Guide to Building a Federated Multi-tenant System for OpenStack Keystone
1. A Federated Multi-tenant System for
OpenStack
Guide: Dr. Dinkar Sitaram
Anush V - 1PI09CS014
Meghana Prashanth - 1PI09CS044
Pramod Ramesh - 1PI09CS060
5. Keystone
● Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.
● The Identity service provides auth credential validation and data about
Users, Tenants and Roles, as well as any associated metadata.
● The Token service validates and manages Tokens used for authenticating
requests once a user/tenant’s credentials have already been verified.
● The Catalog service provides an endpoint registry used for endpoint
discovery.
● The Policy service provides a rule-based authorization engine and the
associated rule management interface.
6. OpenStack A OpenStack B
Keystone a Keystone b
Services x Services y
OpenStack C
Keystone c
Services z
7. Federation
● A federation is defined as
"an association comprising any number of service
providers and identity providers".
8. To achieve this we must go through the following stages,
● Understanding the needs and requirements to be satisfied by a multi-
tenant federated system
● A complete in depth understanding of the current implementation of
Keystone
○ Installing Openstack
○ Reading Keystone wiki
○ Dissecting the complete Keystone code
● Modeling the federated multi-tenant system for Keystone
● Identifying where Keystone must be changed to incorporate the new
system
● Evolving a complete Blueprint of our system
● Submit the Blueprint for the OpenStack summit to be held in April 2013
at Oregon, Portland