Hi Nikhil,<br><br>IMHO: if there is any security issues in swift/keystone-client it will probably come up in your copied version as well so you may as well not having to reinvent the wheel. Code duplication/fork is generally a pain to maintain in long term.<br>
<br>Cheers,<br>Chmouel.<br><br><br><div class="gmail_quote">On Wed, Jan 23, 2013 at 4:24 PM, Nikhil Komawar <span dir="ltr"><<a href="mailto:nikhil.komawar@rackspace.com" target="_blank">nikhil.komawar@rackspace.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><font face="arial"><p style="margin:0;padding:0;font-family:arial;font-size:10pt">Hey Chmouel,</p>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt"> </p>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt">Thanks for your comments! Please find some answers to your concerns below.</p>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt"><br>Actually, there already is an emulated swift-client in the patch (<a href="https://review.openstack.org/#/c/17803/10/plugins/xenserver/xenapi/etc/xapi.d/plugins/swift_client.py" target="_blank">https://review.openstack.org/#/c/17803/10/plugins/xenserver/xenapi/etc/xapi.d/plugins/swift_client.py</a>). Though, we would like to keep it trimmed to meet just about<span style="font-size:10pt"> the current requirements. </span></p>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt"><br>Initially, we preferred having python-swiftclient on dom0 and found that there are following roadblocks:<br><br></p>
<ol>
<li style="font-family:arial;font-size:10pt"><span style="font-size:10pt">having to deploy updated swift client on dom0</span>
<ul style="font-family:arial;font-size:10pt">
<li><span style="font-size:10pt">it adds another package on dom0 (making the Ops guys nervous)</span></li>
<li><span style="font-size:10pt">auth v2 for swift needs keystone client which would have to be added there as well</span></li>
<li><span style="font-size:10pt">we need to meet the dependencies if they change in the future</span></li>
</ul>
</li>
<li><span style="font-family:arial">keeping up with swift client instead of the dedicated code for nova-swift communication</span>
<ul>
<li><span style="font-family:arial">agreed that cut paste code is more susceptible to security fixes</span></li>
<li><span style="font-family:arial">however, this way the entire service would be vulnerable if there is some change in swift-client and nova-swift communication is not updated accordingly</span></li>
</ul>
</li>
</ol>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt">We would like to be there at the Swift meeting today (Wed 23rd), if you think it would be essential.</p>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt"> </p>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt">thanks,</p>
<p style="margin:0;padding:0;font-family:arial;font-size:10pt">-Nikhil<br><br>-----Original Message-----<br>From: "Chmouel Boudjnah" <<a href="mailto:chmouel@chmouel.com" target="_blank">chmouel@chmouel.com</a>><br>
Sent: Wednesday, January 23, 2013 7:00am<br>To: "OpenStack Development Mailing List" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br>Subject: Re: [openstack-dev] swift client for Xen on dom0<br>
<br>_______________________________________________<br>OpenStack-dev mailing list<br><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
Hi Nikhil,<br><br>I would definitively go for options 2 having to redo a swiftclient would<br>not be very useful. What are the pain point about option 2?<br><br>We have as well a Swift meeting tonight (Wed/23) if you want to come talk<br>
with the swift core about it.<br><br>Regards,<br>Chmouel.<br><br><br>On Wed, Jan 23, 2013 at 12:29 AM, Nikhil Komawar <<br><a href="mailto:nikhil.komawar@rackspace.com" target="_blank">nikhil.komawar@rackspace.com</a>> wrote:<br>
<br>> Hi,<br>><br>> We have a review patch in Nova <a href="https://review.openstack.org/#/c/17803/" target="_blank">https://review.openstack.org/#/c/17803/</a>,<br>> which is making us contemplate on the best possible way to communicate with<br>
> swift from the dom0. The two options mentioned below have pros and cons:-<br>><br>> 1. either emulate swift client<br>> 2. or install python-swiftclient on dom0<br>><br>> On trying out both on them, we have realized some pain points involved in<br>
> deployment and maintenance process. Also, as John has correctly pointed out<br>> in the review, we need to keep in mind about having the same code in 2<br>> different places, especially for security fixes.<br>
><br>
> Your opinions and comments would be greatly appreciated and we wish to<br>> discuss about this in the XenAPI IRC meeting on Wednesday Jan 23rd as well.<br>><br>> thanks,<br>> -Nikhil<br>><br>><br>> _______________________________________________<br>
> OpenStack-dev mailing list<br>> <a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
></p></font></blockquote></div><br>