm
>wrong but for me it's logical that availability-zones do not share the
>same compute nodes. The "availability-zones" have the role of partition
>your compute nodes into "zones" that are physically separated (in large
>term it would require separation of physical servers, networking
>equipments, power sources, etc). So that when user deploys 2 VMs in 2
>different zones, he knows that these VMs do not fall into a same host and
>if some zone falls, the others continue working, thus the client will not
>lose all of his VMs. It's smaller than Regions which ensure total
>separation at the cost of low-layer connectivity and central management
>(e.g. scheduling per region).
>
>See: http://www.linuxjournal.com/content/introduction-openstack
>
>The former purpose of regouping hosts with the same characteristics is
>ensured by host-aggregates.
>
>> The problem that I have is that I can still not boot a VM on the
>>compute node
>> when I do not specify the AZ in the command though I have set the
>>default
>> availability zone and the default schedule zone in nova.conf.
>> 
>> I get the error ³ERROR: The requested availability zone is not
>>available²
>> 
>> What I am  trying to achieve is have two AZ that the user can select
>>during
>> the boot but then have a default AZ which has the HV from both AZ1 AND
>>AZ2
>> so that when the user does not specify any AZ in the boot command I
>>scatter
>> my VM on both the AZ in a balanced way.
>> 
>
>I do not understand your goal. When you create two availability-zones and
>put ALL of your compute nodes into these AZs, then if you don't specifies
>the AZ in your request, then AZFilter will automatically accept all hosts.
>The defaut weigher (RalWeigher) will then distribute the workload fairely
>among these nodes regardless of AZ it belongs to. Maybe it is what you
>want?

  With Havana that does not happen as there is a concept of
default_scheduler_zone which is none if not specified and when we specify
one can only specify a since AZ whereas in my case I basically want the 2
AZ that I create both to be considered default zones if nothing is
specified.
>
>> Any pointers.
>> 
>> Thanks,
>> Sangeeta
>> 
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>___
>OpenStack-dev mailing list
>OpenStack-dev@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova][scheduler] Availability Zones and Host aggregates..

2014-03-26 Thread Sangeeta Singh 


On 3/26/14, 10:17 AM, "Khanh-Toan Tran" 
wrote:

>
>
>- Original Message -
>> From: "Sangeeta Singh" 
>> To: "OpenStack Development Mailing List (not for usage questions)"
>>
>> Sent: Tuesday, March 25, 2014 9:50:00 PM
>> Subject: [openstack-dev] [nova][scheduler] Availability Zones and Host
>>aggregates..
>> 
>> Hi,
>> 
>> The availability Zones filter states that theoretically a compute node
>>can be
>> part of multiple availability zones. I have a requirement where I need
>>to
>> make a compute node part to 2 AZ. When I try to create a host aggregates
>> with AZ I can not add the node in two host aggregates that have AZ
>>defined.
>> However if I create a host aggregate without associating an AZ then I
>>can
>> add the compute nodes to it. After doing that I can update the
>> host-aggregate an associate an AZ. This looks like a bug.
>> 
>> I can see the compute node to be listed in the 2 AZ with the
>> availability-zone-list command.
>> 
>
>Yes it appears a bug to me (apparently the AZ metadata indertion is
>considered as a normal metadata so no check is done), and so does the
>message in the AvailabilityZoneFilter. I don't know why you need a
>compute node that belongs to 2 different availability-zones. Maybe I'm
>wrong but for me it's logical that availability-zones do not share the
>same compute nodes. The "availability-zones" have the role of partition
>your compute nodes into "zones" that are physically separated (in large
>term it would require separation of physical servers, networking
>equipments, power sources, etc). So that when user deploys 2 VMs in 2
>different zones, he knows that these VMs do not fall into a same host and
>if some zone falls, the others continue working, thus the client will not
>lose all of his VMs. It's smaller than Regions which ensure total
>separation at the cost of low-layer connectivity and central management
>(e.g. scheduling per region).

The need arises when you need a way to use both the zones to be used
for scheduling when no specific zone is specified. The only way to do that
is either have a AZ which is a superset of the two AZ or the other way
could be if the default_scheduler_zone can take a list of zones instead of
just 1.  
>
>See: http://www.linuxjournal.com/content/introduction-openstack
>
>The former purpose of regouping hosts with the same characteristics is
>ensured by host-aggregates.
>
>> The problem that I have is that I can still not boot a VM on the
>>compute node
>> when I do not specify the AZ in the command though I have set the
>>default
>> availability zone and the default schedule zone in nova.conf.
>> 
>> I get the error ³ERROR: The requested availability zone is not
>>available²
>> 
>> What I am  trying to achieve is have two AZ that the user can select
>>during
>> the boot but then have a default AZ which has the HV from both AZ1 AND
>>AZ2
>> so that when the user does not specify any AZ in the boot command I
>>scatter
>> my VM on both the AZ in a balanced way.
>> 
>
>I do not understand your goal. When you create two availability-zones and
>put ALL of your compute nodes into these AZs, then if you don't specifies
>the AZ in your request, then AZFilter will automatically accept all hosts.
>The defaut weigher (RalWeigher) will then distribute the workload fairely
>among these nodes regardless of AZ it belongs to. Maybe it is what you
>want?
>
>> Any pointers.
>> 
>> Thanks,
>> Sangeeta
>> 
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>___
>OpenStack-dev mailing list
>OpenStack-dev@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [nova][scheduler] Availability Zones and Host aggregates..

