[openstack-dev] [Keystone] Deprecation of Eventlet deployment in Kilo (Removal for "M"-release)

Morgan Fainberg morgan.fainberg at gmail.com
Thu Feb 19 19:32:01 UTC 2015

The Keystone development team is planning to deprecate deployment of Keystone under Eventlet during the Kilo cycle. Support for deploying under eventlet will be dropped as of the “M”-release of OpenStack.

The reasoning behind this move is multifaceted but the core of the reasons are as follows:

Keystone relies on apache/web-server modules to handle federated identity (validation of SAML, etc) and similar SSO type authentication (Kerberos).
Eventlet has proven problematic when it comes to workloads within Keystone, notably that a number of actions cannot yield (either due to lacking in Eventlet, or that the dependent library uses C-bindings that eventlet is not able to work with).
Keystone has recommended (for multiple cycles) deploying Keystone under apache instead of eventlet. In the gate we primarily test all new development under Apache/mod_wsgi deployments. 
Most deployers I’ve discussed keystone deployment with are either already on httpd+mod_wsgi or looking to move that direction (for support of features such as federated auth).
The review to finalize the deprecation is: https://review.openstack.org/#/c/157495/ (Please only provide comments on deprecation, verbiage can be modified separately from the actual act of deprecation).

Please comment on the review or in reply to this Email.


Morgan Fainberg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150219/cc8b4e83/attachment.html>

More information about the OpenStack-dev mailing list