[Openstack] [Keystone] Leverage an existing (non-KS) DB?

Adam Lawson alawson at aqorn.com
Wed Apr 23 19:08:17 UTC 2014


Thanks guys; If the team says you cannot connect to our database directly -
you must use our API, does this change the above suggestions or do these
suggestions assume KS is talking to an API?


*Adam Lawson*
AQORN, Inc.
427 North Tatnall Street
Ste. 58461
Wilmington, Delaware 19801-2230
Toll-free: (844) 4-AQORN-NOW
Direct: +1 (302) 268-6914



On Wed, Apr 23, 2014 at 11:58 AM, Matt Griffin <matt.griffin at percona.com>wrote:

> Perhaps Percona Server's PAM plug-in might save you some time.
> http://www.percona.com/doc/percona-server/5.6/management/pam_plugin.html
>
> Plus you'd probably get a performance gain over MySQL Community Edition.
>
> Best,
> Matt Griffin
>
>
>
>
> On Tue, Apr 22, 2014 at 10:42 PM, Adam Young <ayoung at redhat.com> wrote:
>
>>  On 04/21/2014 02:28 PM, Adam Lawson wrote:
>>
>> Crap, hit send half-way through. Let's try this again...
>>
>>  Can Keystone work with a non-KS database for authentication and
>> authorization via API? There is an existing SQL database of
>> users/passwords/roles etc supporting an existing cloud and I'm being asked
>> to research the options how to introduce Keystone with read-only access.
>> Finding options on how this might happen has been challenging.
>>
>> The bad news: You will have to write your own backend.
>> The Good News:  you don't need to implement a lot. All you need is the
>> code to get users and groups.
>>
>>
>> Take a look at the existing SQL backend and chop out anything that
>> actually writes to the DB.  Code is here:
>>
>>
>> http://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/sql.py
>>
>>
>>  Basically, they have a cloud with S3 object storage but want to move
>> towards Swift + Keystone but continue using their existing database as the
>> hub of all things related to credentials and authorizations. I figure
>> Keystone can connect to a foreign SQL DB if the values were mapped
>> correctly, but I don't know where this has been done prior. Thoughts?
>>
>>  Mahalo,
>> Adam
>>
>>
>> * Adam Lawson*
>>  AQORN, Inc.
>> 427 North Tatnall Street
>> Ste. 58461
>> Wilmington, Delaware 19801-2230
>> Toll-free: (844) 4-AQORN-NOW
>> Direct: +1 (302) 268-6914
>>
>>
>>
>> On Mon, Apr 21, 2014 at 11:18 AM, Adam Lawson <alawson at aqorn.com> wrote:
>>
>>> Small q company has a custom database with user/pass's scraped from LDAP
>>> with some existing cloud concoction, Is there a straight forward way for
>>> Keystone to use that database for authorization and authentication with
>>> minimal development/re-tooling? Is there a good starting point to create an
>>> API to use that database?
>>>
>>>
>>> * Adam Lawson*
>>>  AQORN, Inc.
>>> 427 North Tatnall Street
>>> Ste. 58461
>>> Wilmington, Delaware 19801-2230
>>> Toll-free: (844) 4-AQORN-NOW
>>> Direct: +1 (302) 268-6914
>>>
>>>
>>
>>
>> _______________________________________________
>> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140423/e8356b92/attachment.html>


More information about the Openstack mailing list