OpenStack:Keystone

From Define Wiki
Revision as of 11:10, 12 January 2015 by Michael (talk | contribs) (→‎Tokens)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Keystone

Keystone provides two purposes - authN for authentication and authZ for authorization.. Keystone does this for all fo the openstack services.

Keystone uses groups and roles to control access to specific resources within the cloud.


Catalog

The catalog defines the list of all available services within a cloud. In order for a service to be used they must have an entry in the cataog including their end point (address, port and context).

Projects

A project is a high level grouping of resources that can have multiple users and admins. Each project can serve compute, network and storage to multiple consumers

Projects are referred to as tenants with in the openstack command line.

Users

A user is the entity that uses the virtual machines along with the compute, storage and networking services provided. The functions available to a user a defined by the roles they have been assigned. A user can have multiple roles.

Roles

A role is a group of user or service privileges. Roles are assigned to users who then gain the privileges assigned to that role.

There are two default roles in openstack - admin and member.

Limits

Limits enable admins to the resources available to a project. As an example you could limit the amount of storage available.

Again there are two terms of limits - limits and quotas.

Tokens

Tokens are time limited authentication devices used by keystone to communicate with and API. They are granted to users and by defualt are valid for a 24 hour period.

Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=OpenStack:Keystone&oldid=5707"