[rhos-list] Openstack Keystone Status Jan 14, 2013

Adam Young ayoung at redhat.com
Tue Jan 15 16:09:46 UTC 2013 

Apologies for the internal URLs on this, as It is a cut and past of a 
page I am using to try and link all of our resources regarding Keystone 
together.

The one URL that might cause some interest is on the RHIdM and Open 
Stack integration paper.  This is very much a brainstorming document for 
a talk that has been proposed for the Red Hat Summit.  Treat it as a 
teaser for the talk:  if you want to know more, sign up for the RH 
summit and hope that the talk gets selected.

I'll try to provide a more concise summary in the future.  The short of 
it is that we are in the middle of a development push, and a lot of 
things are in flux.  The driving goals are to make Keystone as solid as 
possible, and to provide an Identity Management solution in in Open 
Stack that ties in with the rest of the organizations deploying Open 
Stack.  The main themes are better support for:cryptography, LDAP,  
grouping of users, and delegation of authority.


On 01/14/2013 03:35 PM, Adam Young wrote:
> Current status For Red Hat Open Stack Keystone as of Jan 14, 2012
> maintained Here: http://openstack.etherpad.corp.redhat.com/keystone
>
> Keystone Upstream Core Devs:
>
> Joe Heck ( will be stepping down as PTL).
> Dolph Matthews poised to take PTL
> Henry Nash (IBM)
> Guang Yee (HP)
> Adam Young
>
> Things are looking to move faster with 2 new core devs.  THey hyave 
> been both active in code reviews.
>
> Not Core but Active:
>  David Chadwick (Univ. of Kent)
>  Kristy Sui (Univ. of Kent)
>
> Brad Topol and  K.  Sahdev  from IBM are going to start on LDAP work, 
> to include Backlog item of supporting LDAP in Devstack
>
> Current Development: G-2 interim release out last week.
>
>
>   * Trusts (ayoung)  Have been posted as a Work In Progress.  Won't be
>     in G-2
>
>   * https://review.openstack.org/#/c/18973/
>
>   * http://wiki.openstack.org/Keystone/Trusts
>
>   * https://blueprints.launchpad.net/keystone/+spec/trusts
>
>   * https://bugzilla.redhat.com/show_bug.cgi?id=894925
>
>   * Defining Proejct membership to mean role assignment:
>
>   * Discovered as an Issue with the V3 API
>
>   * https://blueprints.launchpad.net/keystone/+spec/replace-tenant-user-membership
>
>   * Trusts dependant on implementing
>
>   * Scoping a token to a Domain
>
>   * https://blueprints.launchpad.net/openstack/?searchtext=domain-scoping
>
>   * https://review.openstack.org/#/c/18770/
>
>   * This needs to be followed with "Scoping a token to an Endpoint"
>
>   * Discussion about whether to allow a token scoped to multiple projects
>
>   * My view:  should be allowed, but not the norm, and used only for
>     use cases invloving transferring resources between projects.
>
>   * Would change auth_token behaviour if allowed.
>
>   * Test Keystone againstLive SQL Posted for a review
>
>   * https://review.openstack.org/#/c/18519/
>
>   * This is only for SQL Upgrade tests
>
>   * going to require additional work for the real Unit tests due to
>     how DB schema is managed
>
>   *  Enhance wsgi to listen on ipv6 address
>
>   * https://review.openstack.org/#/c/19400/
>
>   * Better SSL support
>
>   * https://review.openstack.org/#/c/19562/
>
>   * Limit the size of HTTP requests.
>
>   * https://review.openstack.org/#/c/19567/1
>
>   * Stable:   Render content-type appropriate 404 (bug 1089987)
>
>   * Needs stable reviewers
>
>   * https://review.openstack.org/#/c/18049/
>
>
>
> Some discussion about doing things via User names and Project names.   
> All have identitified that it would be preferable, but we need to make 
> sure names are URL ready.
>
> Keystoneupstreamteam meeting (follows immediatly after RH OS Team meeting)
>
>   * Weekly - Tuesdays at 1800 UTC for ~45 minutes
>
>   * IRC channel: #openstack-meeting
>
>   * Chair (to contact for more information): Joseph Heck
>
>   * Agenda http://wiki.openstack.org/Meetings/KeystoneMeeting
>
>
>
> Red Hat Open Stack status
>
> Responded to Call for Papers with a FreeIPA/Open Stack integration 
> proposal
> Summit  talk: http://etherpad.corp.redhat.com/IdMOpenStack
>
> RH Members:
>
>   * Adam Young https://home.corp.redhat.com/user/ayoung
>
>   * Alan Pevec https://home.corp.redhat.com/user/apevec
>
>
> Potential Members:
>
>   * Kurt Seifried https://home.corp.redhat.com/user/kseifrie
>
>   * Russell Bryant (Security Response)
>     https://home.corp.redhat.com/user/rbryant
>
>   * QA?
>
>   * IdM team member?
>
>
> Recruiting Status:
>
>   * Planning on attending the Job Fairs at WPI and RPI
>
>   * Discussed hiring in Brno with assisstance of Dmitri's team
>
>
