© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
I don't see my last reply, so I'll post it again, below. FWIW, Flavio, I agree with you - there are other, pressing matters and as long as this doesn't cause an error, then it can be pushed down the todo list.
Here's my last reply that got swallowed by the Internets:
Hi Flavio,
You make good points, so let me make this suggestion: how about a glance
process that does housecleaning on a regular basis that checks against
whatever authorization scheme is being used for valid member+tenant
combinations. I know John is somewhat familiar with the GUMS* <->
VOMS** interaction, so I'll use that as an example.
VOMS is analogous to keystone in this case, but it only maintains
member+tenant combinations.
GUMS is analogous to glance in that it can map a member+tenant
combination to a local resource, i.e., VM image.
GUMS makes a call-out to VOMS periodically (hourly) and queries the VOMS
service for member+tenant combination. When a member+tenant becomes
invalid in VOMS, GUMS removes that record from it's local database.
Dan
* https:/
** http://