SlideShare a Scribd company logo

Spring 2012 state of project keystone

Joseph Heck
Joseph Heck
Technology
1 of 20
Download to read offline
Friday, April 20, 12
OpenStack Identity State of the Project: Keystone Joe Heck Project Technical Lead Friday, April 20, 12
Who Am I Joe Heck choose to live @heckj here grew up here Friday, April 20, 12
Outline ‣ Why keystone ‣ What is keystone ‣ Basic concepts ‣ High level architecture ‣ Essex release ‣ Folsom plans Friday, April 20, 12
Why Keystone ‣ the first “openstack common” ‣ common internal API expressing relevant identity information to OpenStack projects ‣ need for knowledge of OpenStack service endpoints Friday, April 20, 12
Keystone history ‣ protocols and mechanisms originally disparate in compute and object storage ‣ aggressively prototyped in Diablo release ‣ OpenStack internal token-based HTTP API ‣ administrative API ‣ consolidated in Essex release ‣ architecture shift to focus on independent drivers ‣ migrated to administrative CRUD operations Friday, April 20, 12
What is Keystone ‣ single source of authentication, authorization ‣ same account and credentials for starting a VM instance and accessing a container in object storage ‣ means of expressing API endpoints ‣ basic service catalog Friday, April 20, 12
What is Keystone - core internal services ‣ identity ‣ policy ‣ token ‣ catalog Friday, April 20, 12
Basic Concepts - Identity ‣ Tenant == Project ‣ basic unit of ownership ‣ collection of resources (vm, volume, container, etc) ‣ User ‣ individual or service ‣ identified by basic credentials ‣ Role ‣ name relationship between a user and tenant Friday, April 20, 12
Basic Concepts - Policy ‣ Policy file - private/internal in Essex ‣ Nova, Glance, and Keystone ‣ Simple rule based mechanism for expressing authorization ‣ Enforcement at the services Friday, April 20, 12
Basic Concepts - Token ‣ Token ‣ arbitrary string to be used in HTTP headers ‣ identity associated with token retrievable by other OpenStack services ‣ token ‣ user, tenant, roles ‣ catalog Friday, April 20, 12
Basic Concepts - Catalog ‣ service --> endpoint ‣ OpenStack Services ‣ identity ‣ compute ‣ volume ‣ image ‣ ec2 ‣ object-store Friday, April 20, 12
HTTP_X_AUTH_TOKEN: 87d45c4c6e9b445997da68f399b49704 ‣ {u'access': {u'serviceCatalog': [{u'endpoints': [{u'adminURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'internalURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'publicURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Volume Service', u'type': u'volume'}, {u'endpoints': [{u'adminURL': u'http://image:9292/v1', u'internalURL': u'http://image:9292/v1', u'publicURL': u'http://image:9292/v1', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Image Service', u'type': u'image'}, ... ... ... {u'endpoints': [{u'adminURL': u'http://ident:35357/v2.0', u'internalURL': u'http://ident:5000/v2.0', u'publicURL': u'http://ident:5000/v2.0', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Identity Service', u'type': u'identity'}], u'token': {u'expires': u'2012-04-19T00:06:53Z', u'id': u'87d45c4c6e9b445997da68f399b49704', u'tenant': {u'description': None, u'enabled': True, u'id': u'c566cb3adfab4f4a859250f4f7d4f56c', u'name': u'demo'}}, u'user': {u'id': u'30e5d97149cf4621b9dbeb7681917aed', u'name': u'frank', u'roles': [{u'id': u'089c23c4f82f4c9d8882f6919dd51103', u'name': u'Admin'}, {u'id': u'da104b278a2b463e89dd5e072740702e', u'name': u'Member'}], u'roles_links': [], u'username': u'frank'}}} Friday, April 20, 12
High Level Architecture ‣ Typical OpenStack Pattern ‣ WSGI Application, configured with Paste ‣ URI routes mapped to configurable backends ‣ Configurable backends per internal service: ‣ SQL ‣ LDAP ‣ key-value store ‣ ...yours... Friday, April 20, 12
High Level Architecture ‣ operational facade to existing systems ‣ identity ‣ token ‣ policy ‣ catalog Friday, April 20, 12
Essex Backends ‣ Identity ‣ SQL, LDAP, PAM, KeyValue ‣ Catalog ‣ SQL, Template, KeyValue ‣ Token ‣ SQL, Memcache, KeyValue ‣ Policy ‣ Rules Friday, April 20, 12
Essex Release ‣ API Stability ‣ architecture reset - maintained Diablo API compatibility ‣ functional test driven ‣ “auth_token” middleware - rewritten ‣ Operational Focus ‣ Additional logging ‣ Basic RBAC “policy” (nova, glance, keystone) Friday, April 20, 12
Folsom Plans ‣ theme: steady, stable, tested ‣ careful, thoughtful improvement ‣ keep core simple, stable ‣ continued focus on integration tests and stability Friday, April 20, 12
Folsom Plans ‣ iterate forward on API ‣ Identity ‣ domain (collections of tenants) ‣ additional backends (ldap to Active Directory) ‣ authentication enhancements ‣ PKI support ‣ multi-factor support Friday, April 20, 12
fini Friday, April 20, 12

