[Openstack-operators] [Keystone] Deprecation of Eventlet deployment in Kilo (Removal for "M"-release)
Fischer, Matt
matthew.fischer at twcable.com
Thu Feb 19 20:38:50 UTC 2015
Nevermind, I re-read it and missed the M portion of dropped. Sorry for the confusion.
I have opened a puppet bug for this so we can switch the default value, it’s still eventlet.
https://bugs.launchpad.net/puppet-keystone/+bug/1423685
From: <Fischer>, Matt Fischer <matthew.fischer at twcable.com<mailto:matthew.fischer at twcable.com>>
Date: Thursday, February 19, 2015 at 1:34 PM
To: Morgan Fainberg <morgan.fainberg at gmail.com<mailto:morgan.fainberg at gmail.com>>, openstack-operators <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>
Subject: Re: [Openstack-operators] [Keystone] Deprecation of Eventlet deployment in Kilo (Removal for "M"-release)
Can you clarify if the feature is being deprecated – as in still usable but not recommended with a warning, or dropped, as-in, won’t work at all? You mention both in the first two sentences.
From: Morgan Fainberg <morgan.fainberg at gmail.com<mailto:morgan.fainberg at gmail.com>>
Date: Thursday, February 19, 2015 at 12:32 PM
To: openstack-operators <openstack-operators at lists.openstack.org<mailto:openstack-operators at lists.openstack.org>>
Subject: [Openstack-operators] [Keystone] Deprecation of Eventlet deployment in Kilo (Removal for "M"-release)
The Keystone development team is planning to deprecate deployment of Keystone under Eventlet during the Kilo cycle. Support for deploying under eventlet will be dropped as of the “M”-release of OpenStack.
The reasoning behind this move is multifaceted but the core of the reasons are as follows:
* Keystone relies on apache/web-server modules to handle federated identity (validation of SAML, etc) and similar SSO type authentication (Kerberos).
* Eventlet has proven problematic when it comes to workloads within Keystone, notably that a number of actions cannot yield (either due to lacking in Eventlet, or that the dependent library uses C-bindings that eventlet is not able to work with).
* Keystone has recommended (for multiple cycles) deploying Keystone under apache instead of eventlet. In the gate we primarily test all new development under Apache/mod_wsgi deployments.
* Most deployers I’ve discussed keystone deployment with are either already on httpd+mod_wsgi or looking to move that direction (for support of features such as federated auth).
The review to finalize the deprecation is: https://review.openstack.org/#/c/157495/ (Please only provide comments on deprecation, verbiage can be modified separately from the actual act of deprecation).
Please comment on the review or in reply to this Email.
Thanks,
—Morgan
--
Morgan Fainberg
________________________________
This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150219/968933ca/attachment.html>
More information about the OpenStack-operators
mailing list