SlideShare uma empresa Scribd logo

Oct 2012 state of project keystone

Joseph Heck
Joseph Heck

OpenStack Design Summit - Grizzly: State of the Project - Keystone

Tecnologia
1 de 23
Baixar para ler offline
Tuesday, October 16, 12
OpenStack Identity State of the Project: Keystone Joe Heck Project Technical Lead Tuesday, October 16, 12
me... Joe Heck choose to live @heckj here grew up here Tuesday, October 16, 12
Outline ‣ Why keystone ‣ What is keystone ‣ Basic concepts ‣ High level architecture ‣ Keystone history review ‣ Grizzly plans Tuesday, October 16, 12
Why Keystone ‣ the first “openstack common” ‣ common internal API expressing relevant identity information to OpenStack projects ‣ need for knowledge of OpenStack service endpoints Tuesday, October 16, 12
What is Keystone ‣ single source of authentication, authorization ‣ same account and credentials for starting a VM instance and accessing a container in object storage ‣ enforcement of authorization policies at the service level, not centralized ‣ means of expressing API endpoints ‣ basic service catalog Tuesday, October 16, 12
What is Keystone - core internal services ‣ identity ‣ policy ‣ token ‣ catalog Tuesday, October 16, 12
Basic Concepts - Identity ‣ Tenant == Project ‣ basic unit of ownership ‣ collection of resources (vm, volume, container, etc) ‣ User ‣ individual or service ‣ identified by basic credentials ‣ Role ‣ name relationship between a user and tenant Tuesday, October 16, 12
Basic Concepts - Policy ‣ Policy file - private/internal in Essex ‣ Nova, Glance, and Keystone ‣ extending to Cinder, Quantum ‣ Simple rule based mechanism for expressing authorization ‣ Enforcement at the services Tuesday, October 16, 12
Basic Concepts - Token ‣ Token ‣ arbitrary string to be used in HTTP headers ‣ identity associated with token retrievable by other OpenStack services ‣ token ‣ user, tenant, roles ‣ catalog Tuesday, October 16, 12
Basic Concepts - Catalog ‣ service --> endpoint ‣ OpenStack Services ‣ identity ‣ compute ‣ volume ‣ image ‣ ec2 ‣ object-store Tuesday, October 16, 12
TOKEN: 87d45c4c6e9b445997da68f399b49704 ‣ {u'access': {u'serviceCatalog': [{u'endpoints': [{u'adminURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'internalURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'publicURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Volume Service', u'type': u'volume'}, {u'endpoints': [{u'adminURL': u'http://image:9292/v1', u'internalURL': u'http://image:9292/v1', u'publicURL': u'http://image:9292/v1', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Image Service', u'type': u'image'}, ... ... ... {u'endpoints': [{u'adminURL': u'http://ident:35357/v2.0', u'internalURL': u'http://ident:5000/v2.0', u'publicURL': u'http://ident:5000/v2.0', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Identity Service', u'type': u'identity'}], u'token': {u'expires': u'2012-04-19T00:06:53Z', u'id': u'87d45c4c6e9b445997da68f399b49704', u'tenant': {u'description': None, u'enabled': True, u'id': u'c566cb3adfab4f4a859250f4f7d4f56c', u'name': u'demo'}}, u'user': {u'id': u'30e5d97149cf4621b9dbeb7681917aed', u'name': u'frank', u'roles': [{u'id': u'089c23c4f82f4c9d8882f6919dd51103', u'name': u'Admin'}, {u'id': u'da104b278a2b463e89dd5e072740702e', u'name': u'Member'}], u'roles_links': [], u'username': u'frank'}}} Tuesday, October 16, 12
High Level Architecture ‣ Typical OpenStack Pattern ‣ WSGI Application, configured with Paste ‣ URI routes mapped to configurable backends ‣ Configurable backends per internal service: ‣ SQL ‣ LDAP ‣ key-value store ‣ ...yours... Tuesday, October 16, 12
High Level Architecture ‣ operational facade to existing systems ‣ identity ‣ token ‣ policy ‣ catalog Tuesday, October 16, 12
Supported Backends ‣ Identity ‣ SQL, LDAP, Active Directory, PAM, KeyValue ‣ Catalog ‣ SQL, Template, KeyValue ‣ Token ‣ SQL, Memcache, KeyValue ‣ Policy ‣ Rules Tuesday, October 16, 12
Keystone history : Cactus release and earlier ‣ protocols and mechanisms originally disparate in compute and object storage ‣ called “auth v1” ‣ separate accounts in nova and swift ‣ glance using both, highlighted the issue Tuesday, October 16, 12
Keystone history : Diablo ‣ Aggressively prototyped ‣ OpenStack internal token-based HTTP API ‣ administrative API, separate ports ‣ lots of changes, right up through the release Tuesday, October 16, 12
Keystone history : Essex ‣ Consolidation ‣ re-implemented to simplify and refactor architecture ‣ architecture shift to focus on independent drivers ‣ migrated to administrative CRUD operations ‣ maintained 100% API compatibility Tuesday, October 16, 12
Keystone history : Folsom ‣ PKI and prep for Grizzly+ ‣ Enabled PKI based tokens ‣ kept everything rock solid ‣ maintained 100% API compatibility ‣ Resolved bugs, dealt with security issues as they were uncovered ‣ lessons learned led to a V3 identity API ‣ started implementation on V3 API Tuesday, October 16, 12
Keystone future : Grizzly ‣ Implement V3 API ‣ auth changes effect and impact every project ‣ consolidate code into Oslo (openstack-common) ‣ help drive consolidated policy and roles changes through all projects ‣ Consolidate policy files ‣ focus on documentation, example configurations Tuesday, October 16, 12
Keystone future : Grizzly ‣ Extend the authorization mechanisms ‣ support delegation/impersonation ‣ ActiveDirectory support ‣ externalizing authentication ‣ Moving default token to PKI ‣ CLI and common authentication Tuesday, October 16, 12
Keystone future : Grizzly (learning) ‣ Federation ‣ Discussion of use cases and setup ‣ Learn what’s needed to fully support trust delegation Tuesday, October 16, 12
Joe Heck @heckj heckj@mac.com fini Tuesday, October 16, 12

