[openstack-dev] [fuel] FF Exception request for Fernet tokens support.
Alexander Makarov
amakarov at mirantis.com
Mon Jul 27 11:52:04 UTC 2015
I've filed a ticket to test Fernet token on the scale lab:
https://mirantis.jira.com/browse/MOSS-235
If this feature is not granted FFE we still can configure it manually by
changing keystone config.
So I think internal how-to document backed-up with scale and bvt testing
will allow our deployers to deliver Fernet to our customers.
1 more thing: in the Community this feature is considered experimantal, so
maybe setting it as a default is a bit premature?
On Mon, Jul 27, 2015 at 2:34 PM, Vladimir Kuklin <vkuklin at mirantis.com>
wrote:
> Folks
>
> We saw several High issues with how keystone manages regular memcached
> tokens. I know, this is not the perfect time as you already decided to push
> it from 7.0, but I would reconsider declaring it as FFE as it affects HA
> and UX poorly. If we can enable tokens simply by altering configuration,
> let's do it. I see commit for this feature is pretty trivial.
>
> On Fri, Jul 24, 2015 at 9:27 AM, Mike Scherbakov <mscherbakov at mirantis.com
> > wrote:
>
>> Fuel Library team, I expect your immediate reply here.
>>
>> I'd like upgrades team to take a look at this one, as well as at the one
>> which moves Keystone under Apache, in order to check that there are no
>> issues here.
>>
>> -1 from me for this time in the cycle. I'm concerned about:
>>
>> 1. I don't see any reference to blueprint or bug which explains (with
>> measurements) why we need this change in reference architecture, and what
>> are the thoughts about it in puppet-openstack, and OpenStack Keystone. We
>> need to get datapoints, and point to them. Just knowing that Keystone team
>> implemented support for it doesn't yet mean that we need to rush in
>> enabling this.
>> 2. It is quite noticeable change, not a simple enhancement. I
>> reviewed the patch, there are questions raised.
>> 3. It doesn't pass CI, and I don't have information on risks
>> associated, and additional effort required to get this done (how long would
>> it take to get it done)
>> 4. This feature increases complexity of reference architecture. Now
>> I'd like every complexity increase to be optional. I have feedback from the
>> field, that our prescriptive architecture just doesn't fit users' needs,
>> and it is so painful to decouple then what is needed vs what is not. Let's
>> start extending stuff with an easy switch, being propagated from Fuel
>> Settings. Is it possible to do? How complex would it be?
>>
>> If we get answers for all of this, and decide that we still want the
>> feature, then it would be great to have it. I just don't feel that it's
>> right timing anymore - we entered FF.
>>
>> Thanks,
>>
>> On Thu, Jul 23, 2015 at 11:53 AM Alexander Makarov <amakarov at mirantis.com>
>> wrote:
>>
>>> Colleagues,
>>>
>>> I would like to request an exception from the Feature Freeze for Fernet
>>> tokens support added to the fuel-library in the following CR:
>>> https://review.openstack.org/#/c/201029/
>>>
>>> Keystone part of the feature is implemented in the upstream and the
>>> change impacts setup configuration only.
>>>
>>> Please, respond if you have any questions or concerns related to this
>>> request.
>>>
>>> Thanks in advance.
>>>
>>> --
>>> Kind Regards,
>>> Alexander Makarov,
>>> Senior Software Developer,
>>>
>>> Mirantis, Inc.
>>> 35b/3, Vorontsovskaya St., 109147, Moscow, Russia
>>>
>>> Tel.: +7 (495) 640-49-04
>>> Tel.: +7 (926) 204-50-60
>>>
>>> Skype: MAKAPOB.AJIEKCAHDP
>>>
>>> __________________________________________________________________________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>> --
>> Mike Scherbakov
>> #mihgen
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Yours Faithfully,
> Vladimir Kuklin,
> Fuel Library Tech Lead,
> Mirantis, Inc.
> +7 (495) 640-49-04
> +7 (926) 702-39-68
> Skype kuklinvv
> 35bk3, Vorontsovskaya Str.
> Moscow, Russia,
> www.mirantis.com <http://www.mirantis.ru/>
> www.mirantis.ru
> vkuklin at mirantis.com
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Kind Regards,
Alexander Makarov,
Senior Software Developer,
Mirantis, Inc.
35b/3, Vorontsovskaya St., 109147, Moscow, Russia
Tel.: +7 (495) 640-49-04
Tel.: +7 (926) 204-50-60
Skype: MAKAPOB.AJIEKCAHDP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150727/dcddc22f/attachment-0001.html>
More information about the OpenStack-dev
mailing list