2014-03-26 Thread Sangeeta Singh 


From: , Santiago B 
mailto:santiago.b.baldas...@intel.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Date: Wednesday, March 26, 2014 at 5:17 AM
To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [nova][scheduler] Availability Zones and Host 
aggregates..

I would say that the requirement is not valid. A host aggregate con only have 
one availability zone so what you actually can have is a compute node that’s 
part of 2 host aggregates, which actually have the same availability zone.

It is in our case where we have a superset host aggregate that has all the 
hosts and then we have subset host aggregates(AZ) based on PDU. Need is that 
our user can specify the AZ based on the PDU but also in case no AZ is 
specified we want to load balance from the superset which contains two 
host-aggregates(AZ).


In the scenario you mentioned below where you create the aggregates without 
associating the availability zone, after updating the aggregates with the 
zones, the hosts still share the same availability zone right?

No the host becomes part of two availability zones one for each of the host 
aggregates.

From: John Garbutt [mailto:j...@johngarbutt.com]
Sent: Wednesday, March 26, 2014 8:47 AM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [nova][scheduler] Availability Zones and Host 
aggregates..


Sounds like an extra weighter to try and balance load between your two AZs 
might be a nicer way to go.

The easiest way might be via cells, one for each AZ . But not sure we merged 
that support yet. But there are patches for that.

John
On 25 Mar 2014 20:53, "Sangeeta Singh" 
mailto:sin...@yahoo-inc.com>> wrote:
Hi,

The availability Zones filter states that theoretically a compute node can be 
part of multiple availability zones. I have a requirement where I need to make 
a compute node part to 2 AZ. When I try to create a host aggregates with AZ I 
can not add the node in two host aggregates that have AZ defined. However if I 
create a host aggregate without associating an AZ then I can add the compute 
nodes to it. After doing that I can update the host-aggregate an associate an 
AZ. This looks like a bug.

I can see the compute node to be listed in the 2 AZ with the 
availability-zone-list command.

The problem that I have is that I can still not boot a VM on the compute node 
when I do not specify the AZ in the command though I have set the default 
availability zone and the default schedule zone in nova.conf.

I get the error “ERROR: The requested availability zone is not available”

What I am  trying to achieve is have two AZ that the user can select during the 
boot but then have a default AZ which has the HV from both AZ1 AND AZ2 so that 
when the user does not specify any AZ in the boot command I scatter my VM on 
both the AZ in a balanced way.

Any pointers.

Thanks,
Sangeeta

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [nova][scheduler] Availability Zones and Host aggregates..

2014-03-25 Thread Sangeeta Singh 
Hi,

The availability Zones filter states that theoretically a compute node can be 
part of multiple availability zones. I have a requirement where I need to make 
a compute node part to 2 AZ. When I try to create a host aggregates with AZ I 
can not add the node in two host aggregates that have AZ defined. However if I 
create a host aggregate without associating an AZ then I can add the compute 
nodes to it. After doing that I can update the host-aggregate an associate an 
AZ. This looks like a bug.

I can see the compute node to be listed in the 2 AZ with the 
availability-zone-list command.

The problem that I have is that I can still not boot a VM on the compute node 
when I do not specify the AZ in the command though I have set the default 
availability zone and the default schedule zone in nova.conf.

I get the error “ERROR: The requested availability zone is not available”

What I am  trying to achieve is have two AZ that the user can select during the 
boot but then have a default AZ which has the HV from both AZ1 AND AZ2 so that 
when the user does not specify any AZ in the boot command I scatter my VM on 
both the AZ in a balanced way.

Any pointers.

Thanks,
Sangeeta
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Nova][glance] Question about evacuate with no shared storage..

2014-02-21 Thread Sangeeta Singh 
So we have to use the block-migrate flag in the live-migrate command set.
Also which is the minimum libvirt version that support this. We use
lbvirt-0.10.2-29

Thanks for the pointer to the patch. I will check that out.

Sangeeta

On 2/21/14, 9:38 AM, "Joe Gordon"  wrote:

>On Thu, Feb 20, 2014 at 9:01 PM, Sangeeta Singh 
>wrote:
>> Hi,
>>
>> At my organization we do not use a shared storage for VM disks  but
>>need to
>> evacuate VMs  from a HV that is down or having problems to another HV.
>>The
>> evacuate command only allows the evacuated VM to have the base image.
>>What I
>> am interested in is to create a snapshot of the VM on the down HV and
>>then
>> be able to use the evacuate command by specifying the snapshot for the
>> image.
>
>libvirt supports live migration without any shared storage. TripleO
>has been testing it out using this patch
>https://review.openstack.org/#/c/74600/
>
>>
>> Has anyone had such a use case? Is there a command that uses snapshots
>>in
>> this way to recreate VM on a new HV.
>>
>> Thanks for the pointers.
>>
>> Sangeeta
>>
>> ___
>> OpenStack-dev mailing list
>> OpenStack-dev@lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>___
>OpenStack-dev mailing list
>OpenStack-dev@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Nova][glance] Question about evacuate with no shared storage..

