Swift account and tenant should be the same. This does not prescribe that Swift not store them locally (Nova still stores projects).
The synchronization can be lazy (Nova does this with a shim in Keystone. If a request is authorized by Keystone on a tenant that does not have a corresponding project, it creates it right there and then). Or it can be proactive (as opposed to lazy). For proactive provisioning (where accounts would be synched to swift when they are created. Summarizing: Lazy provisioning: Users and tenants are created as authenticated requests come in to the openstack service for the first time. Proactive provisioning: Users and tenants are created in all services as they are created in Keystone. ,Ote: my personal preference is for lazy provisioning. For proactive provisioning, we would need a service to own orchestration (or provisioning or order fullfilment - pick your model). We don't have one today. The Dashboard does some of that. Rackspace does it using non-openstack components which contain Rackspace business logic. Will this ever become an OpenStack project or wiL this always live in the business systems of the operator (an enterprise deploying and operating openstack)... Z From: Nguyen, Liem Manh [mailto:liem_m_ngu...@hp.com] Sent: Friday, July 15, 2011 05:56 PM To: openstack@lists.launchpad.net <openstack@lists.launchpad.net> Subject: [Openstack] [Keystone] [Swift] Keystone Tenant vs Swift Account Hi, For Nova, the Keystone Tenant maps to a Nova project, and according to the “Finalize Auth integration” blueprint, the Nova project is going away (“no more project/roleuser info in nova”). What about Swift’s account? I assume the Keystone tenant would map to a Swift account. How would this mapping occur? Would Swift still maintain account information in the db and these will get synchronized with Keystone tenant information (i.e., auto-create accounts), or would Swift get rid of the account concept and have a mapping between tenant and containers instead? If there is any existing blue-print/docs on Keystone/Swift integration plan for Diablo, that would be greatly appreciated. Thanks, Liem This email may include confidential information. If you received it in error, please delete it.
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