> Fedora Status (Package versions, dependnecies  and issues etc)
>
>   * Raw Hide has Grizzly-2 openstack-keystone-2013.1-0.2.g2.fc19
>
>   * el6-grizzly side-repo
>     http://repos.fedorapeople.org/repos/openstack/openstack-grizzly/epel-6/
>
>
> stable/folsom update 1(no change from Jan 8):
>
>   * F18
>     https://admin.fedoraproject.org/updates/openstack-keystone-2012.2.1-1.fc18
>
>   * EPELhttps://admin.fedoraproject.org/updates/openstack-keystone-2012.2.1-1.el6
>
>   * RHOS https://errata.devel.redhat.com/advisory/14265
>
>
> RH QA Status
>
>
>
>
> Backlog:
> devstack should set up Keystone with HTTPD
>
> Important Links
>
> First - launchpad - all the open source contributions basically 
> revolve around a launchpad ID.
> * launchpad: https://launchpad.net
>   * the keystone project: https://launchpad.net/keystone
>   * the blueprints (planned feature requests for keystone): 
> https://blueprints.launchpad.net/keystone
>  * Overview of how to get involved and many of these tools
>    * general to any openstack project: 
> http://wiki.openstack.org/HowToContribute
>  * Core reviews using reviewboard (authenticated with OAuth through 
> Launchpad)
>    * code reviews going into keystone: 
> https://review.openstack.org/#/q/status:open+keystone,n,z
>    * code reviews for the V3 keystone (openstack specific) API: 
> https://review.openstack.org/#/q/status:open+identity,n,z
>  * Source Code
>   * keystone: https://github.com/openstack/keystone
>   * the python client for keystone: 
> https://github.com/openstack/python-keystoneclient
>  * Documentation
>    * developer documentation (generated from keystone source code): 
> http://docs.openstack.org/developer/keystone/
>    * holistic documentation for openstack (keystone and more): 
> http://docs.openstack.org
>  * running openstack (keystone and more) on a single machine
>    * (used in OpenStack's  CI efforts and for development/test)
>    * http://devstack.org
>
> I mentioned that Keystone's V3 API is focused on providing services 
> to  other openstack components. The API relevant for writing plugins  
> (python, classes) is subclassing one of the drivers, such as 
> "identity"  - 
> https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L63.
>
> The conversations around the design and implementation of Federation  
> upcoming are happening actively on the openstack-dev mailing list. For 
> a  reasonable web interface to view and search previous messages and  
> conversations around this:
>   * http://markmail.org/search/?q=openstack-dev%20keystone
>   * more specific to federation discussions: 
> http://markmail.org/search/?q=openstack-dev+keystone+federation
>
> lists can be subscribed to at 
> http://lists.openstack.org/cgi-bin/mailman/listinfo
>
> The major actors in Keystone today are all involved on this mailing 
> list and keep touch weekly during the IRC meetings.
>
> The Keystone IRC meetings are held weekly - tuesdays at 1800UTC. We 
> keep an  agenda and previous discussion minutes available on the 
> OpenStack wiki  at http://wiki.openstack.org/Meetings/KeystoneMeeting
>
>
>
> Older Items
>
> F17CVE-2012-5483 
> https://admin.fedoraproject.org/updates/openstack-keystone-2012.1.3-3.fc17
>
>   * Significant Refactoring effort that needs to finish prior to trust
>     work
>
>   * https://review.openstack.org/#/c/17782/
>
>   * Just merged, took a lot of code review back and forth
>
>   * Ran the test coverage tool to identify areas that are untested
>
>   * http://admiyo.fedorapeople.org/openstack/covhtml/
>
>   * V3 API
>
>   * IdM as service catalog entries
>
>   * Attribute Mapping (Kristy Siu, Kent.ac.uk)  (not much happened
>     here over the holidays)
>
>   * https://review.openstack.org/#/c/18280/1
>
> Tunables for QA:
>
>   * Databases:  SQLite, MySQL, PostgreSQL
>
>   * Identity: can also use LDAP and PAM
>
>   * Memcached or KVS Backends should not be recommended for deployment
>     or supported
>
>   * Token Type
>
>   * *UUID*
>
>   * PKI
>
>   * Need to test multiple servers w/ load balancer in front of it
>
>   * Web Server: Eventlet or HTTPD
>
>   *  With HTTPD can use remote authentication:
>
>   * Kerberos,
>
>   * Basic Auth, and
>
>   * X509 Client cert should all be tested.
>
>   * Groups(henrynash)
>
>   * https://blueprints.launchpad.net/openstack/?searchtext=user-groups
>
>   * Just merged into Repo:
>
>   * https://review.openstack.org/#/c/18097/
>
>
>
>
> _______________________________________________
> rhos-list mailing list
> rhos-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rhos-list

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/rhos-list/attachments/20130115/e8efb1f1/attachment.htm>

More information about the rhos-list mailing list