Zookeeper to MongoDB transition
Gustavo Niemeyer
gustavo.niemeyer at canonical.com
Thu Jun 14 00:28:09 UTC 2012
On Wed, Jun 13, 2012 at 9:05 PM, Clint Byrum <clint at ubuntu.com> wrote:
> I'm actually entirely on board with replacing ZooKeeper. When I first
> heard talk of replacing it, I was a bit surprised. But having looked
> at the current weaknesses in juju, I think almost all of them stem from
> the tight coupling with ZooKeeper.
Not to overuse the word, but this is awesome. I see we're totally in
sync, even though we haven't spoken a lot about this.
> Just to be clear these weaknesses are:
>
> * Poor transport level security for the client, leading to the current
> sub-optimal SSH forwarding technique
> * "The topology node"
> * Lack of transport level security for agents
These will be sorted out on the initial phase, while we replace zk
with mongo but maintain agents communicating directly to the database
as a coordination mechanism.
> * No concept of Identification, Authentication, or Authorization in
> juju itself (relying again on SSH for this)
> * Lack of Access Controls for individual agents
These will be solved in the second phase, when we slice off the API
and put the HTTP layer in the middle. Then we can enrich the access
control logic for the clients with application-level authentication
and authorization for specific information and actions.
> By making sure all of the links between distributed bits of the system
> are based on a juju API, not a MongoAPI or a ZooKeeper API, we'll be
> able to address these and other weaknesses that we don't even know about.
Big +1.
gustavo @ http://niemeyer.net
More information about the Juju-dev
mailing list