A new title has landed for your OpenStack bookshelf: "Identity, Authentication & Access in OpenStack." It focuses on implementing and deploying Keystone, the OpenStack project that provides identity, token, catalog and policy services for use specifically by projects in the OpenStack family. You can pick up a copy on Amazon or O’Reilly.
Like all O’Reilly publications, the cover comes adorned with a sort of spirit animal. The publishers picked the giant salamander, the largest living amphibians on the planet, fitting for this trio of authors who live and breathe OpenStack.
Ahead of the Summit Tokyo, Superuser caught up with the IBM pros: Steve Martinelli, senior software developer as well as the current OpenStack Keystone project team lead (PTL), Henry Nash, OpenStack technical leader, and Brad Topol, distinguished engineer leading OpenStack upstream deployment.
They talk about OpenStack’s missing manuals, the need to run faster and why they dedicated a book to the project.
Who will this help most?
Martinelli: The book is targeted to architects and deployers of OpenStack.
What are some of the most common mistakes people make with Keystone?
Martinelli and Nash: The most common mistakes happen when configuring Keystone. It’s the starting point when you are setting up your OpenStack cloud. Most customers hit the generic “The request you made requires authorization” Keystone error early on.
What this typically means is that the user hasn’t got their role assignments and/or tokens sorted out. Until they resolve this, their cloud is unusable. We get quite a few messages on IRC and the mailing list asking for help on these issues.
How did this come about – my first reaction was: A whole book on Keystone?
Martinelli: Keystone is very modular and pluggable, it supports a variety of backends and combinations with existing enterprise software, which makes each deployment just different enough.
It’s also essential to any OpenStack cloud, and will be the lynchpin in connecting OpenStack with other technologies (like at the platform-as-a-service (PaaS) layer). These factors motivated us to create the book, to share our experiences with what we’ve seen over the last three years.
Topol: We also wanted to have a single reference for deployers that covered the key features of Keystone and how to leverage them with lots of hands-on examples.
You’ll be giving copies away at the Summit in Tokyo – where can people find you?
Outside the Summit, where can people get a copy?
Martinelli: The book will be available for purchase 30 days after the Summit as an ebook and as a physical copy on O’Reilly and Amazon.
— Brad Topol (@bradtopol) October 15, 2015
You mentioned on Twitter there’s more to add to the book, what exactly?
Nash: I’d like to add a chapter on policy files and how to best provide multi-customer support for cloud providers.
Martinelli: We also touch on supporting things like multi-factor authentication and integrating Keystone and OpenStack with other cloud technologies like Cloud Foundry.
What’s your reaction to this tweet?
Martinelli: I hope the books outpace the PTLs! I think the number of new projects (though still increasing) has slowed down, and we’ll be seeing more and more publications about OpenStack and its projects as it matures.
What’s on your OpenStack bookshelves?
Martinelli: For now it’s just “Implementing Cloud Storage with OpenStack Swift…”but I’m eager to add this new cool Keystone book 🙂
Nash: I always have a copy of Ray Kurzweil’s “The Age of Spiritual Machines” around. While it hasn’t helped much with my contributions to OpenStack (!), it keeps reminding me of the exponential rate of change in innovation and why we must all run faster.
Topol: I have Amrith Kumar’s outstanding book on “OpenStack Trove” on my bookshelf…
And what’s the missing manual you’d like to see?
Martinelli: I’d like to see one on Federated Identity and sIngle sign-on. It’s not the easiest concept to learn or get up and running, there are also a bunch of free and open source tools that can be leveraged.
Nash: I’d like to see one on “How to become a multi-customer cloud provider with OpenStack.” OpenStack has all the basics for this, but there are a number of difficult areas you have to navigate round – and such a description would also point out the areas where OpenStack must be improved. Our vision is a future where there are a myriad of public/hosted clouds that customers can choose from – let’s make it so!
If you’re just getting started with Keystone, you can find Keystone folks in irc://freenode.net/#openstack-keystone. This is usually the best place to ask questions and find your way around. Also check out the launchpad and if you want to discuss development issues and the project roadmap, try the developer mailing list, using the topic [Keystone].
- OpenStack Homebrew Club: Meet the sausage cloud - July 31, 2019
- Building a virtuous circle with open infrastructure: Inclusive, global, adaptable - July 30, 2019
- Using Istio’s Mixer for network request caching: What’s next - July 22, 2019