[openstack-dev] [keystone][swift] Has anybody considered storing tokens in Swift?

Clint Byrum clint at fewbar.com
Tue Sep 30 03:55:03 UTC 2014


Excerpts from Adam Young's message of 2014-09-29 20:22:35 -0700:
> On 09/29/2014 12:12 PM, Jay Pipes wrote:
> > Hey Stackers,
> >
> > So, I had a thought this morning (uh-oh, I know...).
> >
> > What if we wrote a token driver in Keystone that uses Swift for 
> > backend storage?
> >
> > I have long been an advocate of the memcache token driver versus the 
> > SQL driver for performance reasons. However, the problem with the 
> > memcache token driver is that if you want to run multiple OpenStack 
> > regions, you could share the identity data in Keystone using 
> > replicated database technology (mysql galera/PXC, pgpool II, or even 
> > standard mysql master/slave), but each region needs to have its own 
> > memcache service for tokens. This means that tokens are not shared 
> > across regions, which means that users have to log in separately to 
> > each region's dashboard.
> >
> > I personally considered this a tradeoff worth accepting. But then, 
> > today, I thought... what about storing tokens in a 
> > globally-distributed Swift cluster? That would take care of the 
> > replication needs automatically, since Swift would do the needful. 
> > And, add to that, Swift was designed for storing lots of small 
> > objects, which tokens are...
> >
> > Thoughts? I think it would be a cool dogfooding effort if nothing 
> > else, and give users yet another choice in how they handle 
> > multi-region tokens.
> 
> Um...I hate all persisted tokens.  This takes them to a new level of 
> badness.
> 
> Do we really need this?
> 

FWIW I'm 100% with you Adam. I would like to see a world without a token
storage problem in Keystone.



More information about the OpenStack-dev mailing list