Submit Search
Upload
Keystone deep dive 1
•
1 like
•
270 views
J
Jsonr4
Follow
Indian OpenStack User Group - June openstack meetup Keystone Deep Dive
Read less
Read more
Technology
Report
Share
Report
Share
1 of 25
Download now
Download to read offline
Recommended
OpenStack Keystone
OpenStack Keystone
Deepti Ramakrishna
OpenStack Keystone with LDAP
OpenStack Keystone with LDAP
Jesse Pretorius
Integrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
cjellick
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Keystone: Federated
Keystone: Federated
jamielennox
Recommended
OpenStack Keystone
OpenStack Keystone
Deepti Ramakrishna
OpenStack Keystone with LDAP
OpenStack Keystone with LDAP
Jesse Pretorius
Integrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
cjellick
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Keystone: Federated
Keystone: Federated
jamielennox
OpenStack Glance
OpenStack Glance
openstackstl
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
Secure Keystone Deployment
Secure Keystone Deployment
Priti Desai
Keystone Federation
Keystone Federation
openstackindia
Building IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
Julian Catrambone
Openstack Keystone
Openstack Keystone
Kamesh Pemmaraju
Kubernetes 1.3 - Highlights
Kubernetes 1.3 - Highlights
Matthew Barker
Docker 1.5
Docker 1.5
rajdeep
OpenStack Neutron Reverse Engineered
OpenStack Neutron Reverse Engineered
openstackindia
Openstack nova
Openstack nova
Murali Boyapati
Open Stack compute-service-nova
Open Stack compute-service-nova
GHANSHYAM MANN
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
StreamNative
8 devstack beyond_hello-world
8 devstack beyond_hello-world
openstackindia
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Priti Desai
Security_of_openstack_keystone
Security_of_openstack_keystone
UT, San Antonio
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Stephen Gordon
OpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
What’s new in WSO2 Enterprise Integrator 6.6
What’s new in WSO2 Enterprise Integrator 6.6
WSO2
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
More Related Content
What's hot
OpenStack Glance
OpenStack Glance
openstackstl
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
Secure Keystone Deployment
Secure Keystone Deployment
Priti Desai
Keystone Federation
Keystone Federation
openstackindia
Building IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
Julian Catrambone
Openstack Keystone
Openstack Keystone
Kamesh Pemmaraju
Kubernetes 1.3 - Highlights
Kubernetes 1.3 - Highlights
Matthew Barker
Docker 1.5
Docker 1.5
rajdeep
OpenStack Neutron Reverse Engineered
OpenStack Neutron Reverse Engineered
openstackindia
Openstack nova
Openstack nova
Murali Boyapati
Open Stack compute-service-nova
Open Stack compute-service-nova
GHANSHYAM MANN
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
StreamNative
8 devstack beyond_hello-world
8 devstack beyond_hello-world
openstackindia
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Priti Desai
Security_of_openstack_keystone
Security_of_openstack_keystone
UT, San Antonio
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Stephen Gordon
OpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
What's hot
(20)
OpenStack Glance
OpenStack Glance
OpenStack keystone identity service
OpenStack keystone identity service
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Secure Keystone Deployment
Secure Keystone Deployment
Keystone Federation
Keystone Federation
Building IAM for OpenStack
Building IAM for OpenStack
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
Openstack Keystone
Openstack Keystone
Kubernetes 1.3 - Highlights
Kubernetes 1.3 - Highlights
Docker 1.5
Docker 1.5
OpenStack Neutron Reverse Engineered
OpenStack Neutron Reverse Engineered
Openstack nova
Openstack nova
Open Stack compute-service-nova
Open Stack compute-service-nova
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
8 devstack beyond_hello-world
8 devstack beyond_hello-world
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Security_of_openstack_keystone
Security_of_openstack_keystone
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
OpenStack API's and WSGI
OpenStack API's and WSGI
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Similar to Keystone deep dive 1
What’s new in WSO2 Enterprise Integrator 6.6
What’s new in WSO2 Enterprise Integrator 6.6
WSO2
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
