Multi-Cloud remote stacks using Keystone federation

Registered by Zane Bitter on 2015-09-09

Extend our existing multi-region remote stacks to multi-cloud, so that a remote stack can be created on a separate cloud with its own Keystone, provided that Keystone federation is supported between clouds.

The user-facing change will involve adding an optional "auth_url" subproperty to the context in the OS::Heat::Stack resource type. This should be all we need to direct heatclient at the other cloud.

We'll also need to obtain the correct token to authenticate with. Discussions on the ML indicate that we should be able to obtain it from the remote Keystone using our current token. Any authentication that requires Heat knowing the password for the remote cloud is explicitly *out of scope* for this blueprint.

Blueprint information

Status:
Not started
Approver:
Zane Bitter
Priority:
High
Drafter:
None
Direction:
Approved
Assignee:
None
Definition:
Discussion
Series goal:
Accepted for future
Implementation:
Not started
Milestone target:
milestone icon next

Related branches

Sprints

Whiteboard

please assign to me (Tomer Shtilman)
Is anyone still working on this blueprint? (Rohit C Katakol)
(ricolin) Hi guys, feel free to directly join the discussion or raise a meeting topic if you would like this to happen. we can do it together:)
Still, I think this blueprint kind of blocked by the known issue that trusted token (which we consist use) can't work with the federation. I think we will have to wait for keystone team to resolve it before we take action for this.
Few months back we had written an article on openstack Federated Cloud services ( https://www.slideshare.net/SudheendraHarwalkar/openstack-federated-cloud-services-using-apiproxy-and-third-party-solutions ), I think we can use this solution to address Multi-Cloud remote stacks using Keystone federation blueprint, feedback/discussions most welcome.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.