Re: [openstack-dev] [Keystone] Cockroachdb for Keystone Multi-master

[Adrian Turjak]

On 19 May 2017 11:43 am, Curtis <serverasc...@gmail.com> wrote:

On Thu, May 18, 2017 at 4:13 PM, Adrian Turjak <adri...@catalyst.net.nz> wrote:
> Hello fellow OpenStackers,
>
> For the last while I've been looking at options for multi-region
> multi-master Keystone, as well as multi-master for other services I've
> been developing and one thing that always came up was there aren't many
> truly good options for a true multi-master backend. Recently I've been
> looking at Cockroachdb and while I haven't had the chance to do any
> testing I'm curious if anyone else has looked into it. It sounds like
> the perfect solution, and if it can be proved to be stable enough it
> could solve a lot of problems.
>
> So, specifically in the realm of Keystone, since we are using sqlalchemy
> we already have Postgresql support, and since Cockroachdb does talk
> Postgres it shouldn't be too hard to back Keystone with it. At that
> stage you have a Keystone DB that could be multi-region, multi-master,
> consistent, and mostly impervious to disaster. Is that not the holy
> grail for a service like Keystone? Combine that with fernet tokens and
> suddenly Keystone becomes a service you can't really kill, and can
> mostly forget about.
>
> I'm welcome to being called mad, but I am curious if anyone has looked
> at this. I'm likely to do some tests at some stage regarding this,
> because I'm hoping this is the solution I've been hoping to find for
> quite a long time.

I was going to take a look at this a bit myself, just try it out. I
can't completely speak for the Fog/Edge/Massively Distributed working
group in OpenStack, but I feel like this might be something they look
into.

For standard multi-site I don't know how much it would help, say if
you only had a couple or three clouds, but more than that maybe this
starts to make sense. Also running Galera has gotten easier but still
not that easy.

Multi-site with a shared Keystone was my goal because auth has to be shared in all regions for us. Fernet solves a part of it, but user data, roles, etc also needs to be replicated if we want a Keystone running in each region. That's where Cockroachdb could prove useful.

I had thought that the OpenStack community was deprecating Postgres
support though, so that could make things a bit harder here (I might
be wrong about this).

I really hope not, because that will take Cockroachdb off the table entirely (unless they add MySQL support) and it may prove to be a great option overall once it is known to be stable and has been tested in larger scale setups.

I remember reading about the possibility of deprecating Postgres but there are people using it in production so I assumed we didn't go down that path. Would be good to have someone confirm.

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev