In OpenStack, we have a very common problem of VM's needing to talk to OpenStack Services.
Heat, Trove, Sahara, Octavia, Magnum, other services that provision vm's, all have need to either have a guest agent talk to a controller via Zaqar using a Keystone credential, or fetch Secrets from Barbican which needs a Keystone credential. The fledgling Global App Catalog project really needs it as well to enable generic heat templates to be able to be written and contributed. It takes a long time to build up a community around such features so delay now delays the app catalog resources much further out. The lack of the Instance User feature is causing OpenStack projects to come up with their own solutions and its causing a lot of duplicate work and a lot of suboptimal implementations to come about. This really need to be fixed once and for all. I met with a lot of the teams during the last Summit. We came up with a plan, and have spent a significant amount of time bashing out the details out in the Nova spec. We've gotten +1's from both the Barbican and Keystone PTL's. It seems to have gotten stuck in Nova's review queue and has such missed the hard deadline. I believe this is very detrimental to OpenStack in general. So, I'd formally like to request either a Spec freeze exception be granted so that the Nova team will have time to review their part of the spec, or that the Spec be approved and we can hash out the remaining details when the code enters the review process. There is still plenty of time for that. https://review.openstack.org/#/c/186617/ Thanks, Kevin
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