Introduction to SQL Server on RHEL
Introduction to SQL Server on RHEL
Takayoshi Tanaka
Cl212
Cl212
Juliette Ponnet
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
DECK36
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015
Dave Stokes
Introduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Cloud Native Day Tel Aviv
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
SANE Ibrahima
Ldap introduction (eng)
Ldap introduction (eng)
Anatoliy Okhotnikov
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Patrick Chanezon
Kerberizing spark. Spark Summit east
Kerberizing spark. Spark Summit east
Jorge Lopez-Malla
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Nate Iler
Mcitp server administrator
Mcitp server administrator
97148881557
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Smita Raut
Sprint 45 review
Sprint 45 review
ManageIQ
Extending kubernetes
Extending kubernetes
Gigi Sayfan
Getting data into Rudder
Getting data into Rudder
RUDDER
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
Nathan Handler
Similar to Keystone deep dive 1
(20)
What’s new in WSO2 Enterprise Integrator 6.6
What’s new in WSO2 Enterprise Integrator 6.6
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
Introduction to SQL Server on RHEL
Introduction to SQL Server on RHEL
Cl212
Cl212
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015
Introduction to kubernetes
Introduction to kubernetes
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
Ldap introduction (eng)
Ldap introduction (eng)
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Kerberizing spark. Spark Summit east
Kerberizing spark. Spark Summit east
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Mcitp server administrator
Mcitp server administrator
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Sprint 45 review
Sprint 45 review
Extending kubernetes
Extending kubernetes
Getting data into Rudder
Getting data into Rudder
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
Recently uploaded
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
The transition to renewables in India.pdf
The transition to renewables in India.pdf
Competition Advisory Services (India) LLP
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
costume and set research powerpoint presentation
costume and set research powerpoint presentation
phoebematthew05
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
MarianaLemus7
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Hyundai Motor Group
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Neo4j
Recently uploaded
(20)
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
The transition to renewables in India.pdf
The transition to renewables in India.pdf
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
costume and set research powerpoint presentation
costume and set research powerpoint presentation
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
Keystone deep dive 1
1.
Openstack Keystone -
Deep Dive Indian OpenStack User Group - Meetup Jaison Raju Senior Technical Support Engineer 18/06/17
2.
Agenda ● Introduction to
Identity Service ● Openstack Keystone Concepts ● Configuration ● Demo 1 ● Integration with IPA/ldap backend ● Demo 2
3.
Introduction to Identity
Service
4.
Introduction to Identity
Service
5.
Openstack Keystone Concepts
6.
Introduction to Identity
Service
7.
Keystone Concepts Actor (User
and groups) Credentials Token Roles - Unique within domain Project - Unique within domain Domain Service Endpoints Region Catalog Assignment Policy
8.
Services in keystone
9.
Endpoint for each
Service
10.
Multi-Site deployment using
Regions Region1 Region2
11.
Authentication & Authorization
12.
Openstack Keystone Architecture.
13.
Configuration
14.
Configuration file (keystone.conf) /etc/keystone/keystone.conf ●
[DEFAULT] - General configuration ● [assignment] - Assignment system driver configuration ● [auth] - Authentication plugin configuration ● [cache] - Caching layer configuration ● [catalog] - Service catalog driver configuration ● [credential] - Credential system driver configuration ● [domain_config] - Domain configuration ● [endpoint_filter] - Endpoint filtering configuration ● [endpoint_policy] - Endpoint policy configuration ● [federation] - Federation driver configuration ● [fernet_tokens] - Fernet token configuration ● [identity] - Identity system driver configuration ● [identity_mapping] - Identity mapping system driver configuration ● [ldap] - LDAP configuration options
15.
