[openstack-dev] [keystone][swift] Has anybody considered storing tokens in Swift?
Jay Pipes
jaypipes at gmail.com
Mon Sep 29 16:12:36 UTC 2014
Hey Stackers,
So, I had a thought this morning (uh-oh, I know...).
What if we wrote a token driver in Keystone that uses Swift for backend
storage?
I have long been an advocate of the memcache token driver versus the SQL
driver for performance reasons. However, the problem with the memcache
token driver is that if you want to run multiple OpenStack regions, you
could share the identity data in Keystone using replicated database
technology (mysql galera/PXC, pgpool II, or even standard mysql
master/slave), but each region needs to have its own memcache service
for tokens. This means that tokens are not shared across regions, which
means that users have to log in separately to each region's dashboard.
I personally considered this a tradeoff worth accepting. But then,
today, I thought... what about storing tokens in a globally-distributed
Swift cluster? That would take care of the replication needs
automatically, since Swift would do the needful. And, add to that, Swift
was designed for storing lots of small objects, which tokens are...
Thoughts? I think it would be a cool dogfooding effort if nothing else,
and give users yet another choice in how they handle multi-region tokens.
Best,
-jay
More information about the OpenStack-dev
mailing list