Excerpts from Adam Young's message of 2014-09-29 20:22:35 -0700: > On 09/29/2014 12:12 PM, Jay Pipes wrote: > > Hey Stackers, > > > > So, I had a thought this morning (uh-oh, I know...). > > > > What if we wrote a token driver in Keystone that uses Swift for > > backend storage? > > > > I have long been an advocate of the memcache token driver versus the > > SQL driver for performance reasons. However, the problem with the > > memcache token driver is that if you want to run multiple OpenStack > > regions, you could share the identity data in Keystone using > > replicated database technology (mysql galera/PXC, pgpool II, or even > > standard mysql master/slave), but each region needs to have its own > > memcache service for tokens. This means that tokens are not shared > > across regions, which means that users have to log in separately to > > each region's dashboard. > > > > I personally considered this a tradeoff worth accepting. But then, > > today, I thought... what about storing tokens in a > > globally-distributed Swift cluster? That would take care of the > > replication needs automatically, since Swift would do the needful. > > And, add to that, Swift was designed for storing lots of small > > objects, which tokens are... > > > > Thoughts? I think it would be a cool dogfooding effort if nothing > > else, and give users yet another choice in how they handle > > multi-region tokens. > > Um...I hate all persisted tokens. This takes them to a new level of > badness. > > Do we really need this? >
FWIW I'm 100% with you Adam. I would like to see a world without a token storage problem in Keystone. _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
