[openstack-dev] [all] etcd3 as base service - update
Mike Bayer
mbayer at redhat.com
Fri Jun 9 21:11:56 UTC 2017
On 06/09/2017 11:12 AM, Lance Bragstad wrote:
>
>
> I should have clarified. The idea was to put the keys used to encrypt
> and decrypt the tokens in etcd so that synchronizing the repository
> across a cluster for keystone nodes is easier for operators (but not
> without other operator pain as Kevin pointed out). The tokens themselves
> will remain completely non-persistent. Fernet key creation is explicitly
> controlled by operators and isn't something that end users generate.
makes sense and I agree is entirely appropriate thanks!
>
> [0]
> https://github.com/openstack/keystone/blob/c528539879e824b8e6d5654292a85ccbee6dcf89/keystone/conf/fernet_tokens.py#L44-L54
> [1] https://launchpad.net/bugs/1649616
>
>
>
>
>
>
> On Thu, Jun 8, 2017 at 11:37 AM, Mike Bayer <mbayer at redhat.com
> <mailto:mbayer at redhat.com> <mailto:mbayer at redhat.com
> <mailto:mbayer at redhat.com>>> wrote:
>
>
>
> On 06/08/2017 12:47 AM, Joshua Harlow wrote:
>
> So just out of curiosity, but do people really even
> know what
> etcd is good for? I am thinking that there should be some
> guidance from folks in the community as to where etcd
> should be
> used and where it shouldn't (otherwise we just all end
> up in a
> mess).
>
>
> So far I've seen a proposal of etcd3 as a replacement for
> memcached
> in keystone, and a new dogpile connector was added to
> oslo.cache to
> handle referring to etcd3 as a cache backend. This is a really
> simplistic / minimal kind of use case for a key-store.
>
> But, keeping in mind I don't know anything about etcd3
> other than
> "it's another key-store", it's the only database used by
> Kubernetes
> as a whole, which suggests it's doing a better job than
> Redis in
> terms of "durable". So I wouldn't be surprised if new /
> existing
> openstack applications express some gravitational pull
> towards using
> it as their own datastore as well. I'll be trying to
> hang onto
> the etcd3 track as much as possible so that if/when that
> happens I
> still have a job :).
>
>
>
>
>
> Perhaps a good idea to actually give examples of how it
> should
> be used, how it shouldn't be used, what it offers, what it
> doesn't... Or at least provide links for people to read
> up on this.
>
> Thoughts?
>
> Davanum Srinivas wrote:
>
> One clarification: Since
> https://pypi.python.org/pypi/etcd3gw
> <https://pypi.python.org/pypi/etcd3gw>
> <https://pypi.python.org/pypi/etcd3gw
> <https://pypi.python.org/pypi/etcd3gw>> just
> uses the HTTP API (/v3alpha) it will work under both
> eventlet and
> non-eventlet environments.
>
> Thanks,
> Dims
>
>
> On Wed, Jun 7, 2017 at 6:47 AM, Davanum
> Srinivas<davanum at gmail.com
> <mailto:davanum at gmail.com> <mailto:davanum at gmail.com
> <mailto:davanum at gmail.com>>> wrote:
>
> Team,
>
> Here's the update to the base services
> resolution from
> the TC:
> https://governance.openstack.org/tc/reference/base-services.html
> <https://governance.openstack.org/tc/reference/base-services.html>
>
> <https://governance.openstack.org/tc/reference/base-services.html <https://governance.openstack.org/tc/reference/base-services.html>>
>
> First request is to Distros, Packagers, Deployers,
> anyone who
> installs/configures OpenStack:
> Please make sure you have latest etcd 3.x
> available in your
> environment for Services to use, Fedora already
> does, we
> need help in
> making sure all distros and architectures are
> covered.
>
> Any project who want to use etcd v3 API via
> grpc, please
> use:
> https://pypi.python.org/pypi/etcd3
> <https://pypi.python.org/pypi/etcd3>
> <https://pypi.python.org/pypi/etcd3
> <https://pypi.python.org/pypi/etcd3>> (works only for
> non-eventlet services)
>
> Those that depend on eventlet, please use the etcd3
> v3alpha HTTP API using:
> https://pypi.python.org/pypi/etcd3gw
> <https://pypi.python.org/pypi/etcd3gw>
> <https://pypi.python.org/pypi/etcd3gw
> <https://pypi.python.org/pypi/etcd3gw>>
>
> If you use tooz, there are 2 driver choices for
> you:
> https://github.com/openstack/tooz/blob/master/setup.cfg#L29
> <https://github.com/openstack/tooz/blob/master/setup.cfg#L29>
>
> <https://github.com/openstack/tooz/blob/master/setup.cfg#L29
> <https://github.com/openstack/tooz/blob/master/setup.cfg#L29>>
> https://github.com/openstack/tooz/blob/master/setup.cfg#L30
> <https://github.com/openstack/tooz/blob/master/setup.cfg#L30>
>
> <https://github.com/openstack/tooz/blob/master/setup.cfg#L30
> <https://github.com/openstack/tooz/blob/master/setup.cfg#L30>>
>
> If you use oslo.cache, there is a driver for you:
> https://github.com/openstack/oslo.cache/blob/master/setup.cfg#L33 <https://github.com/openstack/oslo.cache/blob/master/setup.cfg#L33>
>
> <https://github.com/openstack/oslo.cache/blob/master/setup.cfg#L33
> <https://github.com/openstack/oslo.cache/blob/master/setup.cfg#L33>>
>
> Devstack installs etcd3 by default and points
> cinder to it:
> http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/etcd3
> <http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/etcd3>
>
> <http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/etcd3
> <http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/etcd3>>
> http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/cinder#n356
> <http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/cinder#n356>
>
> <http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/cinder#n356
> <http://git.openstack.org/cgit/openstack-dev/devstack/tree/lib/cinder#n356>>
>
>
> Review in progress for keystone to use etcd3
> for caching:
> https://review.openstack.org/#/c/469621/
> <https://review.openstack.org/#/c/469621/>
> <https://review.openstack.org/#/c/469621/
> <https://review.openstack.org/#/c/469621/>>
>
> Doug is working on proposal(s) for oslo.config
> to store some
> configuration in etcd3:
> https://review.openstack.org/#/c/454897/
> <https://review.openstack.org/#/c/454897/>
> <https://review.openstack.org/#/c/454897/
> <https://review.openstack.org/#/c/454897/>>
>
> So, feel free to turn on / test with etcd3 and
> report
> issues.
>
> Thanks,
> Dims
>
> -- Davanum Srinivas ::
> https://twitter.com/dims
>
>
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage
> questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>>
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list