[openstack-dev] [Neutron] Service Type Framework implementation

Nachi Ueno nachi at ntti3.com
Tue Jul 9 21:37:01 UTC 2013


Hi folks

Replied Inline

2013/7/9 Salvatore Orlando <sorlando at nicira.com>:
> Some comments inline.
>
> Salvatore
>
>
> On 9 July 2013 21:58, Eugene Nikanorov <enikanorov at mirantis.com> wrote:
>>
>> Nachi,
>>
>> I think that dynamic loading/preloaded modules/REST api analogs of nova
>> flavor is a bit too forward looking in comparison to what I'm trying to
>> solve right now with existing patch.
>
>
> Besides, the real issue with this approach is that neutron would be lending
> itself to any sort of security exploit. I am not a security expert, so feel
> free to disagree if you want.
> I would just prefer to not see dynamic loading of python modules of values
> which are stored in the db; not in this release, not in the next one.

We have two suboption for db api based solution

Option3. DB API + Dynamic module load (many guys are saying no for this option3)
https://docs.google.com/presentation/d/1v0nLTEsFOwWeYpYjpw4qe3QHB5lLZEE_b0TmmR5b7ic/edit#slide=id.gf0f4e2a2_1163

Option4. REST API + DB with Preload with Conf
https://docs.google.com/presentation/d/1v0nLTEsFOwWeYpYjpw4qe3QHB5lLZEE_b0TmmR5b7ic/edit#slide=id.gf14b7b30_00

so IMO, we can drop  option3.

I believe option4 is easy to implement.

>>
>>
>> I think what really matters is how service providers are referenced from
>> other resources.
>>
>> 1) From logic perspective service provider could be referenced by
>> (service_type, name) as it's unique primary key.
>> 2) From data normalization perspective it's better (and more convenient)
>> to have an unique ID in resource provider model.
>
>
> Adding another primary key were you already identified a couple of
> attributes which are a primary key is actually, from what I recall from my
> studies, de-normalization.
> Sorry, this was just pedant me talking. Feel free to ignore.
>
>>
>> Obviously having ID works for DB implementation and doesn't work for
>> in-memory implementation.
>> In other words, we can't use ID if we go with in-memory implementation.
>
>
> You could, but it would not make a lot of sense; and you would have to store
> those ids somewhere anyway; so - no it's not a good idea.
>
> When you associate an instance of a service to a provider, you might think
> that the fact that they key is (type, name) will force you to use two
> attributes. This would be true if you think about the corresponding E-R
> model. However, in the case of the APIs we're dealing with, the resource
> type itself identifies the first bit of the (type, name) pair. So one might
> as well associate only the service provider name to the service instance.
>
>>
>> 3) From data modelling perspective it's better to have ID in service
>> provider model as referencing models will be simpler and easier to maintain.
>> 4) From CLI perspective it's more convenient if resource has ID, it's a
>> common way of specifying resource.
>
>
> We already clarified that for referencing items in the CLI (or horizon) we
> can use either name or id. It's a consolidated practice in both of them.
>
>>
>> 5) From user perspective it's more convenient to specify the name of
>> service provider.
>> But that is usually solved either by Horizon or by cli, like it's done for
>> networks/subnets where name of the object is specified.
>>
>> Resuming all this I see significant benefits of using ID (and hence, db
>> implementation) over not using it.
>> Also, I don't think storing immutable data in db is any kind of a bad
>> design: it's just a storage anyway.
>
>
> As Mark has rightly pointed out, it's generally not a great idea to store
> configuration data in the db.
> However in this case it is worth mentioning that the data in the db is
> exactly the same as the data in the config files.

If same data are stored in the multiple place, IMO it is not good idea.
In current implementation, the data is stored in DB + on each neutron
servers conf.
Who's master in this case??
In current implementation, recent load of conf wins, so it could be
disaster for operators.

(I draw figure for this case)
https://docs.google.com/presentation/d/1v0nLTEsFOwWeYpYjpw4qe3QHB5lLZEE_b0TmmR5b7ic/edit#slide=id.gf0f4e2a2_1136


>>
>> DB storage offers better integration with other objects stored in db, and
>> saves some code lines doing stuff which DB normally does.
>> That lines will stack up in case we add more objects (like service
>> offerings) on top of in-memory storage.

so how about this option?