Recomendados

Spring 2012 state of project keystone
Spring 2012 state of project keystoneSpring 2012 state of project keystone
Spring 2012 state of project keystoneJoseph Heck
 
Websockets, Ruby y Pusher Webprendedor 2010
Websockets, Ruby y Pusher Webprendedor 2010Websockets, Ruby y Pusher Webprendedor 2010
Websockets, Ruby y Pusher Webprendedor 2010Ismael Celis
 
Windows Azure Storage
Windows Azure StorageWindows Azure Storage
Windows Azure Storagegoodfriday
 
Circuit breaker
Circuit breakerCircuit breaker
Circuit breakerbricemciver
 
The messy lecture
The messy lectureThe messy lecture
The messy lectureMarian Ignev
 
Websockets - DevFestX May 19, 2012
Websockets - DevFestX May 19, 2012Websockets - DevFestX May 19, 2012
Websockets - DevFestX May 19, 2012Sameer Segal
 
Qt Rest Server
Qt Rest ServerQt Rest Server
Qt Rest ServerVasiliy Sorokin
 
Pyrax talk
Pyrax talkPyrax talk
Pyrax talkKamesh Pemmaraju
 

Recomendados

Spring 2012 state of project keystone
Spring 2012 state of project keystoneSpring 2012 state of project keystone
Spring 2012 state of project keystoneJoseph Heck
 
Websockets, Ruby y Pusher Webprendedor 2010
Websockets, Ruby y Pusher Webprendedor 2010Websockets, Ruby y Pusher Webprendedor 2010
Websockets, Ruby y Pusher Webprendedor 2010Ismael Celis
 
Windows Azure Storage
Windows Azure StorageWindows Azure Storage
Windows Azure Storagegoodfriday
 
Circuit breaker
Circuit breakerCircuit breaker
Circuit breakerbricemciver
 
The messy lecture
The messy lectureThe messy lecture
The messy lectureMarian Ignev
 
