Openstack

Describe Keystone architecture

Difficulty: unrated

Source: bregman-arie/devops-exercises by Arie Bregman

Answer

  • There is a service API and admin API through which Keystone gets requests
    • Keystone has four backends:
      • Token Backend - Temporary Tokens for users and services
      • Policy Backend - Rules management and authorization
      • Identity Backend - users and groups (either standalone DB, LDAP, ...)
      • Catalog Backend - Endpoints
    • It has pluggable environment where you can integrate with:
      • LDAP
      • KVS (Key Value Store)
      • SQL
      • PAM
      • Memcached