Open Stack

On Fri, May 29, 2015 at 9:55 AM, Fox, Kevin M <Kevin.Fox at pnnl.gov> wrote:
> As an Op, I really
> really want to replace one image with a new one atomically with security
> updates preapplied. Think shellshock, ghost, etc. It will be basically be
> the same exact image as before, but patched.

On Fri, May 29, 2015 at 11:16 AM, Georgy Okrokvertskhov
<gokrokvertskhov at mirantis.com> wrote:
> I believe that current app store approach uses only image name rather then
> ID. So you can replace image with a new one without affecting application
> definitions.

In my opinion this is a pretty serious shortcoming with the app
catalog as it stands right now.  There's no concept of versions for
catalog assets, only whatever is put in with the asset name.  It's not
obvious when the binary component of an asset has been replaced for
instance.  Maybe the latest one has the security updates applied,
maybe it doesn't?  If you are watching the repo you might catch it,
but that's not very use friendly.  We are also unable to account for
duplicate names currently (i.e. no protection against having two
identically named glance images).

I think the easiest way to handle at least the versions is by
including additional information in the metadata.  If we eventually
switch to using the artifacts implementation in glance, I think some
of this is resolved, but a switch like that is a long way off.  Any
thoughts on what we could do in the near term?

-Christopher