Websockets - DevFestX May 19, 2012
Websockets - DevFestX May 19, 2012Websockets - DevFestX May 19, 2012
Websockets - DevFestX May 19, 2012Sameer Segal
 
Qt Rest Server
Qt Rest ServerQt Rest Server
Qt Rest ServerVasiliy Sorokin
 
Pyrax talk
Pyrax talkPyrax talk
Pyrax talkKamesh Pemmaraju
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack apiLiang Bo
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101Steve Martinelli
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-servicePratik Bandarkar
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack KeystoneDeepti Ramakrishna
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023Becky Burwell
 
Making web stack tasty using Cloudformation
Making web stack tasty using CloudformationMaking web stack tasty using Cloudformation
Making web stack tasty using CloudformationNicola Salvo
 
Interoperability and APIs in OpenStack
Interoperability and APIs in OpenStackInteroperability and APIs in OpenStack
Interoperability and APIs in OpenStackpiyush_harsh
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Revelation Technologies
 
Core Context Management
Core Context ManagementCore Context Management
Core Context ManagementFernando Lopez Aguilar
 
K8s identity management
K8s identity managementK8s identity management
K8s identity managementMarc Boorshtein
 
DJUGL - Django and AWS Lambda
DJUGL - Django and AWS LambdaDJUGL - Django and AWS Lambda
DJUGL - Django and AWS LambdaMalcolm Box
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker ClusteringRoyee Tager
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
Kubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersKubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersinovex GmbH
 
Json within a relational database
Json within a relational databaseJson within a relational database
Json within a relational databaseDave Stokes
 
Clocker - How to Train your Docker Cloud
Clocker - How to Train your Docker CloudClocker - How to Train your Docker Cloud
Clocker - How to Train your Docker CloudAndrew Kennedy
 
Whatthestack using Tempest for testing your OpenStack deployment
Whatthestack using Tempest for testing your OpenStack deploymentWhatthestack using Tempest for testing your OpenStack deployment
Whatthestack using Tempest for testing your OpenStack deploymentChristian Schwede
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Mais conteúdo relacionado

Semelhante a Oct 2012 state of project keystone

how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack apiLiang Bo
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101Steve Martinelli
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-servicePratik Bandarkar
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for CassandraEdward Capriolo
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"DataStax Academy
 
SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023Becky Burwell
 
Making web stack tasty using Cloudformation
Making web stack tasty using CloudformationMaking web stack tasty using Cloudformation
Making web stack tasty using CloudformationNicola Salvo
 
Interoperability and APIs in OpenStack
Interoperability and APIs in OpenStackInteroperability and APIs in OpenStack
Interoperability and APIs in OpenStackpiyush_harsh
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Revelation Technologies
 
DJUGL - Django and AWS Lambda
DJUGL - Django and AWS LambdaDJUGL - Django and AWS Lambda
DJUGL - Django and AWS LambdaMalcolm Box
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker ClusteringRoyee Tager
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStackSteve Martinelli
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesSreenivas Makam
 
Kubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersKubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersinovex GmbH
 
Json within a relational database
Json within a relational databaseJson within a relational database
Json within a relational databaseDave Stokes
 
Clocker - How to Train your Docker Cloud
Clocker - How to Train your Docker CloudClocker - How to Train your Docker Cloud
Clocker - How to Train your Docker CloudAndrew Kennedy
 
Whatthestack using Tempest for testing your OpenStack deployment
Whatthestack using Tempest for testing your OpenStack deploymentWhatthestack using Tempest for testing your OpenStack deployment
Whatthestack using Tempest for testing your OpenStack deploymentChristian Schwede
 

Semelhante a Oct 2012 state of project keystone (20)

how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack api
 
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
 
Nova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-serviceNova: Openstack Compute-as-a-service
Nova: Openstack Compute-as-a-service
 
OpenStack Keystone
OpenStack KeystoneOpenStack Keystone
OpenStack Keystone
 
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
 
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
 
SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023SFBA Splunk Usergroup meeting May 3, 2023
SFBA Splunk Usergroup meeting May 3, 2023
 
Making web stack tasty using Cloudformation
Making web stack tasty using CloudformationMaking web stack tasty using Cloudformation
Making web stack tasty using Cloudformation
 
Interoperability and APIs in OpenStack
Interoperability and APIs in OpenStackInteroperability and APIs in OpenStack
Interoperability and APIs in OpenStack
 
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...Automating Cloud Operations - Everything you wanted to know about cURL and RE...
Automating Cloud Operations - Everything you wanted to know about cURL and RE...
 
