<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">The current incarnation of the Instance User spec:
<a href="https://review.openstack.org/#/c/222293/" target="_blank">https://review.openstack.org/#/c/222293/</a><br>
<br>
Thanks,<br>
Kevin<br>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div style="direction: ltr;" id="divRpF626949"><font face="Tahoma" size="2" color="#000000"><b>From:</b> Michael Still [mikal@stillhq.com]<br>
<b>Sent:</b> Monday, July 18, 2016 10:13 AM<br>
<b>To:</b> OpenStack Development Mailing List<br>
<b>Subject:</b> Re: [openstack-dev] [tc][all] Big tent? (Related to Plugins for all)<br>
</font><br>
</div>
<div></div>
<div>
<p dir="ltr">On 16 Jul 2016 1:27 PM, "Thomas Herve" <<a href="mailto:therve@redhat.com" target="_blank">therve@redhat.com</a>> wrote:<br>
><br>
> On Fri, Jul 15, 2016 at 8:36 PM, Fox, Kevin M <<a href="mailto:Kevin.Fox@pnnl.gov" target="_blank">Kevin.Fox@pnnl.gov</a>> wrote:<br>
> > Some specific things:<br>
> ><br>
> > Magnum trying to not use Barbican as it adds an addition dependency. See the discussion on the devel mailing list for details.<br>
> ><br>
> > Horizon discussions at the summit around wanting to use Zaqar for dynamic ui updates instead of polling, but couldn't depend on a non widely deployed subsystem.<br>
> ><br>
> > Each Advanced OpenStack Service implementing a guest controller communication channel that are incompatible with each other and work around communications issues differently. This makes a lot more pain for Ops to debug or architect a viable solution. For
example:<br>
> > * Sahara uses ssh from the controllers to the vms. This does not play well with tenant networks. They have tried to work around this several ways:<br>
> > * require every vm to have a floating ip. (Unnecessary attack surface)<br>
> > * require the controller to be on the one and only network node (Uses ip netns exec to tunnel. Doesn't work for large clouds)<br>
> > * Double tunnel ssh via the controller vm's. so some vms have fips, some don't. Better then all, but still not good.<br>
> > * Trove uses Rabbit for the guest agent to talk back to the controllers. This has traffic going the right direction to work well with tenant networks.<br>
> > * But Rabbit is not multitenant so a security risk if any user can get into any one of the database vm's.<br>
> > Really, I believe the right solution is to use a multitenant aware message queue so that the guest agent can pull in the right direction for tenant networks, and not have the security risk. We have such a system already, Zaqar, but its not widely deployed
and projects don't want to depend on other projects that aren't widely deployed.<br>
><br>
> While I agree using Barbican/Zaqar for those would be fantastic, this<br>
> is easily solved: just optionally depend on it. Heat provides features<br>
> that use Zaqar, which are not just present when Zaqar is not there.<br>
> For example, if people in the Trove project were convinced that Zaqar<br>
> was the best solution to their problem, I think they would find a way<br>
> to provide an implementation using it. I don't think they are, though.<br>
> Whatever the reasons may be.<br>
><br>
> > The lack of Instance Users has caused lots of projects to try and work around the lack thereof. I know for sure, Mangum, Heat, and Trove work around the lack. I'm positive others have too. As an operator, it makes me have to very carefully consider all
the tradeoffs each project made, and decide if I can accept the same risk they assumed. Since each is different, thats much harder.<br>
><br>
> Instance users would be nice. Nobody just provided a good solution. I<br>
> know you tried, but I don't think you succeeded. We need a good<br>
> implementation, easy to understand, and maybe this will move forward.</p>
<p dir="ltr">I think I need a more complete definition of instance users to know what you're talking about here. Is this the instance locking stuff Bruno proposed a while ago?</p>
<p dir="ltr">> > I'm sure there are more examples. but I hope you get I'm not just trying to troll.<br>
> ><br>
> > The TC did apply inconsistant rules on letting projects in. That was for sure a negative before the big tent. But it also provided a way to apply pressure to projects to fix some of the issues that multiple projects face, and that plague user/operators
and raise the whole community up, and that has fallen to the wayside since. Which is a big negative now. Maybe that could be bolted on top of the Big Tent I don't know.<br>
><br>
> So I think that's the root of the issue here. You assume we can<br>
> "pressure" people do something you think is right. But that's not how<br>
> opensource works. You either implement the solution to your problem,<br>
> or convince someone else, but you don't force anybody. I think that's<br>
> what the TC recognized and changed, to the correct path. Could project<br>
> be better integrated, so that we have a more coherent "product"? Sure.<br>
> But you don't achieve that with more governance and processes.<br>
><br>
> --<br>
> Thomas<br>
><br>
> __________________________________________________________________________<br>
> OpenStack Development Mailing List (not for usage questions)<br>
> Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">
OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></p>
<p dir="ltr">Michael<br>
</p>
</div>
</div>
</div>
</body>
</html>