[openstack-dev] [Keystone] Requesting FFE for last few remaining patches for domain configuration SQL support
Rich Megginson
rmeggins at redhat.com
Tue Mar 17 20:17:50 UTC 2015
On 03/17/2015 01:26 PM, Henry Nash wrote:
> Hi
>
> Prior to Kilo, Keystone supported the ability for its Identity
> backends to be specified on a domain-by-domain basis - primarily so
> that different domains could be backed by different LDAP servers. In
> this previous support, you defined the domain-specific configuration
> options in a separate config file (one for each domain that was not
> using the default options). While functional, this can make onboarding
> new domains somewhat problematic since you need to create the domains
> via REST and then create a config file and push it out to the keystone
> server (and restart the server). As part of the Keystone Kilo release
> we are are supporting the ability to manage these domain-specific
> configuration options via REST (and allow them to be stored in the
> Keystone SQL database). More detailed information can be found in the
> spec for this change at: https://review.openstack.org/#/c/123238/
>
> The actual code change for this is split into 11 patches (to make it
> easier to review), the majority of which have already merged - and the
> basic functionality described is already functional. There are some
> final patches that are in-flight, a few of which are unlikely to meet
> the m3 deadline. These relate to:
>
> 1) Migration assistance for those that want to move from the current
> file-based domain-specific configuration files to the SQL based
> support (i.e. a one-off upload of their config files). This is
> handled in the keystone-manage tool - See:
> https://review.openstack.org/160364 <https://review.openstack.org/160364>
> 2) The notification between multiple keystone server processes that a
> domain has a new configuration (so that a restart of keystone is not
> required) - See: https://review.openstack.org/163322
> <https://review.openstack.org/163322>
> 3) Support of substitution of sensitive config options into
> whitelisted options (this might actually make the m3 deadline anyway)
> - See https://review.openstack.org/159928
> <https://review.openstack.org/159928>
>
> Given that we have the core support for this feature already merged, I
> am requesting an FFE to enable these final patches to be merged ahead
> of RC.
This would be nice to use in puppet-keystone for domain configuration.
Is there support planned for the openstack client?
>
> Henry
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150317/a925f322/attachment.html>
More information about the OpenStack-dev
mailing list