So the application credentials spec has merged - huge thanks to Monty and the Keystone team for getting this done: https://review.openstack.org/#/c/450415/ ...

Hi All, The OpenStack login screen has just login name and password for validation. Now, if someone writes a script to perform DoS attacks by sending a lot of fake login requests, the server will easily become unavailable. I know there is a ...

# Simplification PTG Recap ## Introduction This goal was started off in the May 2017 leadership workshop [1]. We are collecting feedback from the community that OpenStack can be complex for deployers, contributors, and ultimately the people ...

I am trying to get collectd to report some alarms to vitrage in a devstack setup, I am using a devstack created on a late version of ocata. And my devstack with vitrage appears to be working ok otherwise; e.g. I can create VMs, and raise ...

On Thu, Aug 24, 2017 at 11:15 AM, Jeffrey Zhang wrote: > We are moving to deploy service via WSGI[0]. > > There are two recommended ways. > > - apache + mod_wsgi > - nginx + uwsgi > > later one is more better. > > For traditional ...

Keystone had a bug reported [0] recently (that we are targeting to pike-rc1) that exposes an inconsistency in the API based on configuration. The happy path is as follows: - a deployment is configured to store projects (controlled by the ...

* Hi all, ** I'd like to formally communicate my desire to continue serving as the keystone PTL for the upcoming Queen’s release. Despite some turbulence throughout the Pike development cycle, keystone has managed to make progress on some ...

Hi, I am running OpenStack Ocata that as originally provisioned using RDO Packstack. I currently have Keystone configured to use a single identity backend which is LDAP. Everything works great with this configuration except Heat and Magnum. ...

Trove has evolved rapidly over the past several years, since integration in IceHouse when it only supported single instances of a few databases. Today it supports a dozen databases including clusters and replication. The user survey [1] ...

Hi all, Keystone has deprecated the domain configuration upload capability provided through `keystone-manage`. We discussed it's removal in today's meeting [0] and wanted to send a quick note to the operator list. The ability to upload a ...

Hello OpenStack Community, I'd like to introduce to you all a service we have developed at Catalyst and are now ready to release to the OpenStack community in hopes that others may find it useful. As a public cloud provider we quickly ran ...

A quick summary of what happened in the writing applications for the VM and Baremetal forum session. The etherpad is available here: https://etherpad.openstack.org/p/BOS-forum-using-vm-and-baremetal We had a good number of API users and API ...

Hey all, One of the Baremetal/VM sessions at the summit focused on what we need to do to make OpenStack more consumable for application developers [0]. As a group we recognized the need for application specific passwords or API keys and ...

Hello OpenStack-dev, I am running Keystone in a virtual environment with LDAP backend. When user_id_attribute is set to sn (and the LDAP directory is configured accordingly), `openstack user list --domain default --group test-group` results ...

Hey folks, During today's keystone meeting we added another member to keystone's core team. For several releases, Colleen's had a profound impact on keystone. Her reviews are meticulous and of incredible quality. She has no hesitation to ...

Hi All I am a new to openstack and have a basic question regarding User types and administration I find 3 categories of users 1. Openstack cloud administrators/users who create tenants (or projects) and administer the cloud 2. ...

We have configured Keystone for LDAP authentication via the domain_specific_drivers_enabled setting and a file keystone..conf, and by tcpdump and LDAP server logs it appears to be working to some degree. That is, if the wrong credentials ...

>Hi Robert, > > I saw your proposal about keystone middleware >for Radius and OpenStack integration from the last year’s discussion, > >do you know about the progress in this area, >maybe someone has already done the scalability ...

Hi team, I am trying to integrate Identity (Ocata Release) with LDAP. Afer I following this page: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/10/html/integrate_with_identity_service/sec-active-directory I failed ...

[tl;dr I want to remove the artificial restriction of not allowing FKs between subsystems and I want to stop FK enforcement in code.] The keystone code architecture is pretty simple. The data and functionality are divided up into ...