Starting with VMware Integrated OpenStack 3.1, you can integrate your VMware Integrated OpenStack deployments with VMware Identity Manager.
Before you begin
Verify that the version of VMware Identity Manager is 2.8.0 or later.
Verify that you can authenticate as administrator to the VMware Identity Manager instance.
About this task
By integrating VMware Integrated OpenStack with VMware Identity Manager you achieve a way to securely use existing credentials to access cloud resources such as servers, volumes, and databases, across multiple endpoints provided in multiple authorized clouds. You have a single set of credentials, without having to provision additional identities or log in multiple times. The credential is maintained by the user's Identity Provider.
- Implement the custom.yml file.
sudo mkdir -p /opt/vmware/vio/custom sudo cp /var/lib/vio/ansible/custom/custom.yml.sample /opt/vmware/vio/custom/custom.yml
- Edit the /opt/vmware/vio/custom/custom.yml file in a text editor to configure it for your environment.
Federation, uncomment the following parameters and set values for your environment.
The following example provides guidance for the most common configuration with VMware Identity Manager.
Groups for all federated users
- Save the custom.yml file.
- Enable federation with the settings that you configured in the custom.yml file.
viocli deployment configure --tags federation --limit controller,lb
After the integration operation completes successfully, the VMware Integrated OpenStack dashboard shows a new Authenticate using drop-down menu that allows the user choose the authentication method.
- Prior to being able to login a VMware Identity Manager user to VMware Integrated OpenStack, assign a role/project to the group that user belongs to.
You might have to create a group in keystone that corresponds to a group found in VMware Identity Manager that a user is a member of. For VMware Identity Manager users, Keystone does not automatically create groups but ephemeral users. If the group does not exist, the user becomes a member of the default
- Log in to the VMware Integrated OpenStack dashboard as an administrator.
- Under Federation, click Mappings to see the current mappings.
- Click Edit to configure a mapping according to your needs.
For more information about mappings, see the Mapping Combinations for Federation in the OpenStack documentation.