[rhos-list] Openstack Keystone Status Jan 14, 2013

Adam Young ayoung at redhat.com
Mon Jan 14 20:35:04 UTC 2013 

Current status For Red Hat Open Stack Keystone as of Jan 14, 2012
maintained Here: http://openstack.etherpad.corp.redhat.com/keystone

Keystone Upstream Core Devs:

Joe Heck ( will be stepping down as PTL).
Dolph Matthews poised to take PTL
Henry Nash (IBM)
Guang Yee (HP)
Adam Young

Things are looking to move faster with 2 new core devs.  THey hyave been 
both active in code reviews.

Not Core but Active:
  David Chadwick (Univ. of Kent)
  Kristy Sui (Univ. of Kent)

Brad Topol and  K.  Sahdev  from IBM are going to start on LDAP work, to 
include Backlog item of supporting LDAP in Devstack

Current Development: G-2 interim release out last week.


  * Trusts (ayoung)  Have been posted as a Work In Progress.  Won't be
    in G-2

  * https://review.openstack.org/#/c/18973/

  * http://wiki.openstack.org/Keystone/Trusts

  * https://blueprints.launchpad.net/keystone/+spec/trusts

  * https://bugzilla.redhat.com/show_bug.cgi?id=894925

  * Defining Proejct membership to mean role assignment:

  * Discovered as an Issue with the V3 API

  * https://blueprints.launchpad.net/keystone/+spec/replace-tenant-user-membership

  * Trusts dependant on implementing

  * Scoping a token to a Domain

  * https://blueprints.launchpad.net/openstack/?searchtext=domain-scoping

  * https://review.openstack.org/#/c/18770/

  * This needs to be followed with "Scoping a token to an Endpoint"

  * Discussion about whether to allow a token scoped to multiple projects

  * My view:  should be allowed, but not the norm, and used only for use
    cases invloving transferring resources between projects.

  * Would change auth_token behaviour if allowed.

  * Test Keystone againstLive SQL Posted for a review

  * https://review.openstack.org/#/c/18519/

  * This is only for SQL Upgrade tests

  * going to require additional work for the real Unit tests due to how
    DB schema is managed

  *   Enhance wsgi to listen on ipv6 address

  * https://review.openstack.org/#/c/19400/

  * Better SSL support

  * https://review.openstack.org/#/c/19562/

  * Limit the size of HTTP requests.

  * https://review.openstack.org/#/c/19567/1

  * Stable:   Render content-type appropriate 404 (bug 1089987)

  * Needs stable reviewers

  * https://review.openstack.org/#/c/18049/



Some discussion about doing things via User names and Project names.   
All have identitified that it would be preferable, but we need to make 
sure names are URL ready.

Keystoneupstreamteam meeting (follows immediatly after RH OS Team meeting)

  * Weekly - Tuesdays at 1800 UTC for ~45 minutes

  * IRC channel: #openstack-meeting

  * Chair (to contact for more information): Joseph Heck

  * Agenda http://wiki.openstack.org/Meetings/KeystoneMeeting



Red Hat Open Stack status

Responded to Call for Papers with a FreeIPA/Open Stack integration proposal
Summit  talk: http://etherpad.corp.redhat.com/IdMOpenStack

RH Members:

  * Adam Young https://home.corp.redhat.com/user/ayoung

  * Alan Pevec https://home.corp.redhat.com/user/apevec


Potential Members:

  * Kurt Seifried https://home.corp.redhat.com/user/kseifrie

  * Russell Bryant (Security Response)
    https://home.corp.redhat.com/user/rbryant

  * QA?

  * IdM team member?


