[openstack-dev] [Openstack-operators] [keystone] Removing functionality that was deprecated in Kilo and upcoming deprecated functionality in Mitaka
Boris Bobrov
bbobrov at mirantis.com
Tue Dec 1 15:24:36 UTC 2015
On Tuesday 01 December 2015 08:50:14 Lance Bragstad wrote:
> On Tue, Dec 1, 2015 at 6:05 AM, Sean Dague <sean at dague.net> wrote:
> >
> > From an interop perspective, this concerns me a bit. My
> > understanding is that Apache is specifically needed for
> > Federation. Federation is the norm that we want for environments
> > in the future.
>
> (On a side note from removing eventlet, but related to what Sean
> said)
>
> A spec has been proposed to make keystone a fully fledged saml2
> provider [0]. Depending on how we feel about implementing and
> maintaining something like this, we'd be able to use federation
> within uWSGI (we would no longer *require* Apache for federation).
> Only bringing this up because it would also solve the
> two-reference-architectures problem. A uWSGI reference architecture
> could be used for deploying keystone, regardless if you want
> federation or not.
>
> We probably wouldn't get a uWSGI reference architecture until after
> that is all fleshed out. This is assuming the spec is accepted and
> implemented in Mitaka.
>
> [0] https://review.openstack.org/#/c/244694/5
I don't get why we talk about uwsgi in context of federation. uwsgi is
an application server. Apache is a web server. We can still use uwsgi
with apache, there are several modules for that:
https://uwsgi-docs.readthedocs.org/en/latest/Apache.html
Now we require apache for federation and support mod_wsgi (which is
tightly integrated with apache) as an app server. We can still require
Apache and support uwsgi as an app server, without any changes to
federation.
--
Best regards,
Boris Bobrov
More information about the OpenStack-dev
mailing list