← Back to team overview

openstack team mailing list archive

Keystone Announcement


Hey Everyone,

As you may be well aware, the existing Keystone implementation has been a source of some consternation for deployers and various members of our community.  In response to this, over the last few months, there has been an effort between our team and members of the community to re-architect the Keystone service implementation as "Keystone Light" (aka ksl) to improve stability, configurability, pluggability, usability, code simplicity, and overall code quality.  I'm pleased to announce and we are just about ready to propose these changes to the community for review.

It is important to note that ksl is a proposal to change the -implementation- of Keystone.  Thus it provides full API, middleware, and CLI compatibility with the existing Keystone implementation.  It does not aim to add or significantly modify features beyond what exists in Keystone today.  Instead, the main goal of ksl is to provide a drastically improved quality of implementation, while also providing as smooth a migration path as possible for developers and deployers already using or familiar with Keystone.

What does ksl mean for deployers?
 * There will be a simple migration path to ksl for existing deployments
 * ksl's improved pluggability will give you more options to integrate identity backends and data stores
 * Improved ec2 support

What does ksl mean for developers?
 * Better extensibility and overall hackability
 * Improved testing framework
 * Improved flexibility in how roles/tenants/users/tokens map to backends

Given the nature of this change, I am asking that each PTL, as well as all interested community members, take the time to review this proposal and offer feedback.  Gaps and weakness will be listed in the review, and other issues identified, and we will need help sorting through these to determine which issues are blocking, and which can wait till later milestones.  Of course, if we move forward with ksl, we will need to coordinate with projects like devstack, gating tests, and packaging, so it is important to hear the perspective of people involved with those efforts during the review process.

One of the main benefits of the ksl project is that it was developed as a collaboration of many different and very talented community members.  Going forward, this gives us the opportunity to have much broader inputs into the project and an opportunity to grow the community around keystone.  Thanks especially to Andy Smith, Joe Heck, Christopher McGown, Devin Carlen, Joshua McKenty, Dolph Matthews, Jesse Andrews, Vishvananda Ishaya, and other community members for all the hard work you have put into this - it is very much appreciated.

Ziad (PTL) & Keystone Core Team