Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OpenStack GDL : Hacking keystone | 20 Octubre 2014

908 views

Published on

Presentación utilizada durante la sesión de octubre de OpenStack GDL

Published in: Software

OpenStack GDL : Hacking keystone | 20 Octubre 2014

  1. 1. Hacking Keystone Victor Morales @electrocucarach
  2. 2. Agenda • Context • What is keystone? • History • Demo # keystone-manage # keystone-all – Installation (operator perspective) – Installation (developer perspective)
  3. 3. Cloud computing is a specialized form of distributed computing that introduces utilization models for remotely provisioning scalable and measured IT resources. Organization name Month dd, yyyy
  4. 4. Service Models
  5. 5. Deployment models
  6. 6. OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a data center, all managed through a dashboard … 6
  7. 7. Definition Keystone is the identity service used by OpenStack for authentication (authN) and high-level authorization (authZ). It currently supports token-based authN and user-service authorization. If you're interested in identity for OpenStack, we hold public meetings weekly on IRC in #openstack-meeting, on Tuesdays at 18:00 UTC.
  8. 8. Releases • Essex: – Supports S3 token validation and additional Swift storage features • Folsom: – PKI Support for authentication. • Grizzly: – New API (V3) • Havana: – General performance improvements • Icehouse: – The assignments backend has now been completely separated from the identity backend. • Juno: – Multiple Identity backends – LDAPs now available – Keystone-to-Keystone Federation(experimental).
  9. 9. API • catalog • ec2- credentials – create – delete – get – List • endpoint – create – delete – get – list • password – update • role – create – delete – get – List • service – Create – Delete – get – list • tenant – create – delete – get – List • token – Get • user – create – delete – Get – list – update – password-update • user-role – add – list – Remove • discover • bootstrap • bash – completition
  10. 10. keystone-all It starts both the service and administrative APIs in a single process to provide catalog, authorization, and authentication services for OpenStack. --config-dir DIR Path to a config directory to pull *.conf files from --config-file PATH Path to a config file to use. Multiple config files can be specified, with values in later files taking precedence.
  11. 11. keystone-manage It’s the command line tool which interacts with the Keystone service to initialize and update data within Keystone. Generally, keystone-manage is only used for operations that cannot be accomplished with the HTTP API, such data import/export and database migrations. Available commands: • db_sync: Sync the database. • db_version: Print the current migration version of the database. • mapping_purge: Purge the identity mapping table. • pki_setup: Initialize the certificates used to sign tokens. • saml_idp_metadata: Generate identity provider metadata. • ssl_setup: Generate certificates for SSL. • token_flush: Purge expired tokens.
  12. 12. Installation 1/2 • Operator perspective (Ubuntu): # echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/icehouse main" >> /etc/apt/sources.list.d/icehouse.list # apt-get update # apt-get -y install ubuntu-cloud-keyring # apt-get update # apt-get -y install keystone Configure /etc/keystone/keystone.conf # keystone-manage db_sync # service keystone restart
  13. 13. Installation 2/2 • Developer perspective : $ sudo apt-get install –y git screen python-pip python-virtualenv python-dev libxml2-dev libxslt1-dev libsasl2-dev libsqlite3-dev libssl-dev libldap2-dev libffi-dev $ git clone https://github.com/openstack/keystone.git $ cd keystone $ python tools/install_venv.py $ mv etc/keystone.conf.sample etc/keystone.conf Configure /etc/keystone/keystone.conf $ tools/with_venv.sh bin/keystone-manage db_sync $ screen -dmS "keystone_service" tools/with_venv.sh bin/keystone-all

×