[openstack-dev] [Neutron] - what integration with Keystone is allowed?
Duncan Thomas
duncan.thomas at gmail.com
Tue Sep 23 13:14:06 UTC 2014
On 22 September 2014 21:49, Mark McClain <mark at mcclain.xyz> wrote:
> Ideally, I think something that provides proper sync support should exist in
> Keystone or a Keystone related project vs multiple implementations in
> Neutron, Cinder or any other multi-tenant service that wants to provide more
> human friendly names for a vendor backend.
In general in cinder I've opposed making unnecessary calls out to
*any* REST API, keystone, glance, etc, in any common code path,
particularly cinder-api code - it makes it very easy for a blip in one
service, like keystone api, to case a cascading failure as the worker
threads end up all getting consumed blocking waiting for the external
service, then nova blocks all its api threads talking to cinder,
neutron blocks talking to nova, cinder volume actions block calling
nova, etc. Either you then run into a storm of timed out operations,
or a storm of work once the end of the blockage is removed, neither of
which is desirable.
I'd rather not have convenience labels on the backend array than
increase the risks of this sort of failure mode.
--
Duncan Thomas
More information about the OpenStack-dev
mailing list