After some discussion with Bill Nottingham I got a little further along with what it would take to integrate Ansible Tower and FreeIPA. Here are the notes from that talk.Continue reading
The Python world has long since embraced Python3. However, the stability guarantees of RHEL have limited it to Python2.7 as the base OS. Now that I am running RHEL on my laptop, I have to find a way to work with Python 3.5 in order to contribute to OpenStack. To further constrain myself, I do not want to “pollute” the installed python modules by using PIP to mix and match between upstream and downstream. The solution is the Software Collections version of Python 3.5. Here’s how I got it to work.
Once I know a starting point for a call, I want to track the other functions that it calls. pycallgraph will generate an image that shows me that.
What Policy is enforced when you call a Keystone API? Right now, there is no definitive way to say. However, with some programmatic help, we might be able to figure it out from the source code. Lets start by getting a complete list of the Keystone routes.
If you change the public signature of an API, or add a new API in Keystone, there is a good chance the Tests that confirm JSON home layout will break. And that test is fairly unfriendly: It compares a JSON doc with another JSON doc, and spews out the entirety of both JSON docs, without telling you which section breaks. Here is how I deal with it:
Just because Icehouse is EOL does not mean no one is running it. One part of my job is back-porting patches to older versions of Keystone that my Company supports.
A dirty secret is that we only package the code needed for the live deployment, though, not the unit tests. In the case of I need to test a bug fix against a version of Keystone that was, essentially, Upstream Icehouse.
SAML is usually thought of as a WebSSO mechanism, but it can be made to work for command line operations if you use the Extended Client Protocol (ECP). When we did the Rippowam demo last year, we were successful in getting an Unscoped token by using ECP, but that was not sufficient to perform operations on other services that need a scoped token.
Ossipee started off as OS-IPA. As it morphed into a tool for building development clusters,I realized it was more useful to split the building of the cluster from the Install and configuration of the application on that cluster. To install IPA and OpenStack, and integrate them together, we now use an ansible-playbook called Rippowam.
OpenStack is a big distributed system. FreeIPA is designed for security in distributed system. In order to develop and test each of them, separately or together, I need a distributed system. Virtualization has been a key technology for making this kind of work possible. OpenStack is great of managing virtualization. Added to that is the benefits found when we “fly our own airplanes.” Thus, I am using OpenStack to develop OpenStack.