On 09/29/2014 12:12 PM, Jay Pipes wrote:
Hey Stackers,
So, I had a thought this morning (uh-oh, I know...).
What if we wrote a token driver in Keystone that uses Swift for
backend storage?
I have long been an advocate of the memcache token driver versus the
SQL driver for performance reasons. However, the problem with the
memcache token driver is that if you want to run multiple OpenStack
regions, you could share the identity data in Keystone using
replicated database technology (mysql galera/PXC, pgpool II, or even
standard mysql master/slave), but each region needs to have its own
memcache service for tokens. This means that tokens are not shared
across regions, which means that users have to log in separately to
each region's dashboard.
I personally considered this a tradeoff worth accepting. But then,
today, I thought... what about storing tokens in a
globally-distributed Swift cluster? That would take care of the
replication needs automatically, since Swift would do the needful.
And, add to that, Swift was designed for storing lots of small
objects, which tokens are...
Thoughts? I think it would be a cool dogfooding effort if nothing
else, and give users yet another choice in how they handle
multi-region tokens.
Um...I hate all persisted tokens. This takes them to a new level of
badness.
Do we really need this?
Best,
-jay
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