Recruiting Status:

  * Planning on attending the Job Fairs at WPI and RPI

  * Discussed hiring in Brno with assisstance of Dmitri's team


Fedora Status (Package versions, dependnecies  and issues etc)

  * Raw Hide has Grizzly-2 openstack-keystone-2013.1-0.2.g2.fc19

  * el6-grizzly side-repo
    http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/epel-6/


stable/folsom update 1(no change from Jan 8):

  * F18
    https://admin.fedoraproject.org/updates/openstack-keystone-2012.2.1-1.fc18

  * EPELhttps://admin.fedoraproject.org/updates/openstack-keystone-2012.2.1-1.el6

  * RHOS https://errata.devel.redhat.com/advisory/14265


RH QA Status




Backlog:
devstack should set up Keystone with HTTPD

Important Links

First - launchpad - all the open source contributions basically revolve 
around a launchpad ID.
* launchpad: https://launchpad.net
   * the keystone project: https://launchpad.net/keystone
   * the blueprints (planned feature requests for keystone): 
https://blueprints.launchpad.net/keystone
  * Overview of how to get involved and many of these tools
    * general to any openstack project: 
http://wiki.openstack.org/HowToContribute
  * Core reviews using reviewboard (authenticated with OAuth through 
Launchpad)
    * code reviews going into keystone: 
https://review.openstack.org/#/q/status:open+keystone,n,z
    * code reviews for the V3 keystone (openstack specific) API: 
https://review.openstack.org/#/q/status:open+identity,n,z
  * Source Code
   * keystone: https://github.com/openstack/keystone
   * the python client for keystone: 
https://github.com/openstack/python-keystoneclient
  * Documentation
    * developer documentation (generated from keystone source code): 
http://docs.openstack.org/developer/keystone/
    * holistic documentation for openstack (keystone and more): 
http://docs.openstack.org
  * running openstack (keystone and more) on a single machine
    * (used in OpenStack's  CI efforts and for development/test)
    * http://devstack.org

I mentioned that Keystone's V3 API is focused on providing services to  
other openstack components. The API relevant for writing plugins  
(python, classes) is subclassing one of the drivers, such as "identity"  
- 
https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L63.

The conversations around the design and implementation of Federation  
upcoming are happening actively on the openstack-dev mailing list. For 
a  reasonable web interface to view and search previous messages and  
conversations around this:
   * http://markmail.org/search/?q=openstack-dev%20keystone
   * more specific to federation discussions: 
http://markmail.org/search/?q=openstack-dev+keystone+federation

lists can be subscribed to at 
http://lists.openstack.org/cgi-bin/mailman/listinfo

The major actors in Keystone today are all involved on this mailing list 
and keep touch weekly during the IRC meetings.

The Keystone IRC meetings are held weekly - tuesdays at 1800UTC. We keep 
an  agenda and previous discussion minutes available on the OpenStack 
wiki  at http://wiki.openstack.org/Meetings/KeystoneMeeting



Older Items

F17CVE-2012-5483 
https://admin.fedoraproject.org/updates/openstack-keystone-2012.1.3-3.fc17

  * Significant Refactoring effort that needs to finish prior to trust work

  * https://review.openstack.org/#/c/17782/

  * Just merged, took a lot of code review back and forth

  * Ran the test coverage tool to identify areas that are untested

  * http://admiyo.fedorapeople.org/openstack/covhtml/

  * V3 API

  * IdM as service catalog entries

  * Attribute Mapping (Kristy Siu, Kent.ac.uk)  (not much happened here
    over the holidays)

  * https://review.openstack.org/#/c/18280/1

Tunables for QA:

  * Databases:  SQLite, MySQL, PostgreSQL

  * Identity: can also use LDAP and PAM

  * Memcached or KVS Backends should not be recommended for deployment
    or supported

  * Token Type

  * *UUID*

  * PKI

  * Need to test multiple servers w/ load balancer in front of it

  * Web Server: Eventlet or HTTPD

  *   With HTTPD can use remote authentication:

  * Kerberos,

  * Basic Auth, and

  * X509 Client cert should all be tested.

  * Groups(henrynash)

  * https://blueprints.launchpad.net/openstack/?searchtext=user-groups

  * Just merged into Repo:

  * https://review.openstack.org/#/c/18097/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130114/33997a6d/attachment.htm>

More information about the rhos-list mailing list