Open Stack

Hi Nikhil,

IMHO: if there is any security issues in swift/keystone-client it will
probably come up in your copied version as well so you may as well not
having to reinvent the wheel. Code duplication/fork is generally a pain to
maintain in long term.

Cheers,
Chmouel.


On Wed, Jan 23, 2013 at 4:24 PM, Nikhil Komawar <
nikhil.komawar at rackspace.com> wrote:

> Hey Chmouel,
>
>
>
> Thanks for your comments! Please find some answers to your concerns below.
>
>
> Actually, there already is an emulated swift-client in the patch (
> https://review.openstack.org/#/c/17803/10/plugins/xenserver/xenapi/etc/xapi.d/plugins/swift_client.py).
> Though, we would like to keep it trimmed to meet just about the current
> requirements.
>
>
> Initially, we preferred having python-swiftclient on dom0 and found that
> there are following roadblocks:
>
>
>    1. having to deploy updated swift client on dom0
>       - it adds another package on dom0 (making the Ops guys nervous)
>       - auth v2 for swift needs keystone client which would have to be
>       added there as well
>       - we need to meet the dependencies if they change in the future
>     2. keeping up with swift client instead of the dedicated code for
>    nova-swift communication
>       - agreed that cut paste code is more susceptible to security fixes
>       - however, this way the entire service would be vulnerable if there
>       is some change in swift-client and nova-swift communication is not updated
>       accordingly
>
> We would like to be there at the Swift meeting today (Wed 23rd), if you
> think it would be essential.
>
>
>
> thanks,
>
> -Nikhil
>
> -----Original Message-----
> From: "Chmouel Boudjnah" <chmouel at chmouel.com>
> Sent: Wednesday, January 23, 2013 7:00am
> To: "OpenStack Development Mailing List" <
> openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] swift client for Xen on dom0
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> Hi Nikhil,
>
> I would definitively go for options 2 having to redo a swiftclient would
> not be very useful. What are the pain point about option 2?
>
> We have as well a Swift meeting tonight (Wed/23) if you want to come talk
> with the swift core about it.
>
> Regards,
> Chmouel.
>
>
> On Wed, Jan 23, 2013 at 12:29 AM, Nikhil Komawar <
> nikhil.komawar at rackspace.com> wrote:
>
> > Hi,
> >
> > We have a review patch in Nova https://review.openstack.org/#/c/17803/,
> > which is making us contemplate on the best possible way to communicate
> with
> > swift from the dom0. The two options mentioned below have pros and cons:-
> >
> > 1. either emulate swift client
> > 2. or install python-swiftclient on dom0
> >
> > On trying out both on them, we have realized some pain points involved in
> > deployment and maintenance process. Also, as John has correctly pointed
> out
> > in the review, we need to keep in mind about having the same code in 2
> > different places, especially for security fixes.
> >
> > Your opinions and comments would be greatly appreciated and we wish to
> > discuss about this in the XenAPI IRC meeting on Wednesday Jan 23rd as
> well.
> >
> > thanks,
> > -Nikhil
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130123/3fd767ea/attachment.html>