[openstack-dev] Move keypair management out of Nova and into Keystone?

Jay Pipes jaypipes at gmail.com
Mon Jul 1 17:10:58 UTC 2013

On 07/01/2013 12:23 PM, Mauro S M Rodrigues wrote:
> +1.. make sense to me, I always thought that was weird hehe
> Say the word and we will remove it from v3.

Well, it's not weird, per-se... I mean I understand why it is the way it 
is. Nova, of course, preceded Keystone.

But, it sounds like this would be something to put on the Icehouse 
horizon? Can the Nova and Keystone PTLs comment if there is interest in 


> On 07/01/2013 01:02 PM, Russell Bryant wrote:
>> On 07/01/2013 11:47 AM, Jay Pipes wrote:
>>> Recently a colleague asked me whether their key pair from one of our
>>> deployment zones would be usable in another deployment zone. His
>>> identity credentials are shared between the two zones (we use a shared
>>> identity database) and was wondering if the key pairs were also shared.
>>> I responded that no, they were not, because Nova, not Keystone, manages
>>> key pairs. But that got me thinking.... is it time to change this?
>>> Key pairs really are an element of identity/authentication, and not
>>> specific to OpenStack Compute. Has there been any talk of moving the key
>>> pair management API out of Nova and into Keystone?
>> I haven't heard any talk about it, but it does seem to make sense.
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list