<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p.msochpdefault, li.msochpdefault, div.msochpdefault
{mso-style-name:msochpdefault;
mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri","sans-serif";}
span.emailstyle17
{mso-style-name:emailstyle17;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><b>From:</b> Brian Rosmaita [<a href="mailto:brian.rosmaita@RACKSPACE.COM">mailto:brian.rosmaita@RACKSPACE.COM</a>]<span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">>Or you can just use it as the basis of a Cinder property protection config file,
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">>because I wonder whether in the general case, you'll always want volume
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">>properties protected exactly the same as image properties. If not, the new
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">>API call strategy will force you to deal with differences in the code, whereas
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">>the config file strategy would move dealing with differences to setting up the config file. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Once an instance is launched, the “image” properties are treated the same and lose distinction of whether they came from an image or a bootable volume in Nova. I agree with Facundo that maintaining a consistency
between configuration files sounds like a configuration drift risk to me opening the opportunity to bypass protected properties. Also, commands in Cinder like upload-to-image may fail because a bootable volume is created with image properties that Glance doesn’t
actually allow. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Why not have a single source of truth for protected properties coming from Glance? A small possible downside I see is that the Glance API will get hit more often, but maybe we can optimize that?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">This does sound like a good topic for the Glance meeting, but since it is a Cinder topic as well, it would be good to get Cinder team feedback.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">-Travis<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Maldonado, Facundo N [mailto:facundo.n.maldonado@intel.com]
<br>
<b>Sent:</b> Wednesday, June 25, 2014 7:34 AM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> Re: [openstack-dev] [cinder][glance] Update volume-image-metadata proposal<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks for the response, I’ll be there this Thursday.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Having the file in more than one place could me a nightmare if we have to maintain consistency between them.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">It could be good if we want to protect different properties than Glance.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Thanks, <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Facundo<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Brian Rosmaita [<a href="mailto:brian.rosmaita@RACKSPACE.COM">mailto:brian.rosmaita@RACKSPACE.COM</a>]
<br>
<b>Sent:</b> Tuesday, June 24, 2014 7:10 PM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> Re: [openstack-dev] [cinder][glance] Update volume-image-metadata proposal<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">Hi Facundo,<br>
<br>
Can you attend the Glance meeting this week at 20:00 UTC on Thursday in #openstack-meeting-alt ?<br>
<br>
I may be misunderstanding what's at stake, but it looks like:<br>
- Glance holds the image metadata (some user-modifiable, some not)<br>
- Cinder copies the image metadata to use as volume metadata (none is user-modifiable)<br>
- You want to implement user-modifiable metadata in Cinder, but you don't know which items should be mutable and which not.<br>
- You propose to add glance API calls to allow you to figure out property protections on a per-property basis.<br>
<br>
It looks like the only roles for Glance here are (1) as the original source of the image metadata, and then (2) as the source of truth for what image properties can be modified on the volume metadata. For (1), you've already got an API call. For (2), why
not use the glance property protection configuration file directly? It's going to be deployed somehow to your glance nodes, you can deploy it to your cinder nodes at the same time. Or you can just use it as the basis of a Cinder property protection config
file, because I wonder whether in the general case, you'll always want volume properties protected exactly the same as image properties. If not, the new API call strategy will force you to deal with differences in the code, whereas the config file strategy
would move dealing with differences to setting up the config file. So I'm not convinced that a new API call is the way to go here.<br>
<br>
But there may be some nuances I'm missing, so it might be easier to discuss at the Glance meeting. The agenda looks pretty light for Thursday if you want to add this topic:<br>
</span><a href="https://etherpad.openstack.org/p/glance-team-meeting-agenda"><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">https://etherpad.openstack.org/p/glance-team-meeting-agenda</span></a><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"><br>
<br>
cheers,<br>
brian<o:p></o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:black">
<hr size="2" width="100%" align="center">
</span></div>
<div id="divRpF89816">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:black"> Maldonado, Facundo N [facundo.n.maldonado@intel.com]<br>
<b>Sent:</b> Tuesday, June 24, 2014 2:34 PM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> [openstack-dev] [cinder][glance] Update volume-image-metadata proposal</span><span style="font-size:12.0pt;font-family:"Times New Roman","serif";color:black"><o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="color:black">Hi folks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> I started working on this blueprint [1] but the work to be done is not limited to cinder python client.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> Volume-image-metadata is immutable in Cinder and Glance has RBAC image properties and it doesn’t provide any way to find out which are those protected properties in advance [2].<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> I want to share this proposal and get feedback from you.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> </span><a href="https://docs.google.com/document/d/1XYEqGOa30viOyZf8AiwkrCiMWGTfBKjgmeYBptaCHlM/" target="_blank">https://docs.google.com/document/d/1XYEqGOa30viOyZf8AiwkrCiMWGTfBKjgmeYBptaCHlM/</a><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black">Facundo<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black;background:white">[1]<span class="apple-converted-space"> </span></span><a href="https://blueprints.launchpad.net/python-cinderclient/+spec/support-volume-image-metadata" target="_blank"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:#551A8B;background:white">https://blueprints.launchpad.net/python-cinderclient/+spec/support-volume-image-metadata</span></a><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black;background:white">[2]
</span><a href="http://openstack.10931.n7.nabble.com/Cinder-Confusion-about-the-respective-use-cases-for-volume-s-admin-metadata-metadata-and-glance-imaga-td39849.html" target="_blank"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";background:white">http://openstack.10931.n7.nabble.com/Cinder-Confusion-about-the-respective-use-cases-for-volume-s-admin-metadata-metadata-and-glance-imaga-td39849.html</span></a><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>