Not the way to do it long term, but this will give you a chance to play with it.
From the controller node:
sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo crudini --set /etc/keystone/keystone.conf token provider fernet
sudo systemctl restart httpd.service
$ openstack token issue -f shell
I’ve been in and out of leadership roles from High School onward. For the past decade and a half, I’ve been a professional software developer. During that time, I’ve been in a leadership position roughly a third of the time. Recently, I was asked to evaluate my Leadership Philosophy (more on that later). I’ve also had to do the annual counselling that My company formalizes.
One tool we learned in the Army was the list of Leadership principals. As part of my evaluation, I want to see how I think they apply to what I do: Software Development in an Open Source project space. Here’s what I’ve come up with so far:
I’ve set up MySQL enough times figuring things out from docs that I decided I need to take notes.
This is a destructive re-install. Don’t do this if you value your data. In fact, just don’t do this.
Keystone supports multiple backend for Identity. While SQL is the default, LDAP is one of the most used. With Federation protocols, the user data won’t even be stored in the identity backend at all. All three of these approaches have different use cases, and all work together. The way that that I’ve come to think of them is as three types of Keystone users: employees, partners, and customers. Take the following as a metaphor, not literal truth.
I have a Horizon instance Proof of Concept. It has a way to go to be used in production, but the mechanism works.
During the years I worked as a Web application developer, it seemed like every application had its own authentication mechanism. An application developer is thinking in terms of the domain model for their application whether it be eCommerce, Systems management, photography, or weblogs. Identity Management is a cross cutting concern, and it is hard to get right. Why, then, do so many applications have “user” tables in their databases?
Once again it is time to brain dump the things I want to make happen in the next release of Open Stack.
After reading The Hobbit to my sons, my younger guy requested his favorite character. Quite pleased with how this grey pilgrim turned out.
There is not a lot of text: I tend to keep my presentations as a visual mnemonic for the topics being discussed.
Let me know if you want to steal any of the images I created. I have them all as SVG, and the UML diagrams came out of ArgoUML.
Most of the Creative Commons images were found on DeviantArt.com, attributions at the end.
Identity Management (IdM) needs change as an organization grows in size. For an example, I’ll describe a fictional company, and take it from the smallest to largest stages. While, to some degree, the industry of this firm really doesn’t matter, I am going to use a small import business started by a single individual and scale it up to a multinational corporation. As the organization grows in size, the technical needs will drive the scope and scale of the identity management solutions required.
(This is my writing Cross posted from the FreeIPA wiki)