Cloudstack authentication integration presentation.

1. Integration between
Cloudstack and
Openstack
Will Stevens
David Chamard sponsored by

2. Introducing Cloudstack
Cloudstack in 5 seconds:
An Apache licensed, open source compute
stack (like Nova), mostly built in JAVA.
What integration currently exists between
openstack and cloudstack: Storing VM
snapshots and templates (image files) to Swift.
What is missing: Front-end UI and
authentication between the two systems.

3. Love for Openstack and Cloudstack
CS + OS

4. What is cs_auth?
● Swift authentication middleware.
● Authenticate users via the Cloudstack API.
● Leverage Cloudstack's user management
rather than introducing another auth system.
● Removes the need to populate and sync
multiple databases for account information.

5. Overview of cs_auth
● Handles S3 requests via the swift3 middleware.
● Implements ACL, including public containers.
● Uses Memcached for caching the user's identity.
● Works out of the box with common tools:
○ Cyberduck
○ Swift Bench
○ Swift Dispersion
○ Swift Recon

6. Request Flow

7. Anatomy of cs_auth
token = hashlib.sha224('%s%s' % (cs['secretkey'], cs['apikey'])).hexdigest()
if self.reseller_prefix != '':
account_url = '%s/v1/%s_%s' %
(self.storage_url, self.reseller_prefix, quote(cs['account']))
else:
account_url = '%s/v1/%s' % (self.storage_url, quote(cs['account']))
identity = dict({
'username':cs['username'],
'account':cs['account'],
'token':token,
'account_url':account_url,
'domain':dict({ 'id':cs['domainid'], 'name':cs['domain'] }),
'roles':[self.cs_roles[cs['accounttype']], cs['account']],
'expires':expires
})

8. Additional considerations
● Still need a UI for Swift in Cloudstack.
● Need to work with the swift and keystone
teams to improve ACL support for S3 calls.

9. Get the code...
http://cloudops.github.com/cs_auth/