Open Stack

We are still using mysql backend for Keystone.

We are using a customization for Horizon that's public
https://github.com/blueboxgroup/horizon-customization

and then we have crafted policy files that are public as well (e.g.
https://github.com/blueboxgroup/ursula/blob/master/roles/nova-common/templates/etc/nova/policy.json
)

Lastly we have middleware for keystone (not public) that does some
filtering of what various roles can see, which in effect keeps "admin" role
from being able to see "cloud_admin" things.


- jlk

On Tue, Dec 29, 2015 at 12:28 AM, Oğuz Yarımtepe <oguzyarimtepe at gmail.com>
wrote:

> Using a middleware is what we are doing also. Can you give more details
> about your structure? Our middleware is like the Rackspace OpenRepose. What
> do you use for role definitions? Are you using any backend for Keystone
> like LDAP?
>
> Regards.
>
>
>
> On Thu, Dec 10, 2015 at 9:55 PM, Jesse Keating <jlk at bluebox.net> wrote:
>
>> We use RBAC, however we've done it based on roles and some middleware.
>> The policy files are essentially static.
>>
>>
>> - jlk
>>
>> On Wed, Dec 9, 2015 at 12:39 AM, Oguz Yarimtepe <oguzyarimtepe at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> I am wondering whether there are people using RBAC at production. The
>>> policy.json file has a structure that requires restart of the service each
>>> time you edit the file. Is there and on the fly solution or tips about it?
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>
>>
>
>
> --
> Oğuz Yarımtepe
> http://about.me/oguzy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151229/39587031/attachment.html>