Open Stack

Folks

We saw several High issues with how keystone manages regular memcached
tokens. I know, this is not the perfect time as you already decided to push
it from 7.0, but I would reconsider declaring it as FFE as it affects HA
and UX poorly. If we can enable tokens simply by altering configuration,
let's do it. I see commit for this feature is pretty trivial.

On Fri, Jul 24, 2015 at 9:27 AM, Mike Scherbakov <mscherbakov at mirantis.com>
wrote:

> Fuel Library team, I expect your immediate reply here.
>
> I'd like upgrades team to take a look at this one, as well as at the one
> which moves Keystone under Apache, in order to check that there are no
> issues here.
>
> -1 from me for this time in the cycle. I'm concerned about:
>
>    1. I don't see any reference to blueprint or bug which explains (with
>    measurements) why we need this change in reference architecture, and what
>    are the thoughts about it in puppet-openstack, and OpenStack Keystone. We
>    need to get datapoints, and point to them. Just knowing that Keystone team
>    implemented support for it doesn't yet mean that we need to rush in
>    enabling this.
>    2. It is quite noticeable change, not a simple enhancement. I reviewed
>    the patch, there are questions raised.
>    3. It doesn't pass CI, and I don't have information on risks
>    associated, and additional effort required to get this done (how long would
>    it take to get it done)
>    4. This feature increases complexity of reference architecture. Now
>    I'd like every complexity increase to be optional. I have feedback from the
>    field, that our prescriptive architecture just doesn't fit users' needs,
>    and it is so painful to decouple then what is needed vs what is not. Let's
>    start extending stuff with an easy switch, being propagated from Fuel
>    Settings. Is it possible to do? How complex would it be?
>
> If we get answers for all of this, and decide that we still want the
> feature, then it would be great to have it. I just don't feel that it's
> right timing anymore - we entered FF.
>
> Thanks,
>
> On Thu, Jul 23, 2015 at 11:53 AM Alexander Makarov <amakarov at mirantis.com>
> wrote:
>
>> Colleagues,
>>
>> I would like to request an exception from the Feature Freeze for Fernet
>> tokens support added to the fuel-library in the following CR:
>> https://review.openstack.org/#/c/201029/
>>
>> Keystone part of the feature is implemented in the upstream and the
>> change impacts setup configuration only.
>>
>> Please, respond if you have any questions or concerns related to this
>> request.
>>
>> Thanks in advance.
>>
>> --
>> Kind Regards,
>> Alexander Makarov,
>> Senior Software Developer,
>>
>> Mirantis, Inc.
>> 35b/3, Vorontsovskaya St., 109147, Moscow, Russia
>>
>> Tel.: +7 (495) 640-49-04
>> Tel.: +7 (926) 204-50-60
>>
>> Skype: MAKAPOB.AJIEKCAHDP
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
> --
> Mike Scherbakov
> #mihgen
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Yours Faithfully,
Vladimir Kuklin,
Fuel Library Tech Lead,
Mirantis, Inc.
+7 (495) 640-49-04
+7 (926) 702-39-68
Skype kuklinvv
35bk3, Vorontsovskaya Str.
Moscow, Russia,
www.mirantis.com <http://www.mirantis.ru/>
www.mirantis.ru
vkuklin at mirantis.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150727/454f5f05/attachment.html>