Re: [Engine-devel] What type of DB inheritance to use?
----- Original Message -----
From: "Itamar Heim" <iheim(a)redhat.com>
To: "Oved Ourfalli" <ovedo(a)redhat.com>
Cc: "engine-devel" <engine-devel(a)ovirt.org>
Sent: Monday, May 13, 2013 9:46:48 AM
Subject: Re: [Engine-devel] What type of DB inheritance to use?
On 05/13/2013 10:42 AM, Oved Ourfalli wrote:
> IMO, the following fields will fit most providers, at least the ones we
> plan to support in the near future:
> * id
> * name
> * type
> * URL
> * requires_authentication (boolean) to support development/POC/testing...
> mode
redundant with empty username/password?
> * username
> * password
do keystone based services allow to authenticate directly to them, or
you need an additional authentication url (to get the ticket)?
You need the ticket, but we said that the keystone service (auth url, username
and password) are config values for the time being. Anyway in the future I expect
these providers to be linked to their keystone service. E.g.:
id name username password url auth_provider tenant ...
1 keystone1 myuser mypass http://keystone <null> <null>
2 glance1 <null> <null> http://glance 1 mytenant1
3 glance1 <null> <null> http://glance 1 mytenant2
4 quantum1 <null> <null> http://quantum 1 mytenant1
I expect quantum to be needing the tenant name too (as soon as it will be
integrated with keystone).
Given the username/password (created for the ovirt management), the user can
be added to the tenants (all the ones that the admin wants to consume) and
then ovirt will get the auth tokens with the relevant info, e.g. (pseudocode
with reference to the table above):
keystone = new Keystone("http://keystone");
glance1_token = keystone.authenticate("myuser", "mypass",
"mytenant1");
glance2_token = keystone.authenticate("myuser", "mypass",
"mytenant2");
quantum1_token = glance1_token;
glance = new Glance("http://glance", glance1_token);
glance.listImages();
....
--
Federico