Open Stack

----- Original Message -----
> From: Julien Vey < vey.julien at gmail.com >
> Reply-To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org >
> Date: Thursday, February 13, 2014 7:18 AM
> To: "OpenStack Development Mailing List (not for usage questions)" <
> openstack-dev at lists.openstack.org >
> Subject: Re: [openstack-dev] [Solum] Question about Zuul's role in Solum
> 
> 
> 
> 
> Hi,
> 
> I have some concerns about using Zuul in Solum
> 
> 
> 
> 
> I agree gating is a great feature but it is not useful for every project and
> as Adrian said, not understood by everyone.
> I think many Solum users, and PaaS users in general, are
> single-project/single-build/simple git worklow and do not care about gating.
> 
> Agreed, this is my major concern, I also think majority of users will be
> after quick app creation from a single git repository. For those people
> having to jump through any additional hoops around gating will give them a
> barrier that will cause them to evaluate if this is the right solution for
> them.
> 
> 
> 
> 
> 
> I see 2 drawbacks with Zuul :
> - Tenant Isolation : How do we allow access on zuul (and jenkins) for a
> specific tenant in isolation to the others tenants using Solum.
> 
> Tenant isolation is a big problem for service providers, but maybe not for
> enterprises running their own Openstack/Solum.
> 
> 
> 
> 
> - Build customization : One of the biggest advantage of Jenkins is its
> ecosystem and the many build customization it offers. Using zuul will
> prohibit this.
> 
> 
> Agreed. If we make CI/CD pluggable and provide two reference implementations
> showing both use cases ( which should be achievable with M1 workflow ).
> 
> * `if it builds its good` and provide example code repos that use travisCI we
> can show external tooling CI/CD workflow. [1]
> * full code gating functionality of Gerrit->Zuul->Solum. I see this as
> external to the core of Solum with the user's source control being the
> middleware, but could be something that solum could assist with building (
> provide heat template ). [2]
> 
> [1] attached Solum-M1.png
> [2] attached Solum-Gerrit.png
> 
> 
> 
> 
> 
> About Gerrit, I think it is also a little too much. Many users have their own
> reviewing system, Pull requests with github, bitbucket or stash, their own
> instance of gerrit, or even a custom git workflow.
> Gerrit would be a great feature for future versions of Solum. but only as an
> optionnal one, we should not force people into it.
> 
> Agreed. The M1 workflow should make it easy to provide examples of plugging
> in common external CI/CD tooling, or running your own Gerrit+Zuul.
> 
> Using a gating system like Gerrit/Zuul could make for some very interesting
> advanced testing, for example one of the tests run could be to hit the solum
> API and deploy the application to it and provide the URL to reviewers, then
> when the code is merged it can kill that test. But this is just as doable as
> an pluggable integration as it is tightly coupling Zuul to solum.

I think it's worth noting that the things Zuul can do (outside of gating or being dependent on Gerrit) is allow a reasonable extensible workflow solution for source -> outcome flows.  We should be careful to separate the value zuul brings as part of a Solum/OpenStack deployment (not inventing an extensible workflow story for source) out from gating.  

I agree with the statement that we should not tightly couple Zuul to Solum.  The M1 workflow does not necessarily need to require zuul if the right interaction points (which Zuul would require anyway) are exposed for a much simpler solution.  However, it would be a mistake to build a simple service now and then to continue to expand it until it looks a lot like Zuul without making effort to improve Zuul's multi tenancy, customizability, and extensibility stories.  There are certainly pieces of Zuul that don't apply to most Solum workflows - it's just that we have to resist the temptation to create a standalone solution for source -> outcome flows outside of Zuul.

Simple, practical, example solution for M1 without gating?  Good.
Building a zuul equivalent?  Bad.
Demonstrating a simple integration with Solum build flows that proves out Solum endpoints for receiving updates about new deployment units being available?  Good.

> 
> This also gives service providers a good way to productize Solum to different
> ( or learning ) audiences. Assuming a service provider creates a product
> based off Solum called 'Bananas' they could offer
> 
> * 'Banana Lite' which will simply deploy an app ( single instance free, pay
> for more ) from a git-push/git-pull. Only gating is 'did the build succeed'
> * 'Banana Pro' Adds basic CI/CD flow ( Solum calls into a test framework as
> part of the Build )
> * 'Banana Enterprise' Provides full code review, git hosting, automated
> testing (via Gerrit+github Enterprise), deploy to test instance, deploy App.
> 
> 
> 
> 
> 
> Julien
> 
> 2014-02-13 5:47 GMT+01:00 Clark Boylan < clark.boylan at gmail.com > :
> 
> 
> 
> On Wed, Feb 12, 2014 at 7:25 PM, Noorul Islam K M < noorul at noorul.com >
> wrote:
> > "devdatta kulkarni" < devdatta.kulkarni at rackspace.com > writes:
> > 
> >> Hi,
> >> 
> >> I have been looking at Zuul for last few days and had a question
> >> about its intended role within Solum.
> >> 
> >> From what I understand, Zuul is a code gating system.
> >> 
> >> I have been wondering if code gating is something we are considering as a
> >> feature
> >> to be provided in Solum? If yes, then Zuul is a perfect fit.
> >> But if not, then we should discuss what benefits do we gain by using Zuul
> >> as an integral part of Solum.
> >> 
> >> It feels to me that right now we are treating Zuul as a conduit for
> >> triggering job(s)
> >> that would do the following:
> >> - clone/download source
> >> - run tests
> >> - create a deployment unit (DU) if tests pass
> >> - upload DU to glance
> >> - trigger the DU deployment workflow
> >> 
> >> In the language-pack working group we have talked about being able to do
> >> CI on the submitted code and building the DUs only after tests pass.
> >> Now, there is a distinction between doing CI on merged code vs.
> >> doing it before code is permanently merged to master/stable branches.
> >> The latter is what a 'code gating' system does, and Zuul is a perfect fit
> >> for this.
> >> For the former though, using a code gating system is not be needed.
> >> We can achieve the former with an API endpoint, a queue,
> >> and a mechanism to trigger job(s) that perform above mentioned steps.
> >> 
> >> I guess it comes down to Solum's vision. If the vision includes
> >> supporting, among other things, code gating
> >> to ensure that Solum-managed code is never broken, then Zuul is a perfect
> >> fit.
> >> Of course, in that situation we would want to ensure that the gating
> >> functionality is pluggable
> >> so that operators can have a choice of whether to use Zuul or something
> >> else.
> >> But if the vision is to be that part of an overall application lifecycle
> >> management flow which deals with
> >> creation and scaling of DUs/plans/assemblies but not necessarily be a code
> >> gate, then we should re-evaluate Zuul's role
> >> as an integral part of Solum.
> >> 
> >> Thoughts?
> >> 
> > 
> > Is Zuul tightly couple with launchpad? I see that most of the
> > information that it displays is coming from launchpad.
> > 
> > If it is, is it a good idea to force launchpad on users?
> > 
> > Regards,
> > Noorul
> > 
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> I can't think of any places that Zuul requires launchpad (or displays
> launchpad info for that matter). It is a bit coupled to Gerrit on one
> end and Gearman on the other, but not in an extreme way (the use of
> Gearman makes a bunch of sense imo, but having additional triggers
> instead of just Gerrit sounds great to me).
> 
> Clark
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>