[openstack-dev] [TripleO][keystone] Pt. 2 of Passing along some field feedback

Fox, Kevin M Kevin.Fox at pnnl.gov
Wed Jun 28 19:29:27 UTC 2017

I think everyone would benefit from a read-only role for keystone out of the box. Can we get this into keystone rather then in the various distro's?

From: Ben Nemec [openstack at nemebean.com]
Sent: Wednesday, June 28, 2017 12:06 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [TripleO] Pt. 2 of Passing along some field feedback

A few weeks later than I had planned, but here's the other half of the
field feedback I mentioned in my previous email:

* They very emphatically want in-place upgrades to work when moving from
non-containerized to containerized.  I think this is already the plan,
but I told them I'd make sure development was aware of the desire.

* There was also great interest in contributing back some of the custom
templates that they've had to write to get advanced features working in
the field.  Here again we recommended that they start with an RFE so
things could be triaged appropriately.  I'm hoping we can find some
developer time to help polish and shepherd these things through the
review process.

* Policy configuration was discussed, and I pointed them at some recent
work we have done around that:
  I'm not sure it fully addressed their issues, but I suggested they
take a closer look and provide feedback on any ways it doesn't meet
their needs.

The specific use case they were looking at right now was adding a
read-only role.  They did provide me with a repo containing their
initial work, but unfortunately it's private to Red Hat so I can't share
it here.

* They wanted to be able to maintain separate role files instead of one
monolithic roles_data.yaml.  Apparently they have a pre-deploy script
now that essentially concatenates some individual files to get this
functionality.  I think this has already been addressed by

* They've also been looking at ways to reorganize the templates in a
more intuitive fashion.  At first glance the changes seemed reasonable,
but they were still just defining the layout.  I don't know that they've
actually tried to use the reorganized templates yet and given the number
of relative paths in tht I suspect it may be a bigger headache than they
expect, but I thought it was interesting.  There may at least be
elements of this work that we can use to make the templates easier to
understand for deployers.



OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe

More information about the OpenStack-dev mailing list