Submit Search
Upload
Keystone deep dive 1
•
1 like
•
270 views
J
Jsonr4
Follow
Indian OpenStack User Group - June openstack meetup Keystone Deep Dive
Read less
Read more
Technology
Report
Share
Report
Share
1 of 25
Download now
Download to read offline
Recommended
OpenStack Keystone
OpenStack Keystone
Deepti Ramakrishna
OpenStack Keystone with LDAP
OpenStack Keystone with LDAP
Jesse Pretorius
Integrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
cjellick
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Keystone: Federated
Keystone: Federated
jamielennox
Recommended
OpenStack Keystone
OpenStack Keystone
Deepti Ramakrishna
OpenStack Keystone with LDAP
OpenStack Keystone with LDAP
Jesse Pretorius
Integrating OpenStack with Active Directory
Integrating OpenStack with Active Directory
cjellick
Keystone - Openstack Identity Service
Keystone - Openstack Identity Service
Prasad Mukhedkar
OpenStack GDL : Hacking keystone | 20 Octubre 2014
OpenStack GDL : Hacking keystone | 20 Octubre 2014
Victor Morales
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (liberty) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
Keystone: Federated
Keystone: Federated
jamielennox
OpenStack Glance
OpenStack Glance
openstackstl
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
Secure Keystone Deployment
Secure Keystone Deployment
Priti Desai
Keystone Federation
Keystone Federation
openstackindia
Building IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
Julian Catrambone
Openstack Keystone
Openstack Keystone
Kamesh Pemmaraju
Kubernetes 1.3 - Highlights
Kubernetes 1.3 - Highlights
Matthew Barker
Docker 1.5
Docker 1.5
rajdeep
OpenStack Neutron Reverse Engineered
OpenStack Neutron Reverse Engineered
openstackindia
Openstack nova
Openstack nova
Murali Boyapati
Open Stack compute-service-nova
Open Stack compute-service-nova
GHANSHYAM MANN
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
StreamNative
8 devstack beyond_hello-world
8 devstack beyond_hello-world
openstackindia
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Priti Desai
Security_of_openstack_keystone
Security_of_openstack_keystone
UT, San Antonio
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Stephen Gordon
OpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
What’s new in WSO2 Enterprise Integrator 6.6
What’s new in WSO2 Enterprise Integrator 6.6
WSO2
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
More Related Content
What's hot
OpenStack Glance
OpenStack Glance
openstackstl
OpenStack keystone identity service
OpenStack keystone identity service
openstackindia
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Steve Martinelli
Secure Keystone Deployment
Secure Keystone Deployment
Priti Desai
Keystone Federation
Keystone Federation
openstackindia
Building IAM for OpenStack
Building IAM for OpenStack
Steve Martinelli
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
Julian Catrambone
Openstack Keystone
Openstack Keystone
Kamesh Pemmaraju
Kubernetes 1.3 - Highlights
Kubernetes 1.3 - Highlights
Matthew Barker
Docker 1.5
Docker 1.5
rajdeep
OpenStack Neutron Reverse Engineered
OpenStack Neutron Reverse Engineered
openstackindia
Openstack nova
Openstack nova
Murali Boyapati
Open Stack compute-service-nova
Open Stack compute-service-nova
GHANSHYAM MANN
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
StreamNative
8 devstack beyond_hello-world
8 devstack beyond_hello-world
openstackindia
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Priti Desai
Security_of_openstack_keystone
Security_of_openstack_keystone
UT, San Antonio
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Stephen Gordon
OpenStack API's and WSGI
OpenStack API's and WSGI
Mike Pittaro
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Lorenzo Carnevale
What's hot
(20)
OpenStack Glance
OpenStack Glance
OpenStack keystone identity service
OpenStack keystone identity service
OpenStack Toronto Meetup - Keystone 101
OpenStack Toronto Meetup - Keystone 101
Secure Keystone Deployment
Secure Keystone Deployment
Keystone Federation
Keystone Federation
Building IAM for OpenStack
Building IAM for OpenStack
FreeIPA - Attacking the Active Directory of Linux
FreeIPA - Attacking the Active Directory of Linux
Openstack Keystone
Openstack Keystone
Kubernetes 1.3 - Highlights
Kubernetes 1.3 - Highlights
Docker 1.5
Docker 1.5
OpenStack Neutron Reverse Engineered
OpenStack Neutron Reverse Engineered
Openstack nova
Openstack nova
Open Stack compute-service-nova
Open Stack compute-service-nova
Securing your Pulsar Cluster with Vault_Chris Kellogg
Securing your Pulsar Cluster with Vault_Chris Kellogg
8 devstack beyond_hello-world
8 devstack beyond_hello-world
Deep Dive into Keystone Tokens and Lessons Learned
