[Openstack-operators] [Keystone] Deprecation of Eventlet deployment in Kilo (Removal for "M"-release)

Fischer, Matt matthew.fischer at twcable.com
Thu Feb 19 20:34:44 UTC 2015

Can you clarify if the feature is being deprecated – as in still usable but not recommended with a warning, or dropped, as-in, won’t work at all? You mention both in the first two sentences.

From: Morgan Fainberg <morgan.fainberg at gmail.com<mailto:morgan.fainberg at gmail.com>>
Date: Thursday, February 19, 2015 at 12:32 PM
To: openstack-operators <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>
Subject: [Openstack-operators] [Keystone] Deprecation of Eventlet deployment in Kilo (Removal for "M"-release)

The Keystone development team is planning to deprecate deployment of Keystone under Eventlet during the Kilo cycle. Support for deploying under eventlet will be dropped as of the “M”-release of OpenStack.

The reasoning behind this move is multifaceted but the core of the reasons are as follows:

 *   Keystone relies on apache/web-server modules to handle federated identity (validation of SAML, etc) and similar SSO type authentication (Kerberos).
 *   Eventlet has proven problematic when it comes to workloads within Keystone, notably that a number of actions cannot yield (either due to lacking in Eventlet, or that the dependent library uses C-bindings that eventlet is not able to work with).
 *   Keystone has recommended (for multiple cycles) deploying Keystone under apache instead of eventlet. In the gate we primarily test all new development under Apache/mod_wsgi deployments.
 *   Most deployers I’ve discussed keystone deployment with are either already on httpd+mod_wsgi or looking to move that direction (for support of features such as federated auth).

The review to finalize the deprecation is: https://review.openstack.org/#/c/157495/ (Please only provide comments on deprecation, verbiage can be modified separately from the actual act of deprecation).

Please comment on the review or in reply to this Email.


Morgan Fainberg

This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150219/608c0d2b/attachment.html>

More information about the OpenStack-operators mailing list