Option4. REST API + DB with Preload with Conf
https://docs.google.com/presentation/d/1v0nLTEsFOwWeYpYjpw4qe3QHB5lLZEE_b0TmmR5b7ic/edit#slide=id.gf14b7b30_00

Best
Nachi

>
>>
>> Thanks,
>> Eugene.
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jul 9, 2013 at 11:00 PM, Nachi Ueno <nachi at ntti3.com> wrote:
>>>
>>> Hi Eugene
>>>
>>> I agree for dynamic loading is difficult to implement.
>>> (mainly for security perspective)
>>>
>>> Salvatore looks clearly for no for dynamic loading.
>>>
>>> So I added another option.
>>> how about have list of preloaded module in the conf?
>>> and setup service type from REST API such as nova flavor api
>>>
>>>
>>> https://docs.google.com/presentation/d/1v0nLTEsFOwWeYpYjpw4qe3QHB5lLZEE_b0TmmR5b7ic/edit#slide=id.gf14b7b30_00
>>>
>>> NOTE: I updated the style of doc
>>>
>>> Best
>>> Nachi
>>>
>>>
>>> 2013/7/9 Eugene Nikanorov <enikanorov at mirantis.com>:
>>> > Hi Nachi,
>>> >
>>> > I agree on the future plan.
>>> > However, dynamic loading/unloading of provider drivers will require
>>> > additional code in service plugins, I'm not sure this will be fully
>>> > supported in Havana (while I'm totally agree on implementing it)
>>> >
>>> > Thanks,
>>> > Eugene.
>>> >
>>> >
>>> > On Tue, Jul 9, 2013 at 3:40 AM, Nachi Ueno <nachi at ntti3.com> wrote:
>>> >>
>>> >> Hi Eugene
>>> >>
>>> >> It still not make sense for me to store static configuration on the DB
>>> >> just for easy implementation.
>>> >> However if the service type will support creation and deletion REST
>>> >> api in future, I would like to approve this patch
>>> >> as a first step of it.
>>> >> You answered "I think it's doable but I'd still consider current
>>> >> implementation as a first step - enikanorov. "
>>> >> in the googled docs. so I believe we are in the same boat now.
>>> >>
>>> >> I wanna make it clear future work.
>>> >>
>>> >> - Service Type REST API (for admin) will add supports
>>> >>   - Ceate Service Type
>>> >>   - Delete Service Type
>>> >>  -  Each driver users will lazy load the library if it is not loaded.
>>> >>     (may be this should be implemented on service side such as FW,
>>> >> LBaaS,VPN)
>>> >>
>>> >> - Remove service type configuration from conf
>>> >>
>>> >> Is this OK for you guys?
>>> >>
>>> >> Thanks
>>> >> Nachi
>>> >>
>>> >>
>>> >> 2013/7/8 Eugene Nikanorov <enikanorov at mirantis.com>:
>>> >> > Hi neutron folks,
>>> >> >
>>> >> > There has been a discussion around this patch
>>> >> > https://review.openstack.org/#/c/29750/ that introduces
>>> >> > configuration
>>> >> > options and db table for storing service providers.
>>> >> >
>>> >> > The discussion is about whether we should store configuration in the
>>> >> > db
>>> >> > or
>>> >> > not.
>>> >> > The brief of discussion has been saved here:
>>> >> >
>>> >> >
>>> >> > https://docs.google.com/presentation/d/1v0nLTEsFOwWeYpYjpw4qe3QHB5lLZEE_b0TmmR5b7ic/edit#slide=id.gefc32ecf_00
>>> >> > Please share your thoughts on this.
>>> >> >
>>> >> > While we may continue to discuss the best approach to this, I'd like
>>> >> > to
>>> >> > see
>>> >> > the patch to be committed first (it seems to be ready) as there are
>>> >> > other
>>> >> > features depending on it (NSX distributed router, lbaas, fwaas and
>>> >> > vpnaas
>>> >> > possibly).
>>> >> >
>>> >> >
>>> >> > Thanks,
>>> >> > Eugene.
>>> >> >
>>> >> > _______________________________________________
>>> >> > OpenStack-dev mailing list
>>> >> > OpenStack-dev at lists.openstack.org
>>> >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>> >> >
>>> >>
>>> >> _______________________________________________
>>> >> OpenStack-dev mailing list
>>> >> OpenStack-dev at lists.openstack.org
>>> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>> >
>>> >
>>> >
>>> > _______________________________________________
>>> > OpenStack-dev mailing list
>>> > OpenStack-dev at lists.openstack.org
>>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>> >
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list