Deep Dive into Keystone Tokens and Lessons Learned
Security_of_openstack_keystone
Security_of_openstack_keystone
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
Deep Dive: OpenStack Summit (Red Hat Summit 2014)
OpenStack API's and WSGI
OpenStack API's and WSGI
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
OpenStack Identity - Keystone (kilo) by Lorenzo Carnevale and Silvio Tavilla
Similar to Keystone deep dive 1
What’s new in WSO2 Enterprise Integrator 6.6
What’s new in WSO2 Enterprise Integrator 6.6
WSO2
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
MongoDB
Introduction to SQL Server on RHEL
Introduction to SQL Server on RHEL
Takayoshi Tanaka
Cl212
Cl212
Juliette Ponnet
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
DECK36
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015
Dave Stokes
Introduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Cloud Native Day Tel Aviv
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
SANE Ibrahima
Ldap introduction (eng)
Ldap introduction (eng)
Anatoliy Okhotnikov
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Patrick Chanezon
Kerberizing spark. Spark Summit east
Kerberizing spark. Spark Summit east
Jorge Lopez-Malla
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Nate Iler
Mcitp server administrator
Mcitp server administrator
97148881557
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Smita Raut
Sprint 45 review
Sprint 45 review
ManageIQ
Extending kubernetes
Extending kubernetes
Gigi Sayfan
Getting data into Rudder
Getting data into Rudder
RUDDER
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
Nathan Handler
Similar to Keystone deep dive 1
(20)
What’s new in WSO2 Enterprise Integrator 6.6
What’s new in WSO2 Enterprise Integrator 6.6
Securing Your Enterprise Web Apps with MongoDB Enterprise
Securing Your Enterprise Web Apps with MongoDB Enterprise
Introduction to SQL Server on RHEL
Introduction to SQL Server on RHEL
Cl212
Cl212
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
MySQL Utilities -- PyTexas 2015
MySQL Utilities -- PyTexas 2015
Introduction to kubernetes
Introduction to kubernetes
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Orchestration Tool Roundup - Arthur Berezin & Trammell Scruggs
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
Ldap introduction (eng)
Ldap introduction (eng)
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
What's new in Docker - InfraKit - Docker Meetup Berlin 2016
Kerberizing spark. Spark Summit east
Kerberizing spark. Spark Summit east
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Craft CMS: Beyond the Small Business; Advanced tools and configurations
Mcitp server administrator
Mcitp server administrator
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
Sprint 45 review
Sprint 45 review
Extending kubernetes
Extending kubernetes
Getting data into Rudder
Getting data into Rudder
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
Recently uploaded
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Zilliz
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Recently uploaded
(20)
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Keystone deep dive 1
1.
Openstack Keystone -
Deep Dive Indian OpenStack User Group - Meetup Jaison Raju Senior Technical Support Engineer 18/06/17
2.
Agenda ● Introduction to
Identity Service ● Openstack Keystone Concepts ● Configuration ● Demo 1 ● Integration with IPA/ldap backend ● Demo 2
3.
Introduction to Identity
Service
4.
Introduction to Identity
Service
5.
Openstack Keystone Concepts
6.
Introduction to Identity
Service
7.
Keystone Concepts Actor (User
and groups) Credentials Token Roles - Unique within domain Project - Unique within domain Domain Service Endpoints Region Catalog Assignment Policy
8.
Services in keystone
9.
Endpoint for each
Service
10.
Multi-Site deployment using
Regions Region1 Region2
11.
Authentication & Authorization
12.
Openstack Keystone Architecture.
13.
Configuration
14.
Configuration file (keystone.conf) /etc/keystone/keystone.conf ●
[DEFAULT] - General configuration ● [assignment] - Assignment system driver configuration ● [auth] - Authentication plugin configuration ● [cache] - Caching layer configuration ● [catalog] - Service catalog driver configuration ● [credential] - Credential system driver configuration ● [domain_config] - Domain configuration ● [endpoint_filter] - Endpoint filtering configuration ● [endpoint_policy] - Endpoint policy configuration ● [federation] - Federation driver configuration ● [fernet_tokens] - Fernet token configuration ● [identity] - Identity system driver configuration ● [identity_mapping] - Identity mapping system driver configuration ● [ldap] - LDAP configuration options
15.
