LLMpediaThe first transparent, open encyclopedia generated by LLMs

Keystone (OpenStack)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: OpenDaylight Hop 4
Expansion Funnel Raw 119 → Dedup 14 → NER 14 → Enqueued 11
1. Extracted119
2. After dedup14 (None)
3. After NER14 (None)
4. Enqueued11 (None)
Similarity rejected: 4
Keystone (OpenStack)
NameKeystone (OpenStack)
DeveloperOpenStack Foundation
Released2011
Programming languagePython
Operating systemCross-platform
LicenseApache License 2.0

Keystone (OpenStack) Keystone is the identity service component of the OpenStack cloud computing platform. It provides authentication, authorization, service catalog, and token management for OpenStack projects and integrates with many external systems and standards. Keystone is designed to work with Apache HTTP Server, Nginx (web server), MariaDB, PostgreSQL, and enterprise identity solutions such as Microsoft Azure Active Directory, LDAP, and Active Directory.

Overview

Keystone originated to support projects including Nova (software), Glance (software), Cinder (software), Neutron (software), and Swift (OpenStack), offering centralized identity for users, services, and endpoints. It interoperates with protocols and platforms like OAuth, OpenID Connect, SAML, Kerberos, and X.509 certificate infrastructures used in environments managed by organizations such as NASA, Walmart, Comcast, Walmart Labs, and Bloomberg L.P.. Keystone's role in multi-tenant clouds connects to projects including Horizon (OpenStack), Heat (software), Ceilometer, and Ironic (OpenStack), enabling federated identity scenarios across data centers and partners like Rackspace, Red Hat, Canonical (company), and Mirantis.

Architecture and Components

Keystone's architecture includes a RESTful API front end, a token provider, a catalog service, policy enforcement components, and a backend identity store compatible with MySQL, PostgreSQL, and SQLite. The service integrates middleware such as WSGI components used by Django, Flask (web framework), and Gunicorn to host endpoints consumed by projects like Ceph, Kubernetes, OpenShift, and Docker. Key components reference industry projects and standards including TLS, SSL, JSON Web Token, and tools from vendors like IBM, Oracle Corporation, Cisco Systems, and Intel for hardware acceleration and cryptographic operations.

Authentication, Authorization, and Identity Management

Keystone supports credential types such as passwords, tokens, application credentials, and federated assertions from providers like Shibboleth, Okta, Ping Identity, and OneLogin. It implements role-based access control (RBAC) used by Amazon Web Services, Google Cloud Platform, and Microsoft Azure paradigms and maps groups and roles to projects and domains resembling models in VMware vSphere, Citrix Systems, and BMC Software deployments. Integration points include directory services such as OpenLDAP, Sun Microsystems, Novell, and enterprise identity management suites from SailPoint, ForgeRock, and CA Technologies.

API and Protocols

Keystone exposes RESTful APIs conforming to specifications influenced by IETF, RFC 6749 (OAuth 2.0), and RFC 7519 (JWT). It supports token formats and protocol bindings similar to SAML 2.0 implementations used by European Commission institutions and academic grids connected through GÉANT and Internet2. Clients include command-line tools like python-openstackclient and SDKs maintained by communities around GitHub, GitLab, and CI systems such as Jenkins and Zuul used by OpenStack Foundation infrastructure.

Deployment, Configuration, and Integration

Operators deploy Keystone in architectures ranging from single-node proof-of-concept installs to high-availability clusters using orchestration frameworks like Ansible, Puppet, Chef (software), SaltStack, and container platforms such as Kubernetes and Docker Swarm. Configuration commonly references components like HAProxy, Keepalived, Corosync, and Pacemaker for failover, and storage backends like Ceph or networked file systems from NetApp and EMC Corporation. Integration with CI/CD pipelines ties into tools such as Travis CI, CircleCI, GitHub Actions, and corporate systems like Jenkins and Bamboo.

Security and Compliance

Keystone implements security best practices by supporting secure token handling, TLS termination, mutual authentication using X.509, and auditing integrations with systems like Splunk, ELK Stack, Graylog, and Auditd. Compliance efforts often map Keystone deployments to standards and regulations including PCI DSS, HIPAA, GDPR, and frameworks such as NIST Special Publication 800-53 and ISO/IEC 27001, aligning with governance tools from McAfee, Symantec, and Trend Micro. Security testing workflows commonly involve tools from OWASP, Metasploit, Nessus, and vulnerability scanners produced by Qualys.

History and Development

Keystone was developed as part of the initial OpenStack projects launched by Rackspace Hosting and NASA and has evolved through community contributions coordinated by the OpenStack Foundation and later the OpenInfra Foundation. Its roadmap and releases have been influenced by corporate contributors including Red Hat, Canonical (company), Intel Corporation, Cisco Systems, IBM, and Huawei Technologies. The project lifecycle intersects with events and conferences such as OpenStack Summit, Rackspace::Solve, Linux Foundation gatherings, and regional user groups like OpenStack User Group chapters and collaborations with academic partners such as Massachusetts Institute of Technology, Stanford University, University of California, Berkeley, and University of Cambridge.

Category:OpenStack