<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jul 15, 2014 at 6:57 AM, Henry Nash <span dir="ltr"><<a href="mailto:henryn@linux.vnet.ibm.com" target="_blank">henryn@linux.vnet.ibm.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Joe,<div><br></div><div>I'd imagine an API like this would be pretty useful for some of these config tools - so I'd imagine they might well be consumers of this API.</div>

</div></blockquote><div><br></div><div>This may solve the OpenStack case, but something like this wouldn't solve the general issue of configuration management (config options for mysql, rabbit, apache, load balancers etc.)</div>

<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><span class="HOEnZb"><font color="#888888"><div><br></div></font></span><div>

<span class="HOEnZb"><font color="#888888">Henry</font></span><div><div class="h5"><br><div><div>On 15 Jul 2014, at 13:10, Joe Gordon <<a href="mailto:joe.gordon0@gmail.com" target="_blank">joe.gordon0@gmail.com</a>> wrote:</div>

<br><blockquote type="cite"><div dir="ltr" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

<div class="gmail_extra"><br><br><br><div class="gmail_quote">On Tue, Jul 15, 2014 at 5:00 AM, Henry Nash<span> </span><span dir="ltr"><<a href="mailto:henryn@linux.vnet.ibm.com" target="_blank">henryn@linux.vnet.ibm.com</a>></span><span> </span>wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word">Mark,<div><br></div><div>

Thanks for your comments (as well as remarks on the WIP code-review).</div><div><br></div><div>So clearly gathering and analysing log files is an alternative approach, perhaps not as immediate as an API call.  In general, I believe that the more capability we provide via easy-to-consume APIs (with appropriate permissions) the more effective (and innovative) ways of management of OpenStack we will achieve (easier to build automated management systems).  In terms of multi API servers, obviously each server would respond to the API with the values it has set, so operators could check any or all of the servers....and this actually becomes more important as people distribute config files around to the various servers (since more chance of something getting out of sync).</div>

</div></blockquote><div><br></div><div>Where do you see configuration management tools like chef, puppet, and the os-*-config tools (<a href="http://git.openstack.org/cgit" target="_blank">http://git.openstack.org/cgit</a>) fit in to this?</div>

<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div style="word-wrap:break-word"><span><font color="#888888"><div>

<br></div><div>Henry</div></font></span><div><div><div><div>On 15 Jul 2014, at 10:08, Mark McLoughlin <<a href="mailto:markmc@redhat.com" target="_blank">markmc@redhat.com</a>> wrote:</div><br><blockquote type="cite">

<div style="font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">On Tue, 2014-07-15 at 08:54 +0100, Henry Nash wrote:<br>

<blockquote type="cite">HI<br><br>As the number of configuration options increases and OpenStack<br>installations become more complex, the chances of incorrect<br>configuration increases. There is no better way of enabling cloud<br>

providers to be able to check the configuration state of an OpenStack<br>service than providing a direct REST API that allows the current<br>running values to be inspected. Having an API to provide this<br>information becomes increasingly important for dev/ops style<br>

operation.<br><br>As part of Keystone we are considering adding such an ability (see:<br><a href="https://review.openstack.org/#/c/106558/" target="_blank">https://review.openstack.org/#/c/106558/</a>).  However, since this is the<br>

sort of thing that might be relevant to and/or affect other projects,<br>I wanted to get views from the wider dev audience.  <br><br>Any such change obviously has to take security in mind - and as the<br>spec says, just like when we log config options, any options marked as<br>

secret will be obfuscated.  In addition, the API will be protected by<br>the normal policy mechanism and is likely in most installations to be<br>left as "admin required".  And of course, since it is an extension, if<br>

a particular installation does not want to use it, they don't need to<br>load it.<br><br>Do people think this is a good idea?  Useful in other projects?<br>Concerned about the risks?<br></blockquote><br>I would have thought operators would be comfortable gleaning this<br>

information from the log files?<br><br>Also, this is going to tell you how the API service you connected to was<br>configured. Where there are multiple API servers, what about the others?<br>How do operators verify all of the API servers behind a load balancer<br>

with this?<br><br>And in the case of something like Nova, what about the many other nodes<br>behind the API server?<br><br>Mark.<br><br><br>_______________________________________________<br>OpenStack-dev mailing list<br>

<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></div>

</blockquote></div><br></div></div></div><br>_______________________________________________<br>OpenStack-dev mailing list<br><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br><br></blockquote></div><br></div></div><span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">_______________________________________________</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

<span style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;display:inline!important">OpenStack-dev mailing list</span><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

<a href="mailto:OpenStack-dev@lists.openstack.org" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">OpenStack-dev@lists.openstack.org</a><br style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">

<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></blockquote>

</div><br></div></div></div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div>