Open Stack

Hey Stackers,

 I'm wondering here... Samba4 is pretty solid (up coming 4.2 rocks), I'm
using it on a daily basis as an AD DC controller, for both Windows and
Linux Instances! With replication, file system ACLs - cifs, built-in LDAP,
dynamic DNS with Bind9 as a backend (no netbios) and etc... Pretty cool!

 In OpenStack ecosystem, there are awesome solutions like Trove, Solum,
Designate and etc... Amazing times BTW! So, why not try to integrate
Samba4, working as an AD DC, within OpenStack itself?!

 If yes, then, what is the best way/approach to achieve this?!

 I mean, for SQL, we have Trove, for iSCSI, Cinder, Nova uses Libvirt...
Don't you guys think that it is time to have an OpenStack project for LDAP
too? And since Samba4 come with it, plus DNS, AD, Kerberos and etc, I think
that it will be huge if we manage to integrate it with OpenStack.

 I think that it would be nice to have, for example: domains, users and
groups management at Horizon, and each tenant with its own "Administrator"
(not the Keystone "global" admin) (to mange its Samba4 domains), so, they
will be able to fully manage its own account, while allowing Keystone to
authenticate against these users...

 Also, maybe Designate can have support for it too! I don't know for sure...

 Today, I'm doing this "Samba integration" manually, I have an "external"
Samba4, from OpenStack's point of view, then, each tenant/project, have its
own DNS domains, when a instance boots up, I just need to do something like
this (bootstrap):

--
echo "127.0.1.1 instance-1.tenant-1.domain-1.com instance-1" >> /etc/hosts
net ads join -U administrator
--

 To make this work, the instance just needs to use Samba4 AD DC as its Name
Servers, configured at its /etc/resolv.conf, "delivered by DHCP Agent". The
packages `samba-common-bin` and `krb5-user` are also required. Including a
ready to use smb.conf file.

 Then, "ping instance-1.tenant-1.domain-1.com" worldwide! It works for both
IPv4 and IPv6!!

 Also, Samba4 works okay with Disjoint Namespaces
<http://technet.microsoft.com/en-us/library/cc731929(v=ws.10).aspx>, so,
each tenant can have one or more domains and subdomains! Like "*.
realm.domain.com, *.domain.com, *.cloud-net-1.domain.com, *.domain2.com...
All dynamic managed by Samba4 and Bind9!

 What about that?!

Cheers!
Thiago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140816/02329aa9/attachment.html>