[openstack-dev] swift client for Xen on dom0
Chmouel Boudjnah
chmouel at chmouel.com
Wed Jan 23 15:31:09 UTC 2013
Hi Nikhil,
IMHO: if there is any security issues in swift/keystone-client it will
probably come up in your copied version as well so you may as well not
having to reinvent the wheel. Code duplication/fork is generally a pain to
maintain in long term.
Cheers,
Chmouel.
On Wed, Jan 23, 2013 at 4:24 PM, Nikhil Komawar <
nikhil.komawar at rackspace.com> wrote:
> Hey Chmouel,
>
>
>
> Thanks for your comments! Please find some answers to your concerns below.
>
>
> Actually, there already is an emulated swift-client in the patch (
> https://review.openstack.org/#/c/17803/10/plugins/xenserver/xenapi/etc/xapi.d/plugins/swift_client.py).
> Though, we would like to keep it trimmed to meet just about the current
> requirements.
>
>
> Initially, we preferred having python-swiftclient on dom0 and found that
> there are following roadblocks:
>
>
> 1. having to deploy updated swift client on dom0
> - it adds another package on dom0 (making the Ops guys nervous)
> - auth v2 for swift needs keystone client which would have to be
> added there as well
> - we need to meet the dependencies if they change in the future
> 2. keeping up with swift client instead of the dedicated code for
> nova-swift communication
> - agreed that cut paste code is more susceptible to security fixes
> - however, this way the entire service would be vulnerable if there
> is some change in swift-client and nova-swift communication is not updated
> accordingly
>
> We would like to be there at the Swift meeting today (Wed 23rd), if you
> think it would be essential.
>
>
>
> thanks,
>
> -Nikhil
>
> -----Original Message-----
> From: "Chmouel Boudjnah" <chmouel at chmouel.com>
> Sent: Wednesday, January 23, 2013 7:00am
> To: "OpenStack Development Mailing List" <
> openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] swift client for Xen on dom0
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> Hi Nikhil,
>
> I would definitively go for options 2 having to redo a swiftclient would
> not be very useful. What are the pain point about option 2?
>
> We have as well a Swift meeting tonight (Wed/23) if you want to come talk
> with the swift core about it.
>
> Regards,
> Chmouel.
>
>
> On Wed, Jan 23, 2013 at 12:29 AM, Nikhil Komawar <
> nikhil.komawar at rackspace.com> wrote:
>
> > Hi,
> >
> > We have a review patch in Nova https://review.openstack.org/#/c/17803/,
> > which is making us contemplate on the best possible way to communicate
> with
> > swift from the dom0. The two options mentioned below have pros and cons:-
> >
> > 1. either emulate swift client
> > 2. or install python-swiftclient on dom0
> >
> > On trying out both on them, we have realized some pain points involved in
> > deployment and maintenance process. Also, as John has correctly pointed
> out
> > in the review, we need to keep in mind about having the same code in 2
> > different places, especially for security fixes.
> >
> > Your opinions and comments would be greatly appreciated and we wish to
> > discuss about this in the XenAPI IRC meeting on Wednesday Jan 23rd as
> well.
> >
> > thanks,
> > -Nikhil
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130123/3fd767ea/attachment.html>
More information about the OpenStack-dev
mailing list