Recommended

Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communicationsWO Community
 
Di and Dagger
Di and DaggerDi and Dagger
Di and DaggerK. Matthew Dupree
 
Locks (Concurrency)
Locks (Concurrency)Locks (Concurrency)
Locks (Concurrency)Sri Prasanna
 
Research division juried paper session
Research division juried paper sessionResearch division juried paper session
Research division juried paper sessionandycurran
 
The Characters Of New York
The Characters Of New YorkThe Characters Of New York
The Characters Of New Yorkandycurran
 
Branding HB presentacion
Branding HB presentacionBranding HB presentacion
Branding HB presentacionGustavo Stecher
 
The Subprime Primer
The Subprime PrimerThe Subprime Primer
The Subprime Primerguest9ad9e38
 
Backup Archive Bit
Backup Archive BitBackup Archive Bit
Backup Archive BitPinkBubble
 

Recommended

Security and performance designs for client-server communications
Security and performance designs for client-server communicationsSecurity and performance designs for client-server communications
Security and performance designs for client-server communicationsWO Community
 
Di and Dagger
Di and DaggerDi and Dagger
Di and DaggerK. Matthew Dupree
 
Locks (Concurrency)
Locks (Concurrency)Locks (Concurrency)
Locks (Concurrency)Sri Prasanna
 
Research division juried paper session
Research division juried paper sessionResearch division juried paper session
Research division juried paper sessionandycurran
 
The Characters Of New York
The Characters Of New YorkThe Characters Of New York
The Characters Of New Yorkandycurran
 
Branding HB presentacion
Branding HB presentacionBranding HB presentacion
Branding HB presentacionGustavo Stecher
 
The Subprime Primer
The Subprime PrimerThe Subprime Primer
The Subprime Primerguest9ad9e38
 
Backup Archive Bit
Backup Archive BitBackup Archive Bit
Backup Archive BitPinkBubble
 
Oct 2012 state of project keystone
Oct 2012 state of project keystoneOct 2012 state of project keystone
Oct 2012 state of project keystoneJoseph Heck
 
Pyrax talk
Pyrax talkPyrax talk
Pyrax talkKamesh Pemmaraju
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack apiLiang Bo
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Revelation Technologies
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101Steve Martinelli
 
Interoperability and APIs in OpenStack
Interoperability and APIs in OpenStackInteroperability and APIs in OpenStack
Interoperability and APIs in OpenStackpiyush_harsh
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-servicePratik Bandarkar
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesBobby Curtis
 
Core Context Management
Core Context ManagementCore Context Management
Core Context ManagementFernando Lopez Aguilar
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases WSO2
 
Aws iot
Aws iotAws iot
Aws iotRuqaiya Khanam
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
Cloud standards interoperability: status update on OCCI and CDMI implementations
Cloud standards interoperability: status update on OCCI and CDMI implementationsCloud standards interoperability: status update on OCCI and CDMI implementations
Cloud standards interoperability: status update on OCCI and CDMI implementationsFlorian Feldhaus
 
Rapid Application Development with WSO2 Platform
Rapid Application Development with WSO2 PlatformRapid Application Development with WSO2 Platform
Rapid Application Development with WSO2 PlatformWSO2
 
Puppetpreso
PuppetpresoPuppetpreso
Puppetpresoke4qqq
 
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labs
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labsAWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labs
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labsHATech LLC
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
Automate your Oracle Cloud Infrastructure operation
Automate your Oracle Cloud Infrastructure operationAutomate your Oracle Cloud Infrastructure operation
Automate your Oracle Cloud Infrastructure operationNelson Calero
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 

