settingsLogin | Registersettings

Questions by Adam_Young

0 votes
0 responses 4 views

There has been a lot of talk about Policy this past summit and release. Based on feedback, we've come up with the following spec to address it. https://review.openstack.org/#/c/391624/ The idea is that we are going to split the role check ...

asked Nov 3, 2016 in openstack-dev
0 votes
7 responses 7 views

https://review.openstack.org/#/c/368530/ This change is for Python >2.7 only, as python2.7 already supports the latest version of these libraraies. Back in the "just get pythoin3 to work" days we cut our losses on Kerberos support, but now ...

asked Sep 13, 2016 in openstack-dev
4 x  
0 votes
0 responses 6 views

These changes are necessary so policy files can in include the check "is_admin_project:True" which allows us to Scope what is meant by "Admin" Use from_environ to load context Use to_policy_values for enforcing policy Use context ...

asked Aug 18, 2016 in openstack-dev
0 votes
1 response 9 views

http://adam.younglogic.com/2016/08/ooo-ha-fed-poc/ It is painful, sloppy, Mitaka based. Have at it, and lets make Federation a reality for Newton based deployments. Feedback eagerly sought. Thanks for all the people that helped get me ...

asked Aug 11, 2016 in openstack-dev
0 votes
9 responses 21 views

The Fernet token format uses a symmetric key to sign tokens. In order to check the signature, these keys need to be synchronized across all of the Keystone servers. I don't want to pass around nake symmetric keys. The right way to do this ...

asked Aug 9, 2016 in openstack-dev
0 votes
0 responses 24 views

On 08/04/2016 07:11 AM, Prakash Kanthi wrote: > Hello, > > > Is there a easy way to enable Multi-Domain support in Mitaka, so that > I can create domains from default 'admin' account? > > I already have following config in > ...

asked Aug 8, 2016 in openstack-operators
0 votes
2 responses 7 views

As I try to debug Federaion problems, I am often finding I have to check three nodes to see where the actual requrest was processed. However, If I close down to of the controller nodes in Nova, the whole thing just fails. So, while that in ...

asked Aug 6, 2016 in openstack-dev
0 votes
8 responses 119 views

Today I discovered that we need to modify the HA proxy config to tell it to rewrite redirects. Otherwise, I get a link to http://openstack.ayoung-dell-t1700.test:5000/v3/mellon/postResponse Which should be https, not http. I mimicked the ...

asked Aug 5, 2016 in openstack-dev
0 votes
3 responses 34 views

I worked through how to do a complete clone of the templates to do a deploy and change a couple values here: http://adam.younglogic.com/2016/06/custom-overcloud-deploys/ However, all I want to do is to set two config options in Keystone. Is ...

asked Jul 26, 2016 in openstack-dev
0 votes
10 responses 4 views

Recently, the Keystone team started brainstormin a troubleshooting document. While we could, eventually put this into the Keystone repo, it makes sense to also be gathering troubleshooting ideas from the community at large. How do we do ...

asked Jun 28, 2016 in openstack-dev
0 votes
4 responses 65 views

A coworker and I have both had trouble recovering from failed overcloud deploys. I've wiped out whatever data I can, but, even with nothing in the Heat Database, doing an openstack overcloud deploy seems to be looking for a specific Nova ...

asked Jun 24, 2016 in openstack-dev
0 votes
7 responses 12 views

When deploying the overcloud with TLS, the current "no additional technology" approach is to use opensssl and self signed. While this works for a Proof of concept, it does not make sense if the users need to access the resources from remote ...

asked Jun 21, 2016 in openstack-dev
0 votes
6 responses 6 views

Some mix of these three tests is almost always failing: gate-keystone-dsvm-functional-nv FAILURE in 20m 04s (non-voting) gate-keystone-dsvm-functional-v3-only-nv FAILURE in 32m 45s (non-voting) gate-tempest-dsvm-keystone-uwsgi-full-nv ...

asked May 26, 2016 in openstack-dev
0 votes
13 responses 19 views

We all want Fernet to be a reality. We ain't there yet (Except for mfish who has no patience) but we are getting closer. The goal is to get Fernet as the default token provider as soon as possible. The review to do this has uncovered a few ...

asked Apr 16, 2016 in openstack-dev
0 votes
12 responses 9 views

We have a use case where we want to register a newly spawned Virtual machine with an identity provider. Heat also has a need to provide some form of Identity for a new VM. Looking at the set of utilities right now, there does not seem to be ...

asked Apr 5, 2016 in openstack-dev
0 votes
27 responses 124 views

I finally have enough understanding of what is going on with Tripleo to reasonably discuss how to implement solutions for some of the main security needs of a deployment. FreeIPA is an identity management solution that can provide support ...

asked Apr 2, 2016 in openstack-dev
0 votes
4 responses 1 view

Somewhere in here: http://git.openstack.org/cgit/openstack/puppet-keystone/tree/spec/classes/keystone_spec.rb I need to set these options: admin_project_name admin_project_domain_name ...

asked Mar 29, 2016 in openstack-dev
0 votes
2 responses 8 views

Keystone has a policy API, but no one uses it. It allows us to associate a policy file with an endpoint. Upload a json blob, it gets a uuid. Associate the UUID with the endpoint. It could also be associated with a service, and then it is ...

asked Mar 29, 2016 in openstack-dev
0 votes
9 responses 23 views

I had a good discussion with the Nova folks in IRC today. My goal was to understand what could talk to what, and the short according to dansmith " any node in nova land has to be able to talk to the queue for any other one for the most ...

asked Mar 22, 2016 in openstack-dev
2 x  
0 votes
0 responses 17 views

The policy API is currently a Blob-based operation. Keystone knows nothing about the data stored or retrieved. There is an API to fetch the policy file for a given endpoint. ...

asked Mar 20, 2016 in openstack-dev
Drop us a note if you have suggestions on other community mailing lists that should be made searchable here.

For the corporate mailing lists, visit nimeyo.com or send a note here

31,319 questions

91,190 responses

13 comments

5,642 users

...