Hide Forgot
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/get-provision-credentials. Description: Credentials are needed to enroll a machine into an Identity Management service. The process of generating these credentials needs to be done synchronously before the instance is created so the generated credentials are available to both the instance and the provisioning system. This needs to be done before the instance is booted so enrollment can be done in the cloud-init first boot so the process can be automated. Specification URL (additional information): https://review.openstack.org/305455
Discussing with the Nova team it seemed unlikely that something like this would be accepted into Nova itself. In parallel Adam Young and others have been discussing an alternative approach upstream: http://lists.openstack.org/pipermail/openstack-dev/2016-April/091614.html It seems like while being outside of Nova this approach does have implications for Nova deployment and configuration that would need to be reflected in TripleO. Adam does that seem like a fair characterization to you?
Yes, Rob Crittendon is leading this effort. The goal is to have an Identity Provider interface and driver, with a simple Keystone one as the baseline. MOre info after the summit.