Re: [openstack-dev] [all] etcd3 as base service - update

On 06/09/2017 11:12 AM, Lance Bragstad wrote: I should have clarified. The idea was to put the keys used to encrypt and decrypt the tokens in etcd so that synchronizing the repository across a cluster for keystone nodes is easier for operators (but not without other operator pain as Kevin

Re: [openstack-dev] [all] etcd3 as base service - update

On Fri, Jun 9, 2017 at 11:17 AM, Clint Byrum wrote: > Excerpts from Lance Bragstad's message of 2017-06-08 16:10:00 -0500: > > On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi > wrote: > > > > > On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad

Re: [openstack-dev] [all] etcd3 as base service - update

Excerpts from Lance Bragstad's message of 2017-06-08 16:10:00 -0500: > On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi wrote: > > > On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad > > wrote: > > > After digging into etcd a bit, one place this might be help

Re: [openstack-dev] [all] etcd3 as base service - update

On Fri, Jun 9, 2017 at 9:57 AM, Mike Bayer wrote: > > > On 06/08/2017 01:34 PM, Lance Bragstad wrote: > >> After digging into etcd a bit, one place this might be help deployer >> experience would be the handling of fernet keys for token encryption in >> keystone. Currently,

Re: [openstack-dev] [all] etcd3 as base service - update

On 09/06/17 10:57 AM, Mike Bayer wrote: > Interesting, I had the mis-conception that "fernet" keys no longer > required any server-side storage (how is "kept-on-disk" now > implemented?) . We've had continuous issues with the pre-fernet > Keystone tokens filling up databases, even when

Re: [openstack-dev] [all] etcd3 as base service - update

On 06/08/2017 04:24 PM, Julien Danjou wrote: On Thu, Jun 08 2017, Mike Bayer wrote: So I wouldn't be surprised if new / existing openstack applications express some gravitational pull towards using it as their own datastore as well. I'll be trying to hang onto the etcd3 track as much as

Re: [openstack-dev] [all] etcd3 as base service - update

On 06/08/2017 01:34 PM, Lance Bragstad wrote: After digging into etcd a bit, one place this might be help deployer experience would be the handling of fernet keys for token encryption in keystone. Currently, all keys used to encrypt and decrypt tokens are kept on disk for each keystone node

Re: [openstack-dev] [all] etcd3 as base service - update

On 09/06/17 12:37 AM, Joshua Harlow wrote: > My thinking is that people should look over https://raft.github.io/ or > http://thesecretlivesofdata.com/raft/ (or both or others...) > this was really useful. thanks for this! love how they described it so simply with visuals. spend a few minutes

Re: [openstack-dev] [all] etcd3 as base service - update

Julien Danjou wrote: On Thu, Jun 08 2017, Mike Bayer wrote: So far I've seen a proposal of etcd3 as a replacement for memcached in keystone, and a new dogpile connector was added to oslo.cache to handle referring to etcd3 as a cache backend. This is a really simplistic / minimal kind of use

Re: [openstack-dev] [all] etcd3 as base service - update

On Thu, Jun 8, 2017 at 3:21 PM, Emilien Macchi wrote: > On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad > wrote: > > After digging into etcd a bit, one place this might be help deployer > > experience would be the handling of fernet keys for token

Re: [openstack-dev] [all] etcd3 as base service - update

On Thu, Jun 8, 2017 at 4:07 PM, Drew Fisher wrote: > > > On 6/7/17 4:47 AM, Davanum Srinivas wrote: >> Team, >> >> Here's the update to the base services resolution from the TC: >> https://governance.openstack.org/tc/reference/base-services.html >> >> First request is to

Re: [openstack-dev] [all] etcd3 as base service - update

See the footer at the bottom of this email. From: jimi olugboyega [jimiolugboy...@gmail.com] Sent: Thursday, June 08, 2017 1:19 PM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [all] etcd3 as base service - update