2014-02-21 Thread Sangeeta Singh 
Yes, I am thinking on those lines as well. I was planning to write a new 
extension. But probably extending the current evacuate command to take in the 
snapshot as input might be a better approach  as you outlined. Was that what 
your thinking is?

Thanks,
Sangeeta

From: ChangBo Guo mailto:glongw...@gmail.com>>
Reply-To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Date: Friday, February 21, 2014 at 6:42 AM
To: "OpenStack Development Mailing List (not for usage questions)" 
mailto:openstack-dev@lists.openstack.org>>
Subject: Re: [openstack-dev] [Nova][glance] Question about evacuate with no 
shared storage..

This looks like a useful feature,  need some work to do that. evacuate function 
based on rebuild, if we want to use snapshot images, we need pass the the 
snapshot reference  from API layer ,and expose the interface from 
python-novaclient. Correct me if I am wrong :)


2014-02-21 13:01 GMT+08:00 Sangeeta Singh 
mailto:sin...@yahoo-inc.com>>:
Hi,

At my organization we do not use a shared storage for VM disks  but need to 
evacuate VMs  from a HV that is down or having problems to another HV. The 
evacuate command only allows the evacuated VM to have the base image. What I am 
interested in is to create a snapshot of the VM on the down HV and then be able 
to use the evacuate command by specifying the snapshot for the image.

Has anyone had such a use case? Is there a command that uses snapshots in this 
way to recreate VM on a new HV.

Thanks for the pointers.

Sangeeta

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
ChangBo Guo(gcb)
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] Monitoring IP Availability

2014-02-21 Thread Sangeeta Singh 
What about the fixed ips? Can this hook be extended for that?

On 2/20/14, 1:59 PM, "Collins, Sean" 
wrote:

>On Thu, Feb 20, 2014 at 12:53:51AM +, Vilobh Meshram wrote:
>> Hello OpenStack Dev,
>> 
>> We wanted to have your input on how different companies/organizations,
>>using Openstack, are monitoring IP availability as this can be useful to
>>track the used IP¹s and total number of IP¹s.
>
>A while ago I added hooks to Nova-network to forward
>floating-ip allocations into an existing management system,
>since this system was the source of truth for IP address management
>inside Comcast.
>
>-- 
>Sean M. Collins
>___
>OpenStack-dev mailing list
>OpenStack-dev@lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [Nova][glance] Question about evacuate with no shared storage..

2014-02-20 Thread Sangeeta Singh 
Hi,

At my organization we do not use a shared storage for VM disks  but need to 
evacuate VMs  from a HV that is down or having problems to another HV. The 
evacuate command only allows the evacuated VM to have the base image. What I am 
interested in is to create a snapshot of the VM on the down HV and then be able 
to use the evacuate command by specifying the snapshot for the image.

Has anyone had such a use case? Is there a command that uses snapshots in this 
way to recreate VM on a new HV.

Thanks for the pointers.

Sangeeta
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [Keystone][oslo] Trusted Messaging Question

2013-10-11 Thread Sangeeta Singh 
Hi,

I had some questions about the trusted messaging project.


  1.  During your design did you consider a kerberos style ticketing service 
for KDS? If yes what were the reasons against it?
  2.  The Keystone documentation does say that it can support kerberos style 
authentication. Are there any know implementations and deployments?
  3.  Does the secured messaging framework supports plugging in one's own key 
service or is there a plan of going in that direction. I think that would 
something that would be useful to the community giving the flexibility to hook 
up different security enforcing agents similar to the higher level message 
abstractions to allow multiple message transport in the oslo messaging library.

I am interested to know how can one use the proposed framework and be able to 
plugin different key distribution mechanism.

Thanks,
Sangeeta
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] Secured Messaging Design Question

2013-10-08 Thread Sangeeta Singh 
Hi,

The proposed design of Openstack secured messaging framework is strong 
proposal. I have read through it and have some questions  regarding the KDS.


  1.  During your design did you consider a kerberos style ticketing service 
for KDS? If yes what were the reasons against it?
  2.  The Keystone documentation does say that it can support kerberos style 
authentication. Are there any know implementations and deployments?
  3.  Does the secured messaging framework supports plugging in one's own key 
service or is there a plan of going in that direction. I think that would 
something that would be useful to the community giving the flexibility to hook 
up different security enforcing agents similar to the higher level message 
abstractions to allow multiple message transport in the oslo messaging library.

Thanks.

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev