Disable mouse pointer acceleration and scroll wheel acceleration in OS X

I use Linux, Windows, and OS X on a regular basis, and I find it frustrating when one platform forces me to interact with it differently than the others (i.e. relearn years of muscle memory I've picked up via PC gaming). Both Linux and Windows offer users fairly robust… »

A retrospective on OpenStack midcycles

OpenStack midcycles are self-organized events where development teams gather in tight knit groups and hold face-to-face discussions. As opposed to the larger design summit events, there are typically no new features or design directions pitched at midcycle events. Instead, we utilize the opportunity to hammer out the final details on… »

OpenStack Newton design summit outcomes for keystone

This is a summary of the discussions, design decisions, goals, and direction that came out of the OpenStack Newton Design Summit in Austin, Texas (spring 2016) with regard to keystone. The Newton release was named after the Newton House, a 7,077 square foot historic building constructed in 1874, and… »

git ready

Get ready to commit, socially. Traditional, branch-based git workflows are effectively anti-social when combined with social code review tools, like Gerrit, where the philosophy of an effective contributor is to share code early and often, long before it's in a "mergeable" state. Branch-based workflows presume that you are a lonely… »

Performance profiling OpenStack services with repoze.profile

As OpenStack services mature and see ever larger workloads in production, we have an increasing need to optimize them for performance. repoze.profile (official documentation) has always been my go-to tool for profiling WSGI applications. Profiling a WSGI application is only really different than profiling a regular function call in… »

OpenStack Mitaka Design Summit outcomes for keystone

This is a summary of the discussions, design decisions, goals, and direction that came out of the OpenStack Mitaka Design Summit in Tokyo, Japan (fall 2015) with regard to keystone. Token formats Priti Desai and Brad Pokorny kicked off the technical discussions with an absolutely fantastic deep dive on keystone's… »

Deploying domain-specific identity drivers in OpenStack keystone

As of the Juno release, Keystone supports the ability to back each identity domain with a distinct driver configuration. So, for example, you can back one domain with LDAP, one with your own proprietary driver, and all the rest with keystone's default SQL backend. This has previously been nicknamed multi-domain… »

PEP257: Good Python docstrings by example

Following in the spirit of PEP 8, which is a style guide for Python code itself, the lesser-known PEP 257 establishes similar high-level conventions for docstrings. The module below attempts to illustrate by example. Hopefully this will be easier to grok than reading the PEP itself. Wondering if you're own… »

Peeking inside OpenStack keystone Fernet token payloads

I've been asked several times now how to go about peeking into the payloads of Fernet tokens, rather than just deconstructing the high-level token structure. They're not quite as straightforward as PKI, where a simple Base64 decoding will get you quite far, nor as opaque and lifeless as UUID tokens.… »

Solarized Black

Solarized Black is a fork of Ethan Schoonover's popular Solarized Dark color scheme that makes one minor tweak to the color palette: the dark teal background color (Base03: #002b36) is swapped for black (Base03: #000000). The result is a higher contrast color scheme that's easier on the eyes, especially when… »

OpenStack Keystone Fernet tokens

Fernet is a secure messaging format explicitly designed for use in API tokens by Heroku. They address many of the same problems that OpenStack faces, and make some of the same design considerations that have already appeared in the OpenStack community. They're non-persistent, lightweight, and reduce the operational overhead required… »

The OpenStack Keystone service catalog

The OpenStack Keystone service catalog allows API clients to dynamically discover and navigate to cloud services. The service catalog may differ from deployment-to-deployment, user-to-user, and tenant-to-tenant. The service catalog is the first hurdle that API consumers will need to grok after successfully authenticating with Keystone, making it a critical focal… »

The anatomy of OpenStack Keystone token formats

Tokens in Keystone are generally composed of a number of technologies layered together. All tokens can be deconstructed into at least two layers: a payload which is wrapped in some transport format. The payload provides attributes such as uniqueness, identity, and authorization context. The transport format provides the necessary packaging… »

Benchmarking OpenStack Keystone token formats

tl;dr: PKI and PKIZ tokens are slower than UUID tokens, and based on the June 2015 update, Fernet tokens are faster to create than UUID tokens (but also way slower to validate). The simplest token format in Keystone today is that of UUID tokens: they're randomly generated 32 character… »

Bacon-wrapped jalapeƱo dove poppers

Yep, you read that right. I scoffed at the idea of these a bit at first, because I didn't think any of the dove's flavor would come through after wrapping them in bacon and slathering them in cream cheese, but, to my surprise, the whole thing works really well. I… »

Single- vs multi-tenant clouds

It's hard to standardize on the broader definition of single-tenant versus multi-tenant clouds because everyone seems to disagree on the definition "tenant" (naturally, I'll blame the marketing folks). Everyone can agree that "tenancy" refers to resource isolation. My application does not know that your application exists. My application cannot steal… »

OpenStack Kilo Design Summit outcomes

This is a summary of the discussions, design decisions, goals, and direction that came out of the OpenStack Juno Design Summit in Paris (fall 2014). Unlike my previous design summit adventures, which were primarily focused on Keystone (I'll leave that to Morgan Fainberg to cover), I'm making an attempt to… »

Hierarchical multitenancy

Welcome to the biggest, scariest word in OpenStack. Please don't run away (yet, anyway). Background Keystone's original model for multitenancy was entirely flat: tenants had no relation to one another whatsoever. In Grizzly, we renamed tenants in our API to projects and introduced the concept of domains to serve as… »

Responsibilities of an OpenStack program technical lead (PTL)

This is my perspective on the responsibilities of an OpenStack PTL. These responsibilities are in addition to those which may be delegated to project czars, but it's up to the PTL to ensure that they are all met. Serve as a point of contact to the community. You will receive… »

Responsibilities of OpenStack project czars

Note: This was a model under active discussion during the Juno development cycle (summer 2014), but did not come to fruition in the community. I'm leaving it here for historical reference. While OpenStack PTLs are ultimately accountable for the project as a whole (including the responsibilities outlined below), PTLs have… »