settingsLogin | Registersettings

Recent activity by Adam_Young

3 responses 33 views

Hello: I want every one can access a volume I created in cinder as admin, so I changed /etc/cinder/policy.json as bellow, but it won't work. Why? And how to do it? Thanks! policy.json { "context_is_admin": "role:admin", "admin_or_owner": ...

responded May 16, 2017 in openstack
0 responses 4 views

There has been a lot of talk about Policy this past summit and release. Based on feedback, we've come up with the following spec to address it. https://review.openstack.org/#/c/391624/ The idea is that we are going to split the role check ...

asked Nov 3, 2016 in openstack-dev
1 response 13 views

Hi Keystone team, We have a scenario that involves securing services for container and this has turned out to be rather difficult to solve, so we would like to bring to the larger team for ideas. Examples of this scenario: 1. Kubernetes ...

responded Oct 20, 2016 in openstack-dev
11 responses 61 views

Hello Keystone Devs, Just curious as to the choice to have the project name be only 64 characters: https://github.com/openstack/keystone/blob/master/keystone/resource/backends/sql.py#L241 Seems short, and an odd choice when the user.name ...

responded Oct 20, 2016 in openstack-dev
2 responses 17 views

Hello, I have next nodes: swift_proxy1 - 192.168.0.11 swift_proxy2 - 192.168.0.12 keystone1 - 192.168.0.21 keystone2 - 192.168.0.22 I wonder to know if it is possible to use two keystone servers if we use "uuid" or "fernet" tokens. With ...

responded Oct 20, 2016 in openstack
 
11 responses 23 views

It turns out that summit this year will be just down the road from Chris Sharma's relatively new indoor climbing gym in Barcelona: http://www.sharmaclimbingbcn.com/ If the fun, frisson and frustration of summit sessions leaves you with the ...

responded Oct 17, 2016 in openstack-dev
 
9 responses 21 views

The Fernet token format uses a symmetric key to sign tokens. In order to check the signature, these keys need to be synchronized across all of the Keystone servers. I don't want to pass around nake symmetric keys. The right way to do this ...

responded Sep 23, 2016 in openstack-dev
7 responses 7 views

https://review.openstack.org/#/c/368530/ This change is for Python >2.7 only, as python2.7 already supports the latest version of these libraraies. Back in the "just get pythoin3 to work" days we cut our losses on Kerberos support, but now ...

asked Sep 13, 2016 in openstack-dev
4 x  
10 responses 13 views

Review https://review.openstack.org/#/c/317739/ added a new dynamic metadata handler to nova. The basic jist is that rather than serving metadata statically, it can be done dyamically, so that certain values aren't provided until they are ...

responded Sep 8, 2016 in openstack-dev
13 responses 17 views

I want to welcome Ron De Rose (rderose) to the Keystone core team. In a short time Ron has shown a very positive impact. Ron has contributed feature work for shadowing LDAP and federated users, as well as enhancing password support for SQL ...

responded Sep 1, 2016 in openstack-dev
3 x  
0 responses 6 views

These changes are necessary so policy files can in include the check "is_admin_project:True" which allows us to Scope what is meant by "Admin" Use from_environ to load context Use to_policy_values for enforcing policy Use context ...

asked Aug 18, 2016 in openstack-dev
1 response 9 views

http://adam.younglogic.com/2016/08/ooo-ha-fed-poc/ It is painful, sloppy, Mitaka based. Have at it, and lets make Federation a reality for Newton based deployments. Feedback eagerly sought. Thanks for all the people that helped get me ...

asked Aug 11, 2016 in openstack-dev
0 responses 24 views

On 08/04/2016 07:11 AM, Prakash Kanthi wrote: > Hello, > > > Is there a easy way to enable Multi-Domain support in Mitaka, so that > I can create domains from default 'admin' account? > > I already have following config in > ...

asked Aug 8, 2016 in openstack-operators
8 responses 119 views

Today I discovered that we need to modify the HA proxy config to tell it to rewrite redirects. Otherwise, I get a link to http://openstack.ayoung-dell-t1700.test:5000/v3/mellon/postResponse Which should be https, not http. I mimicked the ...

responded Aug 8, 2016 in openstack-dev
2 responses 7 views

As I try to debug Federaion problems, I am often finding I have to check three nodes to see where the actual requrest was processed. However, If I close down to of the controller nodes in Nova, the whole thing just fails. So, while that in ...

responded Aug 7, 2016 in openstack-dev
12 responses 25 views

Hi all, I've been working on Policy UI (Horizon): Unable to get policies list (devstack) (https://bugs.launchpad.net/congress/+bug/1602837) for the past 3 days. Anusha is correct - it's an authentication problem, but I have not been able to ...

responded Jul 29, 2016 in openstack-dev
2 responses 54 views

Hello, We have a small private OpenStack deployment with 300 VMs across 2 regions. We currently use the Keystone v2.0 API and all accounts are currently stored in SQL. We would like to move keystone to authenticate users from LDAP ...

responded Jul 29, 2016 in openstack-operators
1 response 29 views

Hi, I am learning to configure keystone for tokenless ssl x509 authorization, according to the document: http://docs.openstack.org/developer/keystone/configure_tokenless_x509.html. when making self-signed certificate with command openssl, I ...

responded Jul 28, 2016 in openstack
3 responses 34 views

I worked through how to do a complete clone of the templates to do a deploy and change a couple values here: http://adam.younglogic.com/2016/06/custom-overcloud-deploys/ However, all I want to do is to set two config options in Keystone. Is ...

responded Jul 27, 2016 in openstack-dev
10 responses 4 views

Recently, the Keystone team started brainstormin a troubleshooting document. While we could, eventually put this into the Keystone repo, it makes sense to also be gathering troubleshooting ideas from the community at large. How do we do ...

responded Jul 1, 2016 in openstack-dev
Drop us a note if you have suggestions on other community mailing lists that should be made searchable here.

For the corporate mailing lists, visit nimeyo.com or send a note here

31,319 questions

91,190 responses

13 comments

5,642 users

...