[Openstack-operators] : Using keystone to keystone federation

Kanthi P pavuluri.kanthi at gmail.com
Sun May 17 17:27:48 UTC 2015 

I am trying to understand and use the keystone to keystone federation
described here:
https://github.com/openstack/keystone-specs/blob/master/specs/juno/keystone-to-keystone-federation.rst

It is mentioned that we can have one keystone as identity provider and to
that we can add multiple service providers.
Say I have multiple cloud deployments and want to add these as service
providers to that identity provider(keystone)
It is also mentioned that while we add a cloud implementer(openstack cloud
in my case) to an identity provider, we need to add it as a region. So my
query is that in my openstack deployment all the service endpoints should
be created in a region? something like this:

+----------------------------------+-----------+-------------------------------------------+-------------------------------------------+-------------------------------------------+----------------------------------+
|                id                |   region  |                 publicurl
                |                internalurl                |
   adminurl                 |            service_id            |
+----------------------------------+-----------+-------------------------------------------+-------------------------------------------+-------------------------------------------+----------------------------------+
| 1055a76371bb445e890c4730905a6294 | regionOne |
http://10.10.10.10:9292         |          http://10.10.10.10:9292
|          http://10.10.10.10:9292         |
0d98f46857a046bb8efeb96c9f79e0a1 |








On Sun, May 17, 2015 at 10:21 AM, Jesse Keating <jlk at bluebox.net> wrote:

> I'm not sure I understand the question. Can you elaborate some more?
>
>
> - jlk
>
> On Sat, May 16, 2015 at 1:12 AM, Kanthi P <pavuluri.kanthi at gmail.com>
> wrote:
>
>> Hi,
>>
>> I want to have multiple cloud service providers(of openstack) and a 3rd
>> party identity provider, keystone in my deployment.
>> So essentially the endpoints of openstack, including keystone service
>> with in each SP be created in a unique 'region' in the CSP deployment?
>>
>> Thanks
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150517/6baf080b/attachment.html>

More information about the OpenStack-operators mailing list