Re: [openstack-dev] [all] etcd3 as base service - update

hmm... a very interesting question I would think control plane only. Thanks, Kevin From: Drew Fisher [drew.fis...@oracle.com] Sent: Thursday, June 08, 2017 1:07 PM To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [all] etcd3 as base

Re: [openstack-dev] [all] etcd3 as base service - update

On Thu, Jun 08 2017, Mike Bayer wrote: > So far I've seen a proposal of etcd3 as a replacement for memcached in > keystone, and a new dogpile connector was added to oslo.cache to handle > referring to etcd3 as a cache backend. This is a really simplistic / minimal > kind of use case for a

Re: [openstack-dev] [all] etcd3 as base service - update

On Thu, Jun 8, 2017 at 7:34 PM, Lance Bragstad wrote: > After digging into etcd a bit, one place this might be help deployer > experience would be the handling of fernet keys for token encryption in > keystone. Currently, all keys used to encrypt and decrypt tokens are kept

Re: [openstack-dev] [all] etcd3 as base service - update

Hello all, I am wondering how I can unsubscribe from this mailing list. Regards, Olujimi Olugboyega. On Wed, Jun 7, 2017 at 3:47 AM, Davanum Srinivas wrote: > Team, > > Here's the update to the base services resolution from the TC: >

Re: [openstack-dev] [all] etcd3 as base service - update

On 6/7/17 4:47 AM, Davanum Srinivas wrote: > Team, > > Here's the update to the base services resolution from the TC: > https://governance.openstack.org/tc/reference/base-services.html > > First request is to Distros, Packagers, Deployers, anyone who > installs/configures OpenStack: > Please

Re: [openstack-dev] [all] etcd3 as base service - update

to install/maintain. From: Lance Bragstad [lbrags...@gmail.com] Sent: Thursday, June 08, 2017 10:34 AM To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [all] etcd3 as base service - update After digging into etcd a bit, one

Re: [openstack-dev] [all] etcd3 as base service - update

After digging into etcd a bit, one place this might be help deployer experience would be the handling of fernet keys for token encryption in keystone. Currently, all keys used to encrypt and decrypt tokens are kept on disk for each keystone node in the deployment. While simple, it requires

Re: [openstack-dev] [all] etcd3 as base service - update

On 06/08/2017 12:47 AM, Joshua Harlow wrote: So just out of curiosity, but do people really even know what etcd is good for? I am thinking that there should be some guidance from folks in the community as to where etcd should be used and where it shouldn't (otherwise we just all end up in a

Re: [openstack-dev] [all] etcd3 as base service - update

Josh, Of the initial targets, we have covered the use of tooz and oslo.cache with etcd already. One thing that remains is Jay's os-lively PoC [1]. So +1 to more knowledgeable folks chiming in with stuff that can be done and other scenarios. I'll let nature take its course here :) Thanks, Dims

Re: [openstack-dev] [all] etcd3 as base service - update

Joshua Harlow wrote: > So just out of curiosity, but do people really even know what etcd is > good for? I am thinking that there should be some guidance from folks in > the community as to where etcd should be used and where it shouldn't > (otherwise we just all end up in a mess). > > Perhaps a

Re: [openstack-dev] [all] etcd3 as base service - update

So just out of curiosity, but do people really even know what etcd is good for? I am thinking that there should be some guidance from folks in the community as to where etcd should be used and where it shouldn't (otherwise we just all end up in a mess). Perhaps a good idea to actually give

Re: [openstack-dev] [all] etcd3 as base service - update

One clarification: Since https://pypi.python.org/pypi/etcd3gw just uses the HTTP API (/v3alpha) it will work under both eventlet and non-eventlet environments. Thanks, Dims On Wed, Jun 7, 2017 at 6:47 AM, Davanum Srinivas wrote: > Team, > > Here's the update to the base

[openstack-dev] [all] etcd3 as base service - update

Team, Here's the update to the base services resolution from the TC: https://governance.openstack.org/tc/reference/base-services.html First request is to Distros, Packagers, Deployers, anyone who installs/configures OpenStack: Please make sure you have latest etcd 3.x available in your