Configuration file (keystone.conf) /etc/keystone/keystone.conf ●
[memcache] - Memcache configuration options ● [oauth1] - OAuth 1.0a system driver configuration ● [paste_deploy] - Pointer to the PasteDeploy configuration file ● [policy] - Policy system driver configuration for RBAC ● [resource] - Resource system driver configuration ● [revoke] - Revocation system driver configuration ● [role] - Role system driver configuration ● [saml] - SAML configuration options ● [security_compliance] - Security compliance configuration ● [shadow_users] - Shadow user configuration ● [signing] - Cryptographic signatures for PKI based tokens ● [token] - Token driver & token provider configuration ● [tokenless_auth] - Tokenless authentication configuration ● [trust] - Trust configuration
16.
Demo 1
17.
Demo1 ● Prepare devstack
environment ● Create ○ User ○ Project ○ Domain ○ Role ○ Group ● Test authentication ● Test authorization
18.
Integration with IPA
/ ldap backend
19.
LDAP Integration for
Identity ● # setsebool -P authlogin_nsswitch_use_ldap on ● Configure keystone.conf for multiple backends: ● Define the destination LDAP server in the /etc/keystone/keystone.conf file: [ldap] url = ldaps://ipa.india-1.local user = uid=svc-ldap,cn=users,cn=accounts,dc=india-1,dc=local user_filter = (memberOf=cn=grp-openstack,cn=groups,cn=accounts,dc=india-1,dc=local) password = <RedactedComplexPassword> user_tree_dn = cn=users,cn=accounts,dc=india-1,dc=local user_objectclass = inetUser user_id_attribute = uid user_name_attribute = uid user_mail_attribute = mail user_pass_attribute = user_allow_create = False user_allow_update = False user_allow_delete = False tls_cacertfile = /etc/ssl/certs/ca.crt group_tree_dn = ou=Groups,dc=india-1,dc=local group_objectclass = groupOfNames [identity] driver = keystone.identity.backends.ldap.Identity" [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains ● Configure LDAP server in the /etc/keystone/domains/keystone.<domain>.conf
20.
Demo 2
21.
Demo2 ● Create IPA
container . ● Create required users / groups . ● Configure keystone to use ldap backend for identity for a specific domain. ● Test environment . docker run --privileged --net=bridge -v /var/lib/ipa-data:/data/ipa1/ipa-data -v /var/log:/data/ipa1/ipa-logs -v /sys/fs/cgroup:/sys/fs/cgroup:ro -h ipa.india-1.local --tmpfs /run --tmpfs /tmp -e IPA_SERVER_IP=172.17.0.1 -p 172.17.0.1:53:53/udp -p 172.17.0.1:53:53 -p 172.17.0.1:80:80 -p 172.17.0.1:443:443 -p 172.17.0.1:389:389 -p 172.17.0.1:636:636 -p 172.17.0.1:88:88 -p 172.17.0.1:464:464 -p 172.17.0.1:88:88/udp -p 172.17.0.1:464:464/udp -p 172.17.0.1:123:123/udp -p 172.17.0.1:7389:7389 -p 172.17.0.1:9443:9443 -p 172.17.0.1:9444:9444 -p 172.17.0.1:9445:9445 --name ipa-test -it ad085031fb10 ipa-server-install --realm=india-1.local --ds-password=redhat@123 --admin-password=redhat@321 --setup-dns --no-forwarders --no-host-dns --auto-reverse --allow-zone-overlap --no-dnssec-validation --debug -U
22.
References ● Openstack developer
page - https://docs.openstack.org/developer/keystone ● Openstack admin guide - https://docs.openstack.org/admin-guide/identity-management.html ● DevStack installation guide - https://docs.openstack.org/developer/devstack/guides/single-machine.html ● DevStack configuration guide - https://docs.openstack.org/developer/devstack/configuration.html
23.
Getting involved ● IRC:
Freenode@openstack-keystone ● Mailing list: openstack-dev@lists.openstack.org ● Keystone Project Page on Launchpad: https://launchpad.net/keystone ● Keystone Source Repository: https://git.openstack.org/cgit/openstack/keystone
24.
THANK YOU google.com/+jasonraju https://www.linkedin.com/in/jaison-r aju-8518a045/ youtube.com/user/RedHatVideos @jsonr4 IRC jaison@Red
hat, links@Freenode jraju@redhat.com
25.
THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews
Download now