More Related Content

Similar to Spring 2012 state of project keystone

Oct 2012 state of project keystone
Oct 2012 state of project keystoneOct 2012 state of project keystone
Oct 2012 state of project keystoneJoseph Heck
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack apiLiang Bo
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Revelation Technologies
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101Steve Martinelli
 
Interoperability and APIs in OpenStack
Interoperability and APIs in OpenStackInteroperability and APIs in OpenStack
Interoperability and APIs in OpenStackpiyush_harsh
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-servicePratik Bandarkar
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesBobby Curtis
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases WSO2
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
Cloud standards interoperability: status update on OCCI and CDMI implementations
Cloud standards interoperability: status update on OCCI and CDMI implementationsCloud standards interoperability: status update on OCCI and CDMI implementations
Cloud standards interoperability: status update on OCCI and CDMI implementationsFlorian Feldhaus
 
Rapid Application Development with WSO2 Platform
Rapid Application Development with WSO2 PlatformRapid Application Development with WSO2 Platform
Rapid Application Development with WSO2 PlatformWSO2
 
Puppetpreso
PuppetpresoPuppetpreso
Puppetpresoke4qqq
 
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labs
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labsAWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labs
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labsHATech LLC
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
Automate your Oracle Cloud Infrastructure operation
Automate your Oracle Cloud Infrastructure operationAutomate your Oracle Cloud Infrastructure operation
Automate your Oracle Cloud Infrastructure operationNelson Calero
 

Similar to Spring 2012 state of project keystone (20)

Oct 2012 state of project keystone
Oct 2012 state of project keystoneOct 2012 state of project keystone
Oct 2012 state of project keystone
 
Pyrax talk
Pyrax talkPyrax talk
Pyrax talk
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack api
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
 
Interoperability and APIs in OpenStack
Interoperability and APIs in OpenStackInteroperability and APIs in OpenStack
Interoperability and APIs in OpenStack
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-service
 
Oracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API ExamplesOracle GoldenGate 18c - REST API Examples
Oracle GoldenGate 18c - REST API Examples
 
Core Context Management
Core Context ManagementCore Context Management
Core Context Management
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
 
NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases NSA for Enterprises Log Analysis Use Cases
NSA for Enterprises Log Analysis Use Cases
 
Aws iot
Aws iotAws iot
Aws iot
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and Kubernetes
 
Cloud standards interoperability: status update on OCCI and CDMI implementations
Cloud standards interoperability: status update on OCCI and CDMI implementationsCloud standards interoperability: status update on OCCI and CDMI implementations
Cloud standards interoperability: status update on OCCI and CDMI implementations
 
Rapid Application Development with WSO2 Platform
Rapid Application Development with WSO2 PlatformRapid Application Development with WSO2 Platform
Rapid Application Development with WSO2 Platform
 
Puppetpreso
PuppetpresoPuppetpreso
Puppetpreso
 
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labs
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labsAWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labs
AWS Las Vegas meetup 5-31-16 building &scaling web apps - slide deck & labs
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
 
Automate your Oracle Cloud Infrastructure operation
Automate your Oracle Cloud Infrastructure operationAutomate your Oracle Cloud Infrastructure operation
Automate your Oracle Cloud Infrastructure operation
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Spring 2012 state of project keystone

