Book Image

Extending OpenStack

By : Omar Khedher
Book Image

Extending OpenStack

By: Omar Khedher

Overview of this book

OpenStack is a very popular cloud computing platform that has enabled several organizations during the last few years to successfully implement their Infrastructure as a Service (IaaS) platforms. This book will guide you through new features of the latest OpenStack releases and how to bring them into production straightaway in an agile way. It starts by showing you how to expand your current OpenStack setup and how to approach your next OpenStack Data Center generation deployment. You will discover how to extend your storage and network capacity and also take advantage of containerization technology such as Docker and Kubernetes in OpenStack. Additionally, you'll explore the power of big data as a Service terminology implemented in OpenStack by integrating the Sahara project. This book will teach you how to build Hadoop clusters and launch jobs in a very simple way. Then you'll automate and deploy applications on top of OpenStack. You will discover how to write your own plugin in the Murano project. The final part of the book will go through best practices for security such as identity, access management, and authentication exposed by Keystone in OpenStack. By the end of this book, you will be ready to extend and customize your private cloud based on your requirements.
Table of Contents (12 chapters)

Summary

In this chapter, we have revisited the identity service in OpenStack by implementing a federated setup. This new authentication design will allow cloud administrators and operators to decrease the complexity of user management across different enterprise entities and leverage a simple, efficient, and centralized authentication system. We have walked-through different terminologies that have co-existed since the rise of the federation of identity mechanism including the identity and service provider, protocols, and the mapping engine. We have explored its use case with Keystone and configured it as an SP that uses SAML and OpenID Connect protocols. Thanks to the usage of the Apache modules with Keystone, we could manage a full integration of the identity service in an existing authentication environment that includes both Shibboleth and Google authentication API. It is...