Multi-Cloud remote stacks using Keystone federation
Extend our existing multi-region remote stacks to multi-cloud, so that a remote stack can be created on a separate cloud with its own Keystone, provided that Keystone federation is supported between clouds.
The user-facing change will involve adding an optional "auth_url" subproperty to the context in the OS::Heat::Stack resource type. This should be all we need to direct heatclient at the other cloud.
We'll also need to obtain the correct token to authenticate with. Discussions on the ML indicate that we should be able to obtain it from the remote Keystone using our current token. Any authentication that requires Heat knowing the password for the remote cloud is explicitly *out of scope* for this blueprint.
Blueprint information
- Status:
- Not started
- Approver:
- Zane Bitter
- Priority:
- High
- Drafter:
- None
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Discussion
- Series goal:
- Accepted for future
- Implementation:
- Not started
- Milestone target:
- next
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
please assign to me (Tomer Shtilman)
Is anyone still working on this blueprint? (Rohit C Katakol)
(ricolin) Hi guys, feel free to directly join the discussion or raise a meeting topic if you would like this to happen. we can do it together:)
Still, I think this blueprint kind of blocked by the known issue that trusted token (which we consist use) can't work with the federation. I think we will have to wait for keystone team to resolve it before we take action for this.
Few months back we had written an article on openstack Federated Cloud services ( https:/