[openstack-dev] [Tripleo] Tripleo HA Federation Proof-of-Concept

Emilien Macchi emilien at redhat.com
Thu Aug 11 18:37:52 UTC 2016

Nice work Adam, as usual.

I'm dropping some comments about how we could automate it in TripleO:

# Identity Provider Registration and Metadata
This script could be called by Puppet or Heat at the right time, but
now I don't have the best answer.

# Federation Operations
We can achieve it with puppet-keystone thanks to Sofer's awesome work:

# Dashboard
We need to expose new parameters to puppet-horizon and consume them in
THT horizon service.

# Redirect Support for SAML
We can easily do it in puppet-tripleo re-using current bits for haproxy config.

# Federation Mapping
Gilles started that a long time ago: https://review.openstack.org/#/c/202409/
We'll need to finish it.
Other actions can be handled by puppet-keystone.

# deploy-env.yml
Please submit the missing keystone.conf parameters into puppet-keystone.

Conclusion: I think we can achieve almost (if not all) everything in
TripleO and Puppet modules without crazy pain.
Please create launchpads bugs for every piece, it will help PTLs
(Puppet + TripleO) to prioritize/task the work that needs to be done.


On Thu, Aug 11, 2016 at 2:20 PM, Adam Young <ayoung at redhat.com> wrote:
>  http://adam.younglogic.com/2016/08/ooo-ha-fed-poc/
> It is painful, sloppy, Mitaka based.  Have at it, and lets make Federation a
> reality for Newton based deployments.  Feedback eagerly sought.
> Thanks for all the people that helped get me through this.  Won't list you
> all, as it would start to sound like an Oscars acceptance speech.
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Emilien Macchi

More information about the OpenStack-dev mailing list