Re: [openstack-dev] [Openstack-operators] [keystone] RBAC usage at production

2015-12-29 Thread Oğuz Yarımtepe
Using a middleware is what we are doing also. Can you give more details about your structure? Our middleware is like the Rackspace OpenRepose. What do you use for role definitions? Are you using any backend for Keystone like LDAP? Regards. On Thu, Dec 10, 2015 at 9:55 PM, Jesse Keating

Re: [openstack-dev] [Openstack-operators] [keystone] RBAC usage at production

2015-12-09 Thread Kris G. Lindgren
In other projects the policy.json file is read each time of api request. So changes to the file take place immediately. I was 90% sure keystone was the same way? ___ Kris Lindgren Senior Linux Systems Engineer GoDaddy On

Re: [openstack-dev] [Openstack-operators] [keystone] RBAC usage at production

2015-12-09 Thread Edgar Magana
We use RBAC in production but basically modify networking operations and some compute ones. In our case we don’t need to restart the services if we modify the policy.json file. I am surprise that keystone is not following the same process. Edgar On 12/9/15, 9:06 AM, "Kris G. Lindgren"

Re: [openstack-dev] [Openstack-operators] [keystone] RBAC usage at production

2015-12-09 Thread Timothy Symanczyk
We are running keystone kilo in production, and I¹m actively implementing RBAC right now. I¹m certain that, at least with the version of keystone we¹re running, a restart is NOT required when the policy file is modified. Tim On 12/9/15, 9:18 AM, "Edgar Magana"

Re: [openstack-dev] [Openstack-operators] [keystone] RBAC usage at production

2015-12-09 Thread Steve Martinelli
gt;, "Kris G. Lindgren" <klindg...@godaddy.com>, Oguz Yarimtepe <oguzyarimt...@gmail.com>, "openstack-operat...@lists.openstack.org" <openstack-operat...@lists.openstack.org> Date: 2015/12/09 04:40 PM Subject: Re: