I've filed a ticket to test Fernet token on the scale lab: https://mirantis.jira.com/browse/MOSS-235
If this feature is not granted FFE we still can configure it manually by changing keystone config. So I think internal how-to document backed-up with scale and bvt testing will allow our deployers to deliver Fernet to our customers. 1 more thing: in the Community this feature is considered experimantal, so maybe setting it as a default is a bit premature? On Mon, Jul 27, 2015 at 2:34 PM, Vladimir Kuklin <vkuk...@mirantis.com> wrote: > Folks > > We saw several High issues with how keystone manages regular memcached > tokens. I know, this is not the perfect time as you already decided to push > it from 7.0, but I would reconsider declaring it as FFE as it affects HA > and UX poorly. If we can enable tokens simply by altering configuration, > let's do it. I see commit for this feature is pretty trivial. > > On Fri, Jul 24, 2015 at 9:27 AM, Mike Scherbakov <mscherba...@mirantis.com > > wrote: > >> Fuel Library team, I expect your immediate reply here. >> >> I'd like upgrades team to take a look at this one, as well as at the one >> which moves Keystone under Apache, in order to check that there are no >> issues here. >> >> -1 from me for this time in the cycle. I'm concerned about: >> >> 1. I don't see any reference to blueprint or bug which explains (with >> measurements) why we need this change in reference architecture, and what >> are the thoughts about it in puppet-openstack, and OpenStack Keystone. We >> need to get datapoints, and point to them. Just knowing that Keystone team >> implemented support for it doesn't yet mean that we need to rush in >> enabling this. >> 2. It is quite noticeable change, not a simple enhancement. I >> reviewed the patch, there are questions raised. >> 3. It doesn't pass CI, and I don't have information on risks >> associated, and additional effort required to get this done (how long >> would >> it take to get it done) >> 4. This feature increases complexity of reference architecture. Now >> I'd like every complexity increase to be optional. I have feedback from >> the >> field, that our prescriptive architecture just doesn't fit users' needs, >> and it is so painful to decouple then what is needed vs what is not. Let's >> start extending stuff with an easy switch, being propagated from Fuel >> Settings. Is it possible to do? How complex would it be? >> >> If we get answers for all of this, and decide that we still want the >> feature, then it would be great to have it. I just don't feel that it's >> right timing anymore - we entered FF. >> >> Thanks, >> >> On Thu, Jul 23, 2015 at 11:53 AM Alexander Makarov <amaka...@mirantis.com> >> wrote: >> >>> Colleagues, >>> >>> I would like to request an exception from the Feature Freeze for Fernet >>> tokens support added to the fuel-library in the following CR: >>> https://review.openstack.org/#/c/201029/ >>> >>> Keystone part of the feature is implemented in the upstream and the >>> change impacts setup configuration only. >>> >>> Please, respond if you have any questions or concerns related to this >>> request. >>> >>> Thanks in advance. >>> >>> -- >>> Kind Regards, >>> Alexander Makarov, >>> Senior Software Developer, >>> >>> Mirantis, Inc. >>> 35b/3, Vorontsovskaya St., 109147, Moscow, Russia >>> >>> Tel.: +7 (495) 640-49-04 >>> Tel.: +7 (926) 204-50-60 >>> >>> Skype: MAKAPOB.AJIEKCAHDP >>> >>> __________________________________________________________________________ >>> OpenStack Development Mailing List (not for usage questions) >>> Unsubscribe: >>> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >>> >> -- >> Mike Scherbakov >> #mihgen >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> openstack-dev-requ...@lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> >> > > > -- > Yours Faithfully, > Vladimir Kuklin, > Fuel Library Tech Lead, > Mirantis, Inc. > +7 (495) 640-49-04 > +7 (926) 702-39-68 > Skype kuklinvv > 35bk3, Vorontsovskaya Str. > Moscow, Russia, > www.mirantis.com <http://www.mirantis.ru/> > www.mirantis.ru > vkuk...@mirantis.com > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > -- Kind Regards, Alexander Makarov, Senior Software Developer, Mirantis, Inc. 35b/3, Vorontsovskaya St., 109147, Moscow, Russia Tel.: +7 (495) 640-49-04 Tel.: +7 (926) 204-50-60 Skype: MAKAPOB.AJIEKCAHDP
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev