Open Stack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 19/08/14 11:35, Thierry Carrez wrote:
> Gary Kotton wrote:
>> I think that only in exceptional cases should we allow changing
>> of default configuration variables. This may break existing
>> setups. I am not in favor of this back port.
> 
> I tend to agree with Gary here.
> 
> IIUC this is an old bug -- if people encountered it they probably
> have switched that configuration option to True a long time ago.
> It's also very easy for downstream consumers to carry the
> difference if they care (they ship customized config files
> anyway).

And if they haven't encountered the issue yet, and don't know that
default value is failing hard, then we leave our users with DoS
unfixed, waiting for their users to break the cloud and then debug the
issue, finally discovering that we have defaults that are broken and
not even documented as such anywhere.

> 
> Contrast that with breaking existing setups that may rely on that 
> feature... We trade a known evil for a new, unknown one.

Those setups are beyond our control, we don't even know whether they
actually exist. So we trade a known evil for a tiny chance of a new,
less evil one (those limitations will be caught by consumers in their
testbed, with clear message in the log; and if it's really needed,
it's a matter of one line changed in conffile).

> 
> We also don't mark a config option deprecated in the middle of a
> stable branch. It's either deprecated at release time, or at the
> next release time. We can't retroactively deprecate.

We don't deprecate it in Havana. The patch proposes to change the
default value only. If you're concerned about specific description of
the setting, we may trim it not to mention the part about its
deprecation in later releases.

> 
> Some aspects of that patch may still be acceptable though 
> (neutron/db/db_base_plugin_v2.py) and we could document that we 
> recommend people turn that option to True in the next point
> release releasenotes.
> 

If we don't merge the patch, it's the least we can do for our users.
Distributions may also set it in their distro-specific config file
(neutron-dist.conf).

/Ihar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)

iQEcBAEBCgAGBQJT8zmJAAoJEC5aWaUY1u57/lgIAKGJNeZZhNm7NuevmUchHdaZ
cf0Tng0Ocfn7J3ZOttZSB9Xw5BSVBNN3nlMEKQQ0/nbLEHnkntt080ctMWjBsDX2
vsMHTBm3IBPihbFyLG0ZRcVeGos5/fqB5vuqmNF7XYjjhi2aQw4kBGLkveGodzyn
3D0JHfN9ZZ9tjj9QqB4StsKN/OzKCehLPImmzSItu5BU3ixlxBBPNio9m8CwuTvl
n08OoL3rHWBFkCgzPdY9XGTYMR+Suw3Csm5zfa4Bkx+0RVjt8fYCOpL8QOhHjX3T
2SryXcsmfIvlot6vLOInl7mEINfedC9Yxb48TkVmvAndDhqhWHlnQtIUuEwmo2g=
=rX2+
-----END PGP SIGNATURE-----