[rhos-list] Openstack Keystone Status Jan 14, 2013
Adam Young
ayoung at redhat.com
Mon Jan 14 20:35:04 UTC 2013
Current status For Red Hat Open Stack Keystone as of Jan 14, 2012
maintained Here: http://openstack.etherpad.corp.redhat.com/keystone
Keystone Upstream Core Devs:
Joe Heck ( will be stepping down as PTL).
Dolph Matthews poised to take PTL
Henry Nash (IBM)
Guang Yee (HP)
Adam Young
Things are looking to move faster with 2 new core devs. THey hyave been
both active in code reviews.
Not Core but Active:
David Chadwick (Univ. of Kent)
Kristy Sui (Univ. of Kent)
Brad Topol and K. Sahdev from IBM are going to start on LDAP work, to
include Backlog item of supporting LDAP in Devstack
Current Development: G-2 interim release out last week.
* Trusts (ayoung) Have been posted as a Work In Progress. Won't be
in G-2
* https://review.openstack.org/#/c/18973/
* http://wiki.openstack.org/Keystone/Trusts
* https://blueprints.launchpad.net/keystone/+spec/trusts
* https://bugzilla.redhat.com/show_bug.cgi?id=894925
* Defining Proejct membership to mean role assignment:
* Discovered as an Issue with the V3 API
* https://blueprints.launchpad.net/keystone/+spec/replace-tenant-user-membership
* Trusts dependant on implementing
* Scoping a token to a Domain
* https://blueprints.launchpad.net/openstack/?searchtext=domain-scoping
* https://review.openstack.org/#/c/18770/
* This needs to be followed with "Scoping a token to an Endpoint"
* Discussion about whether to allow a token scoped to multiple projects
* My view: should be allowed, but not the norm, and used only for use
cases invloving transferring resources between projects.
* Would change auth_token behaviour if allowed.
* Test Keystone againstLive SQL Posted for a review
* https://review.openstack.org/#/c/18519/
* This is only for SQL Upgrade tests
* going to require additional work for the real Unit tests due to how
DB schema is managed
* Enhance wsgi to listen on ipv6 address
* https://review.openstack.org/#/c/19400/
* Better SSL support
* https://review.openstack.org/#/c/19562/
* Limit the size of HTTP requests.
* https://review.openstack.org/#/c/19567/1
* Stable: Render content-type appropriate 404 (bug 1089987)
* Needs stable reviewers
* https://review.openstack.org/#/c/18049/
Some discussion about doing things via User names and Project names.
All have identitified that it would be preferable, but we need to make
sure names are URL ready.
Keystoneupstreamteam meeting (follows immediatly after RH OS Team meeting)
* Weekly - Tuesdays at 1800 UTC for ~45 minutes
* IRC channel: #openstack-meeting
* Chair (to contact for more information): Joseph Heck
* Agenda http://wiki.openstack.org/Meetings/KeystoneMeeting
Red Hat Open Stack status
Responded to Call for Papers with a FreeIPA/Open Stack integration proposal
Summit talk: http://etherpad.corp.redhat.com/IdMOpenStack
RH Members:
* Adam Young https://home.corp.redhat.com/user/ayoung
* Alan Pevec https://home.corp.redhat.com/user/apevec
Potential Members:
* Kurt Seifried https://home.corp.redhat.com/user/kseifrie
* Russell Bryant (Security Response)
https://home.corp.redhat.com/user/rbryant
* QA?
* IdM team member?
Recruiting Status:
* Planning on attending the Job Fairs at WPI and RPI
* Discussed hiring in Brno with assisstance of Dmitri's team
Fedora Status (Package versions, dependnecies and issues etc)
* Raw Hide has Grizzly-2 openstack-keystone-2013.1-0.2.g2.fc19
* el6-grizzly side-repo
http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/epel-6/
stable/folsom update 1(no change from Jan 8):
* F18
https://admin.fedoraproject.org/updates/openstack-keystone-2012.2.1-1.fc18
* EPELhttps://admin.fedoraproject.org/updates/openstack-keystone-2012.2.1-1.el6
* RHOS https://errata.devel.redhat.com/advisory/14265
RH QA Status
Backlog:
devstack should set up Keystone with HTTPD
Important Links
First - launchpad - all the open source contributions basically revolve
around a launchpad ID.
* launchpad: https://launchpad.net
* the keystone project: https://launchpad.net/keystone
* the blueprints (planned feature requests for keystone):
https://blueprints.launchpad.net/keystone
* Overview of how to get involved and many of these tools
* general to any openstack project:
http://wiki.openstack.org/HowToContribute
* Core reviews using reviewboard (authenticated with OAuth through
Launchpad)
* code reviews going into keystone:
https://review.openstack.org/#/q/status:open+keystone,n,z
* code reviews for the V3 keystone (openstack specific) API:
https://review.openstack.org/#/q/status:open+identity,n,z
* Source Code
* keystone: https://github.com/openstack/keystone
* the python client for keystone:
https://github.com/openstack/python-keystoneclient
* Documentation
* developer documentation (generated from keystone source code):
http://docs.openstack.org/developer/keystone/
* holistic documentation for openstack (keystone and more):
http://docs.openstack.org
* running openstack (keystone and more) on a single machine
* (used in OpenStack's CI efforts and for development/test)
* http://devstack.org
I mentioned that Keystone's V3 API is focused on providing services to
other openstack components. The API relevant for writing plugins
(python, classes) is subclassing one of the drivers, such as "identity"
-
https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L63.
The conversations around the design and implementation of Federation
upcoming are happening actively on the openstack-dev mailing list. For
a reasonable web interface to view and search previous messages and
conversations around this:
* http://markmail.org/search/?q=openstack-dev%20keystone
* more specific to federation discussions:
http://markmail.org/search/?q=openstack-dev+keystone+federation
lists can be subscribed to at
http://lists.openstack.org/cgi-bin/mailman/listinfo
The major actors in Keystone today are all involved on this mailing list
and keep touch weekly during the IRC meetings.
The Keystone IRC meetings are held weekly - tuesdays at 1800UTC. We keep
an agenda and previous discussion minutes available on the OpenStack
wiki at http://wiki.openstack.org/Meetings/KeystoneMeeting
Older Items
F17CVE-2012-5483
https://admin.fedoraproject.org/updates/openstack-keystone-2012.1.3-3.fc17
* Significant Refactoring effort that needs to finish prior to trust work
* https://review.openstack.org/#/c/17782/
* Just merged, took a lot of code review back and forth
* Ran the test coverage tool to identify areas that are untested
* http://admiyo.fedorapeople.org/openstack/covhtml/
* V3 API
* IdM as service catalog entries
* Attribute Mapping (Kristy Siu, Kent.ac.uk) (not much happened here
over the holidays)
* https://review.openstack.org/#/c/18280/1
Tunables for QA:
* Databases: SQLite, MySQL, PostgreSQL
* Identity: can also use LDAP and PAM
* Memcached or KVS Backends should not be recommended for deployment
or supported
* Token Type
* *UUID*
* PKI
* Need to test multiple servers w/ load balancer in front of it
* Web Server: Eventlet or HTTPD
* With HTTPD can use remote authentication:
* Kerberos,
* Basic Auth, and
* X509 Client cert should all be tested.
* Groups(henrynash)
* https://blueprints.launchpad.net/openstack/?searchtext=user-groups
* Just merged into Repo:
* https://review.openstack.org/#/c/18097/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130114/33997a6d/attachment.htm>
More information about the rhos-list
mailing list