← Back to team overview

openstack team mailing list archive

Re: Keystone: Redux (Dubstep Remix)

 

The major lessons of keystone:

While keystone served as an effective proof of concept for unified
authentication (before keystone each component had its own
users/passwords), it didn't get enough attention from other developers and
integration with other core projects.

The pain caused by not having shared authentication caused it to grow up
too fast.  Keystone was in incubation during Diablo and is scheduled for
official core at the Essex release.

Going forward when something is added to core we need to make sure it has
the project wide support necessary to present a consistent openstack during
the transition and afterwards.

As an example, before quantum becomes a core project we are documenting
what becomes of Nova network and existing APIs.  Glance integration into
nova was a good example where the image list API call proxies to glance.

Additional if the code is vastly different, it is harder to get existing
contributors to participate.

The original keystone team had a hard task and didn't get enough time and
help due to circumstances (some within their control and some not)

Jesse


On Feb 14, 2012 5:53 PM, "Andy Smith" <andyster@xxxxxxxxx> wrote:
>
> Hey there Joshua,
>
> Good question! `redux` started due to a variety of frustrations with the
previous design that arose from decisions made early in the original
development and were deemed infeasible to resolve in an evolutionary way.
>
> My team and the teams we work with closely felt we were in a good
position to re-imagine some of those decisions while still providing a
service that was functional (since we rely on it heavily for day to day
work) and robust.
>
> There will certainly be bugs introduced by this move, but we have an
extremely strong vested interest in fixing them rapidly and feel that the
new code base will greatly improve our ability to do so.
>
> --andy
>
>
> On Tue, Feb 14, 2012 at 4:53 PM, Joshua Harlow <harlowja@xxxxxxxxxxxxx>
wrote:
>>
>> Great!
>>
>> A question I never understood, why was a redux needed?
>> Isn’t keystone “pretty” new anyway? Maybe I missed that message/memo.
>> Was there some kind of “learnings/oops moment” that happened that we can
all benefit from (and not repeat?).
>>
>> Sorry if this is a repeat...
>>
>>
>> On 2/14/12 4:38 PM, "Andy Smith" <andyster@xxxxxxxxx> wrote:
>>
>>> tl;dr proposal to merge keystone redux: same API, same client, new
service.  Please review and ask questions!
>>>
>>> FRIENDS, ROMANS
>>>
>>> We are gathered here today to celebrate the commencement of Keystone
(redux) to fill the role of Keystone (henceforth known as legacy). It is
with great pride that we propose this stand-up-fellow of a refactor to join
the ranks of the other OpenStack projects.
>>>
>>> There will be differences, both in how you develop and how you use it,
though we've tried to keep those to a minimum (it has the same API, client,
and migration paths from existing deploys)
>>>
>>> You will notice that the code is organized rather differently in most
cases, though still in line with the general form of OpenStack projects,
and we use the standard tools and procedures you may be familiar with from
work on a project like Nova.  (Your wrists will be shattered if you attempt
to use double quotes where single quotes might better suffice.)
>>>
>>> The bulk of the work put into `redux` has been to reduce the complexity
of and provide a more easily extensible version of `legacy` while still
providing the features that the other projects require. We think we have
been successful in this, and we hope you'll agree.
>>>
>>> Read on for more specifics.
>>>
>>> MERGE PROPOSAL:
>>>
>>> Please voice your comments & votes on the merge proposal:
>>>
>>>   *
https://review.openstack.org/#q,I2cb5b198a06848f42f919ea49e338443131e263e,n,z
>>>
>>> Since this is a rather large merge, you can explore the code at github
(reviews should happen in gerrit using the above link):
>>>
>>>   * https://github.com/openstack/keystone/tree/redux
>>>   * https://github.com/openstack-dev/devstack/tree/redux
>>>
>>> DELTA:
>>>
>>> The two major items we are working on adding to redux at time of
writing.  Support for XML and LDAP integration.  We propose evaluating the
merge with these known issues, as work is being done to re-add support
before E4.
>>>
>>> State of XML (via Dolph Mathews)
>>>
>>>    Work is underway to support the existing XSD/WADLs
>>>    XML code in its current state is posted to
https://review.openstack.org/#change,4037
>>>    Our hope is to convert XML to/from python objects with minor tweaks
where needed to meet the spec.
>>>    Existing XML tests in legacy use a GUI tool http://www.soapui.org/ to
verify correctness, we hope to use a more pythonic tool in redux
>>>
>>> State of LDAP (via Adam Young):
>>>
>>>    LDAP code in its current state is posted to
https://github.com/admiyo/keystone/tree/ldap2
>>>    Unit tests pass against fakeldap, with the exception of the ones
that check for uniqueness.  I suspect that is supposed to be enforced by
SLAPD
>>>    I am working on getting the scheme documented for the LDAP server,
and for prepopulating Roles.
>>>    Authentication against a live LDAP server works.  Roles and Tenants
are currently ignored.  Getting the schema straight needs to happen first.
>>>    Should have working code in the next day or two.
>>>
>>> BUGS:
>>>
>>> We've been tagging bugs as "redux" that are against the rewrite.  You
can view the full list at full bug list at
https://bugs.launchpad.net/keystone/+bugs?field.tag=redux  We marked bugs
that are needed to land before this merge as CRITICAL, and before E4 as
HIGH.
>>>
>>> Post Merge:
>>>
>>> After merge we will continue improving Keystone, specifically:
>>>
>>>  * Target critical/high bugs for E4
>>>  * Work with downstream/packagers on changes needed for their distros
>>>  * Work with tempest on test coverage
>>>  * Another pass through the bugs & blueprints to update the state
>>>
>>> Thanks to all the contributors to the rewrite:
>>>
>>> Andy Smith
>>> Anthony Young
>>> Brian Waldon
>>> Chmouel Boudjnah
>>> Chuck Short
>>> Dean Troyer
>>> Devin Carlen
>>> Dolph Mathews
>>> James E. Blair
>>> Jesse Andrews
>>> Joe Heck
>>> Justin Santa Barbara
>>> Monty Taylor
>>> Vishvananda Ishaya
>>>
>>> HOYOOO!
>>>
>>>
>>> p.s. wubwubwubSKREEEEwubwub
>>>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

References