[openstack-dev] [glance][tempest][api] community images, tempest tests, and API stability

Ken'ichi Ohmichi ken1ohmichi at gmail.com
Mon Jan 16 18:02:09 UTC 2017


2017-01-13 9:25 GMT-08:00 Ian Cordasco <sigmavirus24 at gmail.com>:
> -----Original Message-----
> From: Ian Cordasco <sigmavirus24 at gmail.com>
> Reply: Ian Cordasco <sigmavirus24 at gmail.com>
> Date: January 13, 2017 at 08:12:12
> To: OpenStack Development Mailing List (not for usage questions)
> <openstack-dev at lists.openstack.org>
> Subject:  Re: [openstack-dev] [glance][tempest][api] community images,
> tempest tests, and API stability
>
>> And besides "No one uses Glance" [ref: http://lists.openstack.org/pipermail/openstack-dev/2013-February/005758.html]
>
> I was being a bit glib when I wrote this last sentence this morning,
> but in commenting on the Gerrit patch to skip the test in question, I
> realized this is actually far more valid than I realized.
>
> Let's look at the state of Glance v2 and be brutally honest:
>
> Interoperability
>
>     Glance v2 is currently incapable of being truly interoperable between
>     existing publicly accessible clouds. There are two ways to currently
>     upload images to Glance. Work is being done to add a third way that
>     suits the needs of all cloud providers. This introduces further
>     interoperability incompatibility (say *that* three times fast ;)) and
>     honestly, I don't see it being a problem for the next reason.
>
>     Further, the tasks API presents a huge number of interoperability
>     problems. We've limited that to users with the admin role, but if you
>     have an admin on two clouds operated by different people, there is a
>     good likelihood the tasks will not be the same.
>
>
> v2 deployment and usage
>
>     The best anyone working on Glance can determine, v2 is rarely deployed
>     for users and if it is, it isn't chosen. v2 was written to specifically
>     excise some problematic "features" that some users still rely on. A
>     such, you see conversations even between Glance and *other services*
>     about how to migrate to v2. Nova only recently made the migration. Heat
>     still has yet to do so and I think has only just relented in their
>     desire to avoid it.

Humm, Defcore list contains Glance v2 tests for the interoperability
like https://github.com/openstack/defcore/blob/master/2016.08.json#L1366
# We can see Tempest tests of Glance v2 API by searching "tempest.api.image.v2".
I guess many deployments provide the v2 API today..

> Security Concerns
>
>     There are some serious security issues that will be fixed by this
>     change. If we were to add the backwards compatibility shim that the QA
>     team has suggested repeatedly that we add, we'd be keeping those security
>     issues.

Security issues/problems should be solved as the highest priority.
The progress should be nice if having CVE.

> In short, I feel like the constant refrain from the QA team has been two fold:
>
> - "This will cause interoperability problems"
> - "This is backwards incompatible"
>
> The Glance team has come to terms with this over the course of several
> cycles. I don't think anyone is thrilled about the prospect of
> potentially breaking some users' workflows. If we had been that
> enthusiastic about it, then we simply would have acted on this when it
> was first proposed. It would have completely gone unnoticed except by
> some users. There's no acceptable way (without sacrificing security -
> which let's be clear, is entirely unacceptable) that we can maintain a
> backwards compatibility shim and Glance v2 already has loads of
> interoperability problems. We're working on fixing them, but we're
> also working on fixing the user experience, which is a big part of
> this patch.

I think Glance team has spent time and considering for moving to this
direction and I believe the team will take responsibility if facing
issues on the direction.
Then I also am going to take this way.

Thanks
Ken Ohmichi



More information about the OpenStack-dev mailing list