Core Context Management
Core Context ManagementCore Context Management
Core Context Management
 
K8s identity management
K8s identity managementK8s identity management
K8s identity management
 
DJUGL - Django and AWS Lambda
DJUGL - Django and AWS LambdaDJUGL - Django and AWS Lambda
DJUGL - Django and AWS Lambda
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker Clustering
 
Building IAM for OpenStack
Building IAM for OpenStackBuilding IAM for OpenStack
Building IAM for OpenStack
 
Service Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and KubernetesService Discovery using etcd, Consul and Kubernetes
Service Discovery using etcd, Consul and Kubernetes
 
Kubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containersKubernetes - how to orchestrate containers
Kubernetes - how to orchestrate containers
 
Json within a relational database
Json within a relational databaseJson within a relational database
Json within a relational database
 
Clocker - How to Train your Docker Cloud
Clocker - How to Train your Docker CloudClocker - How to Train your Docker Cloud
Clocker - How to Train your Docker Cloud
 
Whatthestack using Tempest for testing your OpenStack deployment
Whatthestack using Tempest for testing your OpenStack deploymentWhatthestack using Tempest for testing your OpenStack deployment
Whatthestack using Tempest for testing your OpenStack deployment
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

Oct 2012 state of project keystone

  • 2. OpenStack Identity State of the Project: Keystone Joe Heck Project Technical Lead Tuesday, October 16, 12
  • 3. me... Joe Heck choose to live @heckj here grew up here Tuesday, October 16, 12
  • 4. Outline ‣ Why keystone ‣ What is keystone ‣ Basic concepts ‣ High level architecture ‣ Keystone history review ‣ Grizzly plans Tuesday, October 16, 12
  • 5. Why Keystone ‣ the first “openstack common” ‣ common internal API expressing relevant identity information to OpenStack projects ‣ need for knowledge of OpenStack service endpoints Tuesday, October 16, 12
  • 6. What is Keystone ‣ single source of authentication, authorization ‣ same account and credentials for starting a VM instance and accessing a container in object storage ‣ enforcement of authorization policies at the service level, not centralized ‣ means of expressing API endpoints ‣ basic service catalog Tuesday, October 16, 12
  • 7. What is Keystone - core internal services ‣ identity ‣ policy ‣ token ‣ catalog Tuesday, October 16, 12
  • 8. Basic Concepts - Identity ‣ Tenant == Project ‣ basic unit of ownership ‣ collection of resources (vm, volume, container, etc) ‣ User ‣ individual or service ‣ identified by basic credentials ‣ Role ‣ name relationship between a user and tenant Tuesday, October 16, 12
  • 9. Basic Concepts - Policy ‣ Policy file - private/internal in Essex ‣ Nova, Glance, and Keystone ‣ extending to Cinder, Quantum ‣ Simple rule based mechanism for expressing authorization ‣ Enforcement at the services Tuesday, October 16, 12
  • 10. Basic Concepts - Token ‣ Token ‣ arbitrary string to be used in HTTP headers ‣ identity associated with token retrievable by other OpenStack services ‣ token ‣ user, tenant, roles ‣ catalog Tuesday, October 16, 12
  • 11. Basic Concepts - Catalog ‣ service --> endpoint ‣ OpenStack Services ‣ identity ‣ compute ‣ volume ‣ image ‣ ec2 ‣ object-store Tuesday, October 16, 12