Configuration file (keystone.conf) /etc/keystone/keystone.conf ●
[memcache] - Memcache configuration options ● [oauth1] - OAuth 1.0a system driver configuration ● [paste_deploy] - Pointer to the PasteDeploy configuration file ● [policy] - Policy system driver configuration for RBAC ● [resource] - Resource system driver configuration ● [revoke] - Revocation system driver configuration ● [role] - Role system driver configuration ● [saml] - SAML configuration options ● [security_compliance] - Security compliance configuration ● [shadow_users] - Shadow user configuration ● [signing] - Cryptographic signatures for PKI based tokens ● [token] - Token driver & token provider configuration ● [tokenless_auth] - Tokenless authentication configuration ● [trust] - Trust configuration
16.
Demo 1
17.
Demo1 ● Prepare devstack
environment ● Create ○ User ○ Project ○ Domain ○ Role ○ Group ● Test authentication ● Test authorization
18.
Integration with IPA
/ ldap backend
19.
LDAP Integration for
Identity ● # setsebool -P authlogin_nsswitch_use_ldap on ● Configure keystone.conf for multiple backends: ● Define the destination LDAP server in the /etc/keystone/keystone.conf file: [ldap] url = ldaps://ipa.india-1.local user = uid=svc-ldap,cn=users,cn=accounts,dc=india-1,dc=local user_filter = (memberOf=cn=grp-openstack,cn=groups,cn=accounts,dc=india-1,dc=local) password = <RedactedComplexPassword> user_tree_dn = cn=users,cn=accounts,dc=india-1,dc=local user_objectclass = inetUser user_id_attribute = uid user_name_attribute = uid user_mail_attribute = mail user_pass_attribute = user_allow_create = False user_allow_update = False user_allow_delete = False tls_cacertfile = /etc/ssl/certs/ca.crt group_tree_dn = ou=Groups,dc=india-1,dc=local group_objectclass = groupOfNames [identity] driver = keystone.identity.backends.ldap.Identity" [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains ● Configure LDAP server in the /etc/keystone/domains/keystone.<domain>.conf
20.
Demo 2
21.
Demo2 ● Create IPA
container . ● Create required users / groups . ● Configure keystone to use ldap backend for identity for a specific domain. ● Test environment . docker run --privileged --net=bridge -v /var/lib/ipa-data:/data/ipa1/ipa-data -v /var/log:/data/ipa1/ipa-logs -v /sys/fs/cgroup:/sys/fs/cgroup:ro -h ipa.india-1.local --tmpfs /run --tmpfs /tmp -e IPA_SERVER_IP=172.17.0.1 -p 172.17.0.1:53:53/udp -p 172.17.0.1:53:53 -p 172.17.0.1:80:80 -p 172.17.0.1:443:443 -p 172.17.0.1:389:389 -p 172.17.0.1:636:636 -p 172.17.0.1:88:88 -p 172.17.0.1:464:464 -p 172.17.0.1:88:88/udp -p 172.17.0.1:464:464/udp -p 172.17.0.1:123:123/udp -p 172.17.0.1:7389:7389 -p 172.17.0.1:9443:9443 -p 172.17.0.1:9444:9444 -p 172.17.0.1:9445:9445 --name ipa-test -it ad085031fb10 ipa-server-install --realm=india-1.local --ds-password=redhat@123 --admin-password=redhat@321 --setup-dns --no-forwarders --no-host-dns --auto-reverse --allow-zone-overlap --no-dnssec-validation --debug -U
22.
References ● Openstack developer
page - https://docs.openstack.org/developer/keystone ● Openstack admin guide - https://docs.openstack.org/admin-guide/identity-management.html ● DevStack installation guide - https://docs.openstack.org/developer/devstack/guides/single-machine.html ● DevStack configuration guide - https://docs.openstack.org/developer/devstack/configuration.html
23.
Getting involved ● IRC:
Freenode@openstack-keystone ● Mailing list: openstack-dev@lists.openstack.org ● Keystone Project Page on Launchpad: https://launchpad.net/keystone ● Keystone Source Repository: https://git.openstack.org/cgit/openstack/keystone
24.
THANK YOU google.com/+jasonraju https://www.linkedin.com/in/jaison-r aju-8518a045/ youtube.com/user/RedHatVideos @jsonr4 IRC jaison@Red
hat, links@Freenode jraju@redhat.com
25.
THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews
Download now