"Master" and "sub" keystone

asked 2015-09-26 08:38:21 -0500

jazz168 gravatar image

Hi All, I'm a newbie of keystone, and I'm doing some research about it recently. I have a question about how to deploy it. The scenario is on below: One comany has one headquarter dc and 5 sub dc locate in different cities. We want to deploy separate OpenStack with "sub" key_stone at the sub dc, and want to deploy one "master" key_stone at headquarter dc. We want to manage all users, roles and tenants etc on the "master" keystone, however we want the end-user can authenticate with the "sub" keystone where he or she is locate.

Is anyone understant this scenario? How to realize it without additionaly development?

Thanks in advance!

edit retag flag offensive close merge delete


Thanks Matt Fischer from "OpenStack-operators" mailing list, he point out the directions (regions and federation) which I need to study and research on next step.

jazz168 gravatar imagejazz168 ( 2015-09-28 00:52:57 -0500 )edit