Hi all,
I would like to propose deprecating and removing the 'iscsi' deploy interface over the course of the next 2 cycles. The reasons are:
1) The iSCSI deploy is a source of occasional cryptic bugs when a target cannot be discovered or mounted properly.
2) Its security is questionable: I don't think we even use authentication.
3) Operators confusion: right now we default to the iSCSI deploy but pretty much direct everyone who cares about scalability or security to the 'direct' deploy.
4) Cost of maintenance: our feature set is growing, our team - not so much. iscsi_deploy.py is 800 lines of code that can be removed, and some dependencies that can be dropped as well.
As far as I can remember, we've kept the iSCSI deploy for two reasons:
1) The direct deploy used to require Glance with Swift backend. The recently added [agent]image_download_source option allows caching and serving images via the ironic's HTTP server, eliminating this problem. I guess we'll have to switch to 'http' by default for this option to keep the out-of-box experience.
2) Memory footprint of the direct deploy. With the raw images streaming we no longer have to cache the downloaded images in the agent memory, removing this problem as well (I'm not even sure how much of a problem it is in 2020, even my phone has 4GiB of RAM).
If this proposal is accepted, I suggest to execute it as follows:
Victoria release:
1) Put an early deprecation warning in the release notes.
2) Announce the future change of the default value for [agent]image_download_source.
W release:
3) Change [agent]image_download_source to 'http' by default.
4) Remove iscsi from the default enabled_deploy_interfaces and move it to the back of the supported list (effectively making direct deploy the default).
X release:
5) Remove the iscsi deploy code from both ironic and IPA.
Thoughts, opinions, suggestions?
Dmitