Hi Juanjo, my answers inline. > El 05 May 2015, a las 08:54, Juanjo Hierro <juanjose.hierro at telefonica.com> escribió: > > Dear Alvaro, > > I understand that the message to be sent to the AB and SB needs to be updated, among other things because: > The deployment of the new IdM will not take place until May 7 ... therefore it is only after that date and not May 1st when Trial Users in Spain-1 node will loose their data > Because we have agreed to allow some Comunity Users in Spain-1 to stay there for the time being (this being typically the Use Case trials) Yes, I agree > > That's why I would like to review the content of the reminder message to be sent as follows. I have also introduced some slight changes in the description of functionality linked to organizations hoping it would help to understand better the message. > VERY IMPORTANT: I have found that the name of the "project" linked to a given user on the Cloud is not currently "<your email> Cloud" as you suggest. but the name of user, replacing special characters like "." ... As an example, my cloud project for the user account "JuanjoHierro.testing" is "juanjohierro-dot-testing" ... is it correct? Is this a different naming convention that will be adopted once the migration takes place? If so, then I believe we have to fix the following paragraph as to describe what is the name of the "organization linked as default to your account" before the migration (adding some text like the one marked in red, but where we need to elaborate further what is the name given to the default organization assigned to users at the moment): > Take into account that other organizations will not be mapped to "projects" on the Cloud Portal anymore so, VERY IMPORTANT, migrate all the cloud resources (VMs, etc) you may have defined linked to other organizations different than the organization linked as default to your account before May 7 (name of this organization should be currently "<description"). After that date, FIWARE Lab providers will not be responsible for the loss of any data. Right now the name of the organization fixed to a user account fits with the nickname of the user (which, as you say, is the name of the user modified to be unique in the platform). So, as I tried to explain “The current name of that organization fits with your user name.” As in the new deployment this organization could be managed in the Account Portal and has different characteristics than before (you can authorize other users inside) we want to give it a more descriptive name (to let know the users that it is the organization that they can use in the Cloud). So now the name will be “<nickname> cloud”. Of course, the user will be able to modify the name using the Account Portal. Example: now your organization is "juanjohierro-dot-testing” and it will be “juanjohierro-dot-testing cloud”. So my proposal for your paragraph is: "Take into account that other organizations will not be mapped to "projects" on the Cloud Portal anymore so, VERY IMPORTANT, migrate all the cloud resources (VMs, etc) you may have defined linked to other organizations different than the organization linked as default to your account before May 7 (name of this organization should currently fit with your account user name). After that date, FIWARE Lab providers will not be responsible for the loss of any data." > Please confirm me that the proposed message below is ok and, if my previous comment is right, then also provide the details that should go in the text in red. > > BTW, I consider the requirement regarding updates of organization ids (need to convert them adding as many zeros as necessary to make them 32 chars length) really cumbersome. How has this happened? > Yes, I totally agree. The migration of data between two different systems is not easy, specially in a component that is not only used by the users but also by so much components. We have fought too much to try to keep every APIs and identifiers compatible with the current ones but in this case it has been imposible. In the current environment, Keystone Proxy makes a conversion of the organizations ids from IdM adding the zeros in order to be compatible with openstack tenants format. So now all the Openstack services have the ids of the tenants with those zeros stored in their databases. On the other hand, GEs use directly the ids from the IdM oath API (that returns them without the zeros). So we had an inconsistence there. We had to take the decision of which side keep and we decided the impact of migrate all the databases of all the nodes services is higher. > I also believe that the change of the field taken as unique identifier may mean that some applications will need to change many things. I bet users will blame on us for this (and they would be right). > Here the problem is more or less the same. Opestack services are now storing in their databases the nickname as the identifier of a user. When using the oauth2 APIs Idm is returning this value but also the id of the identity in the database. So I guess some users may use the id. We have taken here the same decision. The impact of updating all the databases of all the services in all the nodes could be a nightmare. Of course I agree that both changes are a cumbersome for the user, but believe me, we have done our best to try to keep everything compatible. And in my opinion, and taking into account the huge size of the migration we are performing, we have succeeded. > Is this change going to affect also Use Case projects that will remain in the Spain-1 node, I understand so, but would be nice to know. > If they continue using the current Keystone Proxy + IdM, they have not to change nothing. Regarding the message, I’ve added some comments in red. BR — Álvaro > Thanks > -- Juanjo > === Message to be sent to AB and SB (today) > Dear all, > > As you know, we have implemented a FIWARE Lab Recovery Task Force targeted to improve the overall performance of the FIWARE Lab. Situation has improved a lot but there are still some actions pending. One of them had to do with implementation of a new version of the IdM component that will help managing the user accounts, distinguishing between Trial and Community Users. On the other hand, we have received requests from some FIWARE Use Case trial projects asking to maintain their environment in the original Spain-1 node, which we have taken into consideration (see details below). This has delayed the date for deployment of the new IdM component, now scheduled to take place on May 7th. > This email is a reminder of few things you have to take into account regarding functioning of the FIWARE Lab environment, once deployment of the new version of the IdM component takes place. > Please bear them in mind and propagate this message to people participating in your projects: > Trial User accounts can only be allocated in the Spain 2 node. This policy is already in place since mid April, which has allowed to improve the experience of trial users that are approaching FIWARE for their first time. As you already know, Trial Users will have only a 14-days trial period after which all the computing, storage and network resources allocated to them will be released and their data will get lost. Trial Users can always apply to become Community Users following the defined application process, in order to get assigned a larger number of resources as well as to enjoy their environment for a longer period. > Only some Community Users, under strict approval by the FIWARE Lab operation team, will be allowed to stay in the Spain-1 node, around which a legacy FIWARE Lab cloud environment will be established, different from the official public one. This will be typically be Use Case trial projects. Note that these users won't be allowed to add new VMs or computing resources to those already allocated to them. This is necessary to minimize the amount of resources which will remain "blocked" in such legacy cloud environment. This legacy cloud environment will be kept for these Use Case trial projects to avoid them the task to migrate to other nodes (typically Spain-2). However, they should bear in mind that the version of OpenStack associated to this legacy cloud enviroment is offically not supported by the OpenStack community anymore. Besides, the version of OpenStack linked to the Spain-1 node does not incorporate some new features regarding network management that make it more vulnerable to security attacks. Of course, you may decide migrating to the Spain-2 node. > On the official FIWARE Lab cloud environment based on the new IdM component deployed on May 7th, only the "default" organization linked to a given FIWARE account will be visible as "projects" (i.e., tenants) in the cloud environment. Organizations created through the Account Portal of the FIWARE Lab will not translate into "projects" in the cloud of the FIWARE Lab. The name of the default organization linked to your account will be "<your username> cloud" (for instance “user1 cloud" <mailto:myuser at myorg.comcloud>) although you will be able to modify it. Take into account that other organizations will not be mapped to "projects" on the Cloud Portal anymore so, VERY IMPORTANT, migrate all the cloud resources (VMs, etc) you may have defined linked to other organizations different than the organization linked as default to your account before May 7 (name of this organization should currently fit with your account user name). After that date, FIWARE Lab providers will not be responsible for the loss of any data. > If you have not applied for a Community account and your Trial period has expired, you will be able to continue using all FIWARE Lab functions (e.g., the Data or Wirecloud portals) (----). This will be feasible because we have introduced a third category of users, namely "Basic User”. A “Basic User” does not own an organization with rights in the cloud but is kept as an active user and could use the cloud environment if other user authorizes it in an organisation with rights in the cloud. Using the Account Portal you will be able to manage your organizations, your users and your applications in order to provide authentication and authorization in your services as you are doing now, using the OAuth2 protocol and relying on the Wilma PEP Proxy or AuthZForce FIWARE GEs. You have only to take into account two updates when the new FIWARE Account release is deployed the first week of May: > If you are using organizations ids in your application or GE, you have to convert them adding as many zeros as necessary to make them 32 chars length. For instance, the organization “241” now will be “00000000000000000000000000000241”. > If you are using users ids in your application or GE you have to take into account that the new unique identifier will be the one that now is retrieved as the “nickName” field. > During the deployment of the new IdM component, we have to reset all the user passwords. So please, in order to continue using your account, you have to use the “Forgot password” option in the log in page of the Account Portal > Once again, bear all this mind and take the opportune actions to update your settings accordingly. > > Many thanks and best regards. > > > > On 04/05/15 18:14, Álvaro Alonso wrote: >> Ahí va el mensaje. >> >> Saludos >> -- >> Álvaro >> >>> Inicio del mensaje reenviado: >>> >>> Fecha: 23 Apr 2015 10:35:31 CEST >>> De: no-reply at account.lab.fiware.org <mailto:no-reply at account.lab.fiware.org> >>> Para: alvaro.alonso at upm.es <mailto:alvaro.alonso at upm.es> >>> Asunto: [FIWARE Lab] Reminders regarding new Terms and Conditions >>> >>> Dear FIWARE lab user, >>> >>> as you know we are going to introduce some changes in the behaviour of the Lab as a consequence of the new Terms and Conditions. This email is a reminder of few things you have to take into account to continue enjoying FIWARE Lab. >>> >>> 1. Spain1 and Prague regions will not be available anymore so if you have cloud resources deployed there and your Community Account request has been accepted, please, migrate those resources to Spain2 region. >>> >>> 2. If you have created your account before April 15th and you have accepted the new T&C, from May 1st you will be a Trial user and you will be able to operate only in Spain2 region. So if you have resources in other regions, please, migrate them to Spain2 region. From May 1st and as a Trial user, you will have a 14 days period to continue using the platform in Spain2 region. Then you can apply for a Community Account to have a longer term environment for working on FIWARE Cloud following the application process <http://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/FIWARE_Lab:_Upgrade_to_Community_Account>. >>> >>> 3. In the cloud environment only organizations linked to the FIWARE accounts could be used. Organizations that you create “by hand” using the Account Portal interface, could not be used in the cloud scope. But don’t worry, you will be able to share access to your organization by authorizing other users in it. The default name of the organization linked to your account will be “your_email cloud” (for instance “example at domain.com <mailto:example at domain.com> cloud”) but you will be able to modify it. Take into account that other organizations will not be accesible from the Cloud Portal anymore so, please, migrate all the resources to your account-linked organization before May 1st. The current name of that organization fits with your user name. >>> >>> After May 1st and as a consequence of these 3 points, FIWARE Lab providers will not be responsible for the loss of any data. >>> >>> If you have not applied for a Community account and your Trial period has expired, you could continue using all FIWARE Lab capacities except cloud environment. Using the Account Portal you will be able to manage your organizations, your users and your applications in order to provide authentication and authorization in your services as you are doing now, via OAuth2 protocol and GEs such as Wilma PEP Proxy or AuthZForce. You have only to take into account two updates when the new FIWARE Account release is deployed the first week of May: >>> >>> - If you are using organizations ids in your application or GE you have to convert them adding as many zeros as necessary to make them 32 chars length. For instance, the organization “241” now will be “00000000000000000000000000000241”. >>> >>> - If you are using users ids in your application or GE you have to take into account that the new unique identifier will be the one that now is retrieved as “nickName” field. >>> >>> Please, take the opportune actions to update your environments according this. >>> >>> Many thanks and best regards. >>> >>> >>> -------------------------------- >>> You are receiving this message because you are a registered FIWARE Lab user. Should you wish to remove your account, you need to follow four simple steps: 1. Log on FIWARE Lab 2. Click on the dropdown menu next to your user name (upper right corner) 3. Select "Settings" 4. Click on "Cancel account" and confirm >> > > -- > > ______________________________________________________ > > Coordinator and Chief Architect, FIWARE platform > CTO Industrial IoT, Telefónica > > email: juanjose.hierro at telefonica.com <mailto:juanjose.hierro at telefonica.com> > twitter: @JuanjoHierro > > You can follow FIWARE at: > website: http://www.fiware.org <http://www.fiware.org/> > twitter: @FIWARE > facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 <http://www.facebook.com/pages/FI-WARE/251366491587242> > linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 <http://www.linkedin.com/groups/FIWARE-4239932> > > > Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción. > > The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. > > Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-lab-recovery-tf/attachments/20150505/8e646440/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy