Ask Your Question

Dynamic reload of identity driver

asked 2015-03-26 15:28:00 -0600

pentatonic gravatar image

I was looking to see if there is any possibility to dynamically load an identity driver. For example, imagine a deployment infrastructure that wants to create a domain (POST /v3/domains) and associate an identity driver for that domain at runtime.

Using the Juno domain specific identity driver feature, one can create identity files for each domain in let's say /etc/keystone/mydomains/keystone.<domainname>.conf and it works. But... I have to restart Keystone for new files to take effect.

Is there no chance that Keystone would pick those up dynamically, in a similar way that policy.json files changes get picked up on the fly?

I'm looking to see if anything could be done inside a custom identity driver itself, but it seems that the logic that loads the drivers is in core Keystone, not the identity drivers. (chicken and egg). Am I right?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-03-26 18:04:15 -0600

Check current master/kilo code base. Domain specific coniguration can be added via REST api. Basically you can dynamically create a domain and add its drivers settings via REST api

edit flag offensive delete link more


Do you know if the config is supposed to be taken into consideration right away or still requires a restart to take effect. Experimenting with Kilo code suggests a restart is still needed.(things don't work consistently otherwise).Understood it's a WIP but wondering about the intended behavior.

pentatonic gravatar imagepentatonic ( 2015-04-01 12:56:53 -0600 )edit

After experimenting with Kilo code, I found that though configs are added in the database through Rest, the configs+driver dictionary is loaded is cached per thread, and initialized threads are reused(and don't reload configs after that, no matter if they came from the db or config file)

pentatonic gravatar imagepentatonic ( 2015-04-03 12:52:50 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-03-26 15:28:00 -0600

Seen: 120 times

Last updated: Mar 26 '15