[Openstack] Keystone: Redux (Dubstep Remix)

Dave Walker DaveWalker at ubuntu.com
Wed Feb 15 16:26:32 UTC 2012


Hi Jesse and Andy,

Thanks muchly for outlining the reasoning and the direction.  The
vocal nature of this is more re-assuring.  It seems like the it was a
wise decision to start a fresh, based on the experiences of keystone
v1.

Initial impressions seem to be quite pleasing, thanks to all those who
were involved.

Kind Regards,

Dave Walker <Dave.Walker at canonical.com>
Engineering Manager,
Ubuntu Server Infrastructure

On Tue, Feb 14, 2012 at 06:20:24PM -0800, Jesse Andrews wrote:
> The major lessons of keystone:
> 
> While keystone served as an effective proof of concept for unified
> authentication (before keystone each component had its own
> users/passwords), it didn't get enough attention from other developers and
> integration with other core projects.
> 
> The pain caused by not having shared authentication caused it to grow up
> too fast.  Keystone was in incubation during Diablo and is scheduled for
> official core at the Essex release.
> 
> Going forward when something is added to core we need to make sure it has
> the project wide support necessary to present a consistent openstack during
> the transition and afterwards.
> 
> As an example, before quantum becomes a core project we are documenting
> what becomes of Nova network and existing APIs.  Glance integration into
> nova was a good example where the image list API call proxies to glance.
> 
> Additional if the code is vastly different, it is harder to get existing
> contributors to participate.
> 
> The original keystone team had a hard task and didn't get enough time and
> help due to circumstances (some within their control and some not)
> 
> Jesse
> 
> 
> On Feb 14, 2012 5:53 PM, "Andy Smith" <andyster at gmail.com> wrote:
> >
> > Hey there Joshua,
> >
> > Good question! `redux` started due to a variety of frustrations with the
> previous design that arose from decisions made early in the original
> development and were deemed infeasible to resolve in an evolutionary way.
> >
> > My team and the teams we work with closely felt we were in a good
> position to re-imagine some of those decisions while still providing a
> service that was functional (since we rely on it heavily for day to day
> work) and robust.
> >
> > There will certainly be bugs introduced by this move, but we have an
> extremely strong vested interest in fixing them rapidly and feel that the
> new code base will greatly improve our ability to do so.
> >
> > --andy
> >
> >
> > On Tue, Feb 14, 2012 at 4:53 PM, Joshua Harlow <harlowja at yahoo-inc.com>
> wrote:
> >>
> >> Great!
> >>
> >> A question I never understood, why was a redux needed?
> >> Isn’t keystone “pretty” new anyway? Maybe I missed that message/memo.
> >> Was there some kind of “learnings/oops moment” that happened that we can
> all benefit from (and not repeat?).
> >>
> >> Sorry if this is a repeat...
> >>
> >>
> >> On 2/14/12 4:38 PM, "Andy Smith" <andyster at gmail.com> wrote:
> >>
> >>> tl;dr proposal to merge keystone redux: same API, same client, new
> service.  Please review and ask questions!
> >>>
> >>> FRIENDS, ROMANS
> >>>
> >>> We are gathered here today to celebrate the commencement of Keystone
> (redux) to fill the role of Keystone (henceforth known as legacy). It is
> with great pride that we propose this stand-up-fellow of a refactor to join
> the ranks of the other OpenStack projects.
> >>>
> >>> There will be differences, both in how you develop and how you use it,
> though we've tried to keep those to a minimum (it has the same API, client,
> and migration paths from existing deploys)
> >>>
> >>> You will notice that the code is organized rather differently in most
> cases, though still in line with the general form of OpenStack projects,
> and we use the standard tools and procedures you may be familiar with from
> work on a project like Nova.  (Your wrists will be shattered if you attempt
> to use double quotes where single quotes might better suffice.)
> >>>
> >>> The bulk of the work put into `redux` has been to reduce the complexity
> of and provide a more easily extensible version of `legacy` while still
> providing the features that the other projects require. We think we have
> been successful in this, and we hope you'll agree.
> >>>
> >>> Read on for more specifics.
> >>>
> >>> MERGE PROPOSAL:
> >>>
> >>> Please voice your comments & votes on the merge proposal:
> >>>
> >>>   *
> https://review.openstack.org/#q,I2cb5b198a06848f42f919ea49e338443131e263e,n,z
> >>>
> >>> Since this is a rather large merge, you can explore the code at github
> (reviews should happen in gerrit using the above link):
> >>>
> >>>   * https://github.com/openstack/keystone/tree/redux
> >>>   * https://github.com/openstack-dev/devstack/tree/redux
> >>>
> >>> DELTA:
> >>>
> >>> The two major items we are working on adding to redux at time of
> writing.  Support for XML and LDAP integration.  We propose evaluating the
> merge with these known issues, as work is being done to re-add support
> before E4.
> >>>
> >>> State of XML (via Dolph Mathews)
> >>>
> >>>    Work is underway to support the existing XSD/WADLs
> >>>    XML code in its current state is posted to
> https://review.openstack.org/#change,4037
> >>>    Our hope is to convert XML to/from python objects with minor tweaks
> where needed to meet the spec.
> >>>    Existing XML tests in legacy use a GUI tool http://www.soapui.org/ to
> verify correctness, we hope to use a more pythonic tool in redux
> >>>
> >>> State of LDAP (via Adam Young):
> >>>
> >>>    LDAP code in its current state is posted to
> https://github.com/admiyo/keystone/tree/ldap2
> >>>    Unit tests pass against fakeldap, with the exception of the ones
> that check for uniqueness.  I suspect that is supposed to be enforced by
> SLAPD
> >>>    I am working on getting the scheme documented for the LDAP server,
> and for prepopulating Roles.
> >>>    Authentication against a live LDAP server works.  Roles and Tenants
> are currently ignored.  Getting the schema straight needs to happen first.
> >>>    Should have working code in the next day or two.
> >>>
> >>> BUGS:
> >>>
> >>> We've been tagging bugs as "redux" that are against the rewrite.  You
> can view the full list at full bug list at
> https://bugs.launchpad.net/keystone/+bugs?field.tag=redux  We marked bugs
> that are needed to land before this merge as CRITICAL, and before E4 as
> HIGH.
> >>>
> >>> Post Merge:
> >>>
> >>> After merge we will continue improving Keystone, specifically:
> >>>
> >>>  * Target critical/high bugs for E4
> >>>  * Work with downstream/packagers on changes needed for their distros
> >>>  * Work with tempest on test coverage
> >>>  * Another pass through the bugs & blueprints to update the state
> >>>
> >>> Thanks to all the contributors to the rewrite:
> >>>
> >>> Andy Smith
> >>> Anthony Young
> >>> Brian Waldon
> >>> Chmouel Boudjnah
> >>> Chuck Short
> >>> Dean Troyer
> >>> Devin Carlen
> >>> Dolph Mathews
> >>> James E. Blair
> >>> Jesse Andrews
> >>> Joe Heck
> >>> Justin Santa Barbara
> >>> Monty Taylor
> >>> Vishvananda Ishaya
> >>>
> >>> HOYOOO!
> >>>
> >>>
> >>> p.s. wubwubwubSKREEEEwubwub
> >>>
> >
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to     : openstack at lists.launchpad.net
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp
> >

> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120215/04247f3c/attachment.sig>


More information about the Openstack mailing list