[Openstack-operators] [keystone] using only sql for resource backends

Lance Bragstad lbragstad at gmail.com
Tue Aug 15 14:36:23 UTC 2017


During RC, Morgan's made quite a bit of progress on a bug found by the
gate [0]. Part of the solution led to another patch that removes the
ability to configure anything but sql for keystone's resource backend
(`keystone.conf [resource] driver`). The reasoning behind this is that
there were FK constraints introduced between the identity and resource
tables [1] during the Ocata development cycle. This leaves us with two
options moving forward:

1.) Drop the FK constraints entirely and backport those
migrations/models to Ocata
2.) Ensure the resource backend is always configured as SQL - and keep
the FKs setup between the resource and identity tables (note; this
doesn't prevent the usage of non-sql identity backends, but just ensures
that when sql is used for identity, resource is also used).

Sending this out as a heads up for those deployments that might fall
into this category. Let me know if you have any questions.

Thanks,

Lance


[0] https://launchpad.net/bugs/1702211
[1]
https://github.com/openstack/keystone/commit/2bd88d30e1d2873470af7f40db45a99e07e12ce6

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170815/214fccd4/attachment.sig>


More information about the OpenStack-operators mailing list