[openstack-dev] Is the pendulum swinging on PaaS layers?

Zane Bitter zbitter at redhat.com
Fri May 19 20:05:10 UTC 2017

On 19/05/17 15:06, Kevin Benton wrote:
>>Don't even get me started on Neutron.[2]
> It seems to me the conclusion to that thread was that the majority of
> your issues stemmed from the fact that we had poor documentation at the
> time.  A major component of the complaints resulted from you
> misunderstanding the difference between networks/subnets in Neutron.

It's true that I was completely off base as to what the various 
primitives in Neutron actually do. (Thanks for educating me!) The 
implications for orchestration are largely unchanged though. It's a 
giant pain that we have to infer implicit dependencies between stuff to 
get them to create/delete in the right order, pretty much independently 
of what that stuff does.

So knowing now that a Network is a layer-2 network segment and a Subnet 
is... effectively a glorified DHCP address pool, I understand better why 
it probably seemed like a good idea to hook stuff up magically. But at 
the end of the day, I still can't create a Port until a Subnet exists, I 
still don't know what Subnet a Port will be attached to (unless the user 
specifies it explicitly using the --fixed-ip option... regardless of 
whether they actually specify a fixed IP), and I have no way in general 
of telling which Subnets can be deleted before a given Port is and which 
will fail to delete until the Port disappears.

> There are some legitimate issues in there about the extra routes
> extension being replace-only and the routers API not accepting a list of
> interfaces in POST.  However, it hardly seems that those are worthy of
> "Don't even get me started on Neutron."


> It would be nice if you could write up something about current gaps that
> would make Heat's life easier, because a large chunk of that initial
> email is incorrect and linking to it as a big list of "issues" is
> counter-productive.

Yes, agreed. I wish I had a clean thread to link to. It's a huge amount 
of work to research it all though.


> On Fri, May 19, 2017 at 7:36 AM, Zane Bitter <zbitter at redhat.com
> <mailto:zbitter at redhat.com>> wrote:
>     On 18/05/17 20:19, Matt Riedemann wrote:
>         I just wanted to blurt this out since it hit me a few times at the
>         summit, and see if I'm misreading the rooms.
>         For the last few years, Nova has pushed back on adding
>         orchestration to
>         the compute API, and even define a policy for it since it comes
>         up so
>         much [1]. The stance is that the compute API should expose
>         capabilities
>         that a higher-level orchestration service can stitch together
>         for a more
>         fluid end user experience.
>     I think this is a wise policy.
>         One simple example that comes up time and again is allowing a
>         user to
>         pass volume type to the compute API when booting from volume
>         such that
>         when nova creates the backing volume in Cinder, it passes
>         through the
>         volume type. If you need a non-default volume type for boot from
>         volume,
>         the way you do this today is first create the volume with said
>         type in
>         Cinder and then provide that volume to the compute API when
>         creating the
>         server. However, people claim that is bad UX or hard for users to
>         understand, something like that (at least from a command line, I
>         assume
>         Horizon hides this, and basic users should probably be using Horizon
>         anyway right?).
>     As always, there's a trade-off between simplicity and flexibility. I
>     can certainly understand the logic in wanting to make the simple
>     stuff simple. But users also need to be able to progress from simple
>     stuff to more complex stuff without having to give up and start
>     over. There's a danger of leading them down the garden path.
>         While talking about claims in the scheduler and a top-level
>         conductor
>         for cells v2 deployments, we've talked about the desire to eliminate
>         "up-calls" from the compute service to the top-level controller
>         services
>         (nova-api, nova-conductor and nova-scheduler). Build retries is
>         one such
>         up-call. CERN disables build retries, but others rely on them,
>         because
>         of how racy claims in the computes are (that's another story and why
>         we're working on fixing it). While talking about this, we asked,
>         "why
>         not just do away with build retries in nova altogether? If the
>         scheduler
>         picks a host and the build fails, it fails, and you have to
>         retry/rebuild/delete/recreate from a top-level service."
>     (FWIW Heat does this for you already.)
>         But during several different Forum sessions, like user API
>         improvements
>         [2] but also the cells v2 and claims in the scheduler sessions,
>         I was
>         hearing about how operators only wanted to expose the base IaaS
>         services
>         and APIs and end API users wanted to only use those, which means any
>         improvements in those APIs would have to be in the base APIs (nova,
>         cinder, etc). To me, that generally means any orchestration
>         would have
>         to be baked into the compute API if you're not using Heat or
>         something
>         similar.
>     The problem is that orchestration done inside APIs is very easy to
>     do badly in ways that cause lots of downstream pain for users and
>     external orchestrators. For example, Nova already does some
>     orchestration: it creates a Neutron port for a server if you don't
>     specify one. (And then promptly forgets that it has done so.) There
>     is literally an entire inner platform, an orchestrator within an
>     orchestrator, inside Heat to try to manage the fallout from this.
>     And the inner platform shares none of the elegance, such as it is,
>     of Heat itself, but is rather a collection of cobbled-together hacks
>     to deal with the seemingly infinite explosion of edge cases that we
>     kept running into over a period of at least 5 releases.
>     The get-me-a-network thing is... better, but there's no provision
>     for changes after the server is created, which means we have to
>     copy-paste the Nova implementation into Heat to deal with update.[1]
>     Which sounds like a maintenance nightmare in the making. That seems
>     to be a common mistake: to assume that once users create something
>     they'll never need to touch it again, except to delete it when
>     they're done.
>     Don't even get me started on Neutron.[2]
>     Any orchestration that is done behind-the-scenes needs to be done
>     superbly well, provide transparency for external orchestration tools
>     that need to hook in to the data flow, and should be developed in
>     consultation with potential consumers like Shade and Heat.
>         Am I missing the point, or is the pendulum really swinging away from
>         PaaS layer services which abstract the dirty details of the
>         lower-level
>         IaaS APIs? Or was this always something people wanted and I've just
>         never made the connection until now?
>     (Aside: can we stop using the term 'PaaS' to refer to "everything
>     that Nova doesn't do"? This habit is not helping us to communicate
>     clearly.)
>     cheers,
>     Zane.
>     [1] https://review.openstack.org/#/c/407328/
>     <https://review.openstack.org/#/c/407328/>
>     [2]
>     http://lists.openstack.org/pipermail/openstack-dev/2014-April/032098.html
>     <http://lists.openstack.org/pipermail/openstack-dev/2014-April/032098.html>
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>     <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list