  • 12. TOKEN: 87d45c4c6e9b445997da68f399b49704 ‣ {u'access': {u'serviceCatalog': [{u'endpoints': [{u'adminURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'internalURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'publicURL': u'http://vol:8776/v1/c566cb3adfab4f4a859250f4f7d4f56c', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Volume Service', u'type': u'volume'}, {u'endpoints': [{u'adminURL': u'http://image:9292/v1', u'internalURL': u'http://image:9292/v1', u'publicURL': u'http://image:9292/v1', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Image Service', u'type': u'image'}, ... ... ... {u'endpoints': [{u'adminURL': u'http://ident:35357/v2.0', u'internalURL': u'http://ident:5000/v2.0', u'publicURL': u'http://ident:5000/v2.0', u'region': u'RegionOne'}], u'endpoints_links': [], u'name': u'Identity Service', u'type': u'identity'}], u'token': {u'expires': u'2012-04-19T00:06:53Z', u'id': u'87d45c4c6e9b445997da68f399b49704', u'tenant': {u'description': None, u'enabled': True, u'id': u'c566cb3adfab4f4a859250f4f7d4f56c', u'name': u'demo'}}, u'user': {u'id': u'30e5d97149cf4621b9dbeb7681917aed', u'name': u'frank', u'roles': [{u'id': u'089c23c4f82f4c9d8882f6919dd51103', u'name': u'Admin'}, {u'id': u'da104b278a2b463e89dd5e072740702e', u'name': u'Member'}], u'roles_links': [], u'username': u'frank'}}} Tuesday, October 16, 12
  • 13. High Level Architecture ‣ Typical OpenStack Pattern ‣ WSGI Application, configured with Paste ‣ URI routes mapped to configurable backends ‣ Configurable backends per internal service: ‣ SQL ‣ LDAP ‣ key-value store ‣ ...yours... Tuesday, October 16, 12
  • 14. High Level Architecture ‣ operational facade to existing systems ‣ identity ‣ token ‣ policy ‣ catalog Tuesday, October 16, 12
  • 15. Supported Backends ‣ Identity ‣ SQL, LDAP, Active Directory, PAM, KeyValue ‣ Catalog ‣ SQL, Template, KeyValue ‣ Token ‣ SQL, Memcache, KeyValue ‣ Policy ‣ Rules Tuesday, October 16, 12
  • 16. Keystone history : Cactus release and earlier ‣ protocols and mechanisms originally disparate in compute and object storage ‣ called “auth v1” ‣ separate accounts in nova and swift ‣ glance using both, highlighted the issue Tuesday, October 16, 12
  • 17. Keystone history : Diablo ‣ Aggressively prototyped ‣ OpenStack internal token-based HTTP API ‣ administrative API, separate ports ‣ lots of changes, right up through the release Tuesday, October 16, 12
  • 18. Keystone history : Essex ‣ Consolidation ‣ re-implemented to simplify and refactor architecture ‣ architecture shift to focus on independent drivers ‣ migrated to administrative CRUD operations ‣ maintained 100% API compatibility Tuesday, October 16, 12
  • 19. Keystone history : Folsom ‣ PKI and prep for Grizzly+ ‣ Enabled PKI based tokens ‣ kept everything rock solid ‣ maintained 100% API compatibility ‣ Resolved bugs, dealt with security issues as they were uncovered ‣ lessons learned led to a V3 identity API ‣ started implementation on V3 API Tuesday, October 16, 12
  • 20. Keystone future : Grizzly ‣ Implement V3 API ‣ auth changes effect and impact every project ‣ consolidate code into Oslo (openstack-common) ‣ help drive consolidated policy and roles changes through all projects ‣ Consolidate policy files ‣ focus on documentation, example configurations Tuesday, October 16, 12
  • 21. Keystone future : Grizzly ‣ Extend the authorization mechanisms ‣ support delegation/impersonation ‣ ActiveDirectory support ‣ externalizing authentication ‣ Moving default token to PKI ‣ CLI and common authentication Tuesday, October 16, 12
  • 22. Keystone future : Grizzly (learning) ‣ Federation ‣ Discussion of use cases and setup ‣ Learn what’s needed to fully support trust delegation Tuesday, October 16, 12
  • 23. Joe Heck @heckj heckj@mac.com fini Tuesday, October 16, 12