Open Stack

On Tue, Jun 4, 2019, at 1:01 AM, Sorin Sbarnea wrote:
> I am in favour of ditching or at least refactoring devstack because 
> during the last year I often found myself blocked from fixing some 
> zuul/jobs issues because the buggy code was still required by legacy 
> devstack jobs that nobody had time maintain or fix, so they were 
> isolated and the default job configurations were forced to use dirty 
> hack needed for keeping these working.
> 
> One such example is that there is a task that does a "chmod -R 0777 -R" 
> on the entire source tree, a total security threat. 

This is needed by devstack-gate and *not* devstack. We have been trying now for almost two years to get people to stop using devstack-gate in favor of the zuul v3 jobs. Please don't conflate this with devstack itself, it is not related and not relevant to this discussion.

> 
> In order to make other jobs running correctly* I had to rely undoing 
> the damage done by such chmod because I was not able to disable the 
> historical hack.

In order to make other jobs run correctly we are asking you to stop using devstack-gate and use zuulv3 native jobs instead.

> 
> * ansible throws warning with unsafe file permissions
> * ssh refuses to load unsafe keys
> 
> That is why I am in favor of dropping features that are slowing down 
> the progress of others.

Again this has nothing to do with devstack.

> 
> I know that the reality is more complicated but I also think that 
> sometimes less* is more. 
> 
> 
> * deployment projects ;)
>