  • 2. OpenStack Identity State of the Project: Keystone Joe Heck Project Technical Lead Friday, April 20, 12
  • 3. Who Am I Joe Heck choose to live @heckj here grew up here Friday, April 20, 12
  • 4. Outline ‣ Why keystone ‣ What is keystone ‣ Basic concepts ‣ High level architecture ‣ Essex release ‣ Folsom plans Friday, April 20, 12
  • 5. Why Keystone ‣ the first “openstack common” ‣ common internal API expressing relevant identity information to OpenStack projects ‣ need for knowledge of OpenStack service endpoints Friday, April 20, 12
  • 6. Keystone history ‣ protocols and mechanisms originally disparate in compute and object storage ‣ aggressively prototyped in Diablo release ‣ OpenStack internal token-based HTTP API ‣ administrative API ‣ consolidated in Essex release ‣ architecture shift to focus on independent drivers ‣ migrated to administrative CRUD operations Friday, April 20, 12
  • 7. What is Keystone ‣ single source of authentication, authorization ‣ same account and credentials for starting a VM instance and accessing a container in object storage ‣ means of expressing API endpoints ‣ basic service catalog Friday, April 20, 12
  • 8. What is Keystone - core internal services ‣ identity ‣ policy ‣ token ‣ catalog Friday, April 20, 12
  • 9. Basic Concepts - Identity ‣ Tenant == Project ‣ basic unit of ownership ‣ collection of resources (vm, volume, container, etc) ‣ User ‣ individual or service ‣ identified by basic credentials ‣ Role ‣ name relationship between a user and tenant Friday, April 20, 12
  • 10. Basic Concepts - Policy ‣ Policy file - private/internal in Essex ‣ Nova, Glance, and Keystone ‣ Simple rule based mechanism for expressing authorization ‣ Enforcement at the services Friday, April 20, 12
  • 11. Basic Concepts - Token ‣ Token ‣ arbitrary string to be used in HTTP headers ‣ identity associated with token retrievable by other OpenStack services ‣ token ‣ user, tenant, roles ‣ catalog Friday, April 20, 12
  • 12. Basic Concepts - Catalog ‣ service --> endpoint ‣ OpenStack Services ‣ identity ‣ compute ‣ volume ‣ image ‣ ec2 ‣ object-store Friday, April 20, 12
  • 13. HTTP_X_AUTH_TOKEN: 87d45c4c6e9b445997da68f399b49704 ‣ {u'access': {u'serviceCatalog': [{u'endpoints': [{u'adminURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'internalURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'publicURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Volume Service', u'type': u'volume'}, {u'endpoints': [{u'adminURL': u'http://image:9292/v1', u'internalURL': u'http://image:9292/v1', u'publicURL': u'http://image:9292/v1', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Image Service', u'type': u'image'}, ... ... ... {u'endpoints': [{u'adminURL': u'http://ident:35357/v2.0', u'internalURL': u'http://ident:5000/v2.0', u'publicURL': u'http://ident:5000/v2.0', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Identity Service', u'type': u'identity'}], u'token': {u'expires': u'2012-04-19T00:06:53Z', u'id': u'87d45c4c6e9b445997da68f399b49704', u'tenant': {u'description': None, u'enabled': True, u'id': u'c566cb3adfab4f4a859250f4f7d4f56c', u'name': u'demo'}}, u'user': {u'id': u'30e5d97149cf4621b9dbeb7681917aed', u'name': u'frank', u'roles': [{u'id': u'089c23c4f82f4c9d8882f6919dd51103', u'name': u'Admin'}, {u'id': u'da104b278a2b463e89dd5e072740702e', u'name': u'Member'}], u'roles_links': [], u'username': u'frank'}}} Friday, April 20, 12
  • 14. High Level Architecture ‣ Typical OpenStack Pattern ‣ WSGI Application, configured with Paste ‣ URI routes mapped to configurable backends ‣ Configurable backends per internal service: ‣ SQL ‣ LDAP ‣ key-value store ‣ ...yours... Friday, April 20, 12
  • 15. High Level Architecture ‣ operational facade to existing systems ‣ identity ‣ token ‣ policy ‣ catalog Friday, April 20, 12
  • 16. Essex Backends ‣ Identity ‣ SQL, LDAP, PAM, KeyValue ‣ Catalog ‣ SQL, Template, KeyValue ‣ Token ‣ SQL, Memcache, KeyValue ‣ Policy ‣ Rules Friday, April 20, 12
  • 17. Essex Release ‣ API Stability ‣ architecture reset - maintained Diablo API compatibility ‣ functional test driven ‣ “auth_token” middleware - rewritten ‣ Operational Focus ‣ Additional logging ‣ Basic RBAC “policy” (nova, glance, keystone) Friday, April 20, 12
  • 18. Folsom Plans ‣ theme: steady, stable, tested ‣ careful, thoughtful improvement ‣ keep core simple, stable ‣ continued focus on integration tests and stability Friday, April 20, 12
  • 19. Folsom Plans ‣ iterate forward on API ‣ Identity ‣ domain (collections of tenants) ‣ additional backends (ldap to Active Directory) ‣ authentication enhancements ‣ PKI support ‣ multi-factor support Friday, April 20, 12