Open Stack

-----Original Message-----
From: Ian Cordasco <sigmavirus24 at gmail.com>
Reply: Ian Cordasco <sigmavirus24 at gmail.com>
Date: January 13, 2017 at 08:12:12
To: OpenStack Development Mailing List (not for usage questions)
<openstack-dev at lists.openstack.org>
Subject:  Re: [openstack-dev] [glance][tempest][api] community images,
tempest tests, and API stability

> And besides "No one uses Glance" [ref: http://lists.openstack.org/pipermail/openstack-dev/2013-February/005758.html]

I was being a bit glib when I wrote this last sentence this morning,
but in commenting on the Gerrit patch to skip the test in question, I
realized this is actually far more valid than I realized.

Let's look at the state of Glance v2 and be brutally honest:

Interoperability

    Glance v2 is currently incapable of being truly interoperable between
    existing publicly accessible clouds. There are two ways to currently
    upload images to Glance. Work is being done to add a third way that
    suits the needs of all cloud providers. This introduces further
    interoperability incompatibility (say *that* three times fast ;)) and
    honestly, I don't see it being a problem for the next reason.

    Further, the tasks API presents a huge number of interoperability
    problems. We've limited that to users with the admin role, but if you
    have an admin on two clouds operated by different people, there is a
    good likelihood the tasks will not be the same.


v2 deployment and usage

    The best anyone working on Glance can determine, v2 is rarely deployed
    for users and if it is, it isn't chosen. v2 was written to specifically
    excise some problematic "features" that some users still rely on. A
    such, you see conversations even between Glance and *other services*
    about how to migrate to v2. Nova only recently made the migration. Heat
    still has yet to do so and I think has only just relented in their
    desire to avoid it.


Security Concerns

    There are some serious security issues that will be fixed by this
    change. If we were to add the backwards compatibility shim that the QA
    team has suggested repeatedly that we add, we'd be keeping those security
    issues.


In short, I feel like the constant refrain from the QA team has been two fold:

- "This will cause interoperability problems"
- "This is backwards incompatible"

The Glance team has come to terms with this over the course of several
cycles. I don't think anyone is thrilled about the prospect of
potentially breaking some users' workflows. If we had been that
enthusiastic about it, then we simply would have acted on this when it
was first proposed. It would have completely gone unnoticed except by
some users. There's no acceptable way (without sacrificing security -
which let's be clear, is entirely unacceptable) that we can maintain a
backwards compatibility shim and Glance v2 already has loads of
interoperability problems. We're working on fixing them, but we're
also working on fixing the user experience, which is a big part of
this patch.

--
Ian Cordasco