Quantcast
Channel: Adam Young’s Web Log
Browsing all 344 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Testing out PKI Signed tokens in Openstack Keystone

I’ve put a fair amount of time into the Signed Tokens implementation. Now that they have been merged into the master branch of Keystone, I’d like to get some more people playing around with the...

View Article



My Keystone To do list Fall 2012

Once again it is time to brain dump the things I want to make happen in the next release of Open Stack. External Authentication: Make it so we can use the Web servers authentication mechanism to log in...

View Article

Testing PKI Tokens in pre-release Folsom

There have been a few questions regarding PKI tokens and their testing in the Openstack code base. Here are the steps: Status   The Revocation code made the cut to Folsom 3, but the fix to make the...

View Article

LDAPS against a FreeIPA server

Once you have a Directory server installed, you are going to want to query against it from throughout the Network. For many reasons, you will want traffic to the server encrypted. Here are the steps to...

View Article

Making a Virtual Machine image from a Live CD

The Live CD shipped with Fedora 18 is a perfectly serviceable virtual machine image, provided you give it some writeable disk space. It even ships with a tool to make this happen. All it needs is a...

View Article


Preauthorization in Keystone

“I’ll gladly pay you Tuesday for a Hamburger Today” –Wimpy, from the Popeye Cartoon. Sometimes you need to authorize a service to perform an action on your behalf. Often, that action takes place long...

View Article

PKI tokens and Horizon

With PKI, tokens have gone from 40 byte to 3000.  This plus additional payload in Horizon means that they no longer fit inside an HTTP cookie.  How do we deal with this? One of the design decisions in...

View Article

Multifactor Auth and Keystone

Something you have.  Something you are.  Something You Know.  Pick Two.  This is the conventional wisdom for the basis of secure authentication. This topic came up a few times in the lead up to the...

View Article


Why I work at Red Hat

West Point’s motto is “Duty, Honor, Country.”  I graduated in 1993. Why did a former Army Officer end up at Red Hat? Red Hat is an “Open Source Software Company”.  In order to work here, you have to...

View Article


Keeping Development Code Current

Embracing change is hard.  Accepting criticism on code you worked so hard to prepare for review can be hard on the ego.  But when you have additional work that is underway that depends on submissions...

View Article

Image may be NSFW.
Clik here to view.

Three Mistakes in Go

“Go (Chinese: 圍棋 wéiqí, Japanese: 囲碁 igo, [nb 2]Korean: 바둑 baduk, Vietnamese: cờ vây, common meaning: “encircling game”) is a board game for two players that originated in China more than 2,500 years...

View Article

Image may be NSFW.
Clik here to view.

What changed in that latest patch?

Gerrit is great, but one thing it does not do well is tell you the differences in an update to a review request. Here’s how I found I could focus review requests to just the deltas between submissions....

View Article

Image may be NSFW.
Clik here to view.

Keystone and Eclipse PyDev

“Step through your code” –some of the best advice I ever got, from Code Complete. I am a fan of Eclipse. Although I am conversant in VI and Fluent in emacs, I tend to write code in Eclipse. While the...

View Article


Reviewing Code

Code reviews are vital to the success of any software project. In Open Stack, code must be reviewed to be accepted. If there are not enough people doing code reviews, the reviews get stagnant, and the...

View Article

A SQL upgrade script in Keystone

The SQL migration mechanism in Keystone is interesting enough to warrant some attention. If you need to modify the SQL database in any of the Open Stack projects, you are going to use a similar...

View Article


Using Puppet to setup PostgreSQL for Keystone on Fedora

Using Puppet to manage software configuration makes sense. Setting up PostgreSQL support for Keystone developmetn and testing has been my excuse to learn it. sudo yum install puppet sudo puppet module...

View Article

Meet the Red Hat OpenStack Team: Adam Young

We thought it would be a good idea to have a “Meet the Red Hat Open Stack Team” sereis of blog post. This is me. When and why did you join Red Hat ? I Started in July of 2009. Why? There is a Long...

View Article


Keystone, MySQL and Fedora 18

It looks like the access model for MySQL has changed between F17 and F18. openstack-db fails with a permission on the root user.  However, the following works: As the keystone user (I suspect the...

View Article

Trusts and Role Based Access Control for Open Stack

Bearer tokens are vulnerable to replay attacks. OK, so what are our options? Something where the user proves, via cryptography that they have the right to actually use the token. It doesn’t matter if...

View Article

Trusts and OAuth

We had a recent IRC discussion about the design of Trusts and how it compares with OAuth version 1. We need delegation. Beyond the requests from the HEAT team and the other community members that have...

View Article
Browsing all 344 articles
Browse latest View live




Latest Images