> > On Wed, Jun 28, 2017 at 2:00 AM, Lance Bragstad <lbrags...@gmail.com> > wrote: > >> Hi all, >> >> Keystone has deprecated the domain configuration upload capability >> provided through `keystone-manage`. We discussed it's removal in today's >> meeting [0] and wanted to send a quick note to the operator list. The >> ability to upload a domain config into keystone was done as a stop-gap >> until the API was marked as stable [1]. It seems as though file-based >> domain configuration was only a band-aid until full support was done. >> >> Of the operators using the domain config API in keystone, how many are >> backing their configurations with actual configuration files versus the API? >> >> >> [0] http://eavesdrop.openstack.org/meetings/keystone/2017/keysto >> ne.2017-06-27-18.00.log.html#l-167 [1] https://github.com/openstack/k >> eystone/commit/a5c5f5bce812fad3c6c88a23203bd6c00451e7b3 >> > I am not clear on why we need to deprecate and remove file-backed domain configuration. The way I see it:
* It's reflectve with the primary configuration, so I can copy over the chunks I need from keystone.conf into /etc/keystone/domains/keystone.domain.conf without thinking too hard about it * It's convenient for deployment tools to just lay down config files * It's not that much extra effort for the keystone team to maintain (is it?) The use case for file-backed domain configs is for smaller clouds with just one or two LDAP-backed domains. There's not a real need for users to change domain configs so the file-backed config is plenty fine. I don't see a lot of gain from removing that functionality. I don't particularly care about the keystone-manage tool, if that goes away it would still be relatively easy to write a python script to parse and upload configs if a user does eventually decide to transition. As a side note, SUSE happens to be using file-backed domain configs in our product. It would not be a big deal to rewrite that bit to use the API, but I think it's just as easy to let us keep using it. Colleen
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev