Open Stack

Nice work Adam, as usual.

I'm dropping some comments about how we could automate it in TripleO:

# Identity Provider Registration and Metadata
This script could be called by Puppet or Heat at the right time, but
now I don't have the best answer.

# Federation Operations
We can achieve it with puppet-keystone thanks to Sofer's awesome work:
https://github.com/openstack/puppet-keystone/blob/master/lib/puppet/provider/keystone_identity_provider/openstack.rb

# Dashboard
We need to expose new parameters to puppet-horizon and consume them in
THT horizon service.

# Redirect Support for SAML
We can easily do it in puppet-tripleo re-using current bits for haproxy config.

# Federation Mapping
Gilles started that a long time ago: https://review.openstack.org/#/c/202409/
We'll need to finish it.
Other actions can be handled by puppet-keystone.

# deploy-env.yml
Please submit the missing keystone.conf parameters into puppet-keystone.


Conclusion: I think we can achieve almost (if not all) everything in
TripleO and Puppet modules without crazy pain.
Please create launchpads bugs for every piece, it will help PTLs
(Puppet + TripleO) to prioritize/task the work that needs to be done.

HTH

On Thu, Aug 11, 2016 at 2:20 PM, Adam Young <ayoung at redhat.com> wrote:
>  http://adam.younglogic.com/2016/08/ooo-ha-fed-poc/
>
>
> It is painful, sloppy, Mitaka based.  Have at it, and lets make Federation a
> reality for Newton based deployments.  Feedback eagerly sought.
>
> Thanks for all the people that helped get me through this.  Won't list you
> all, as it would start to sound like an Oscars acceptance speech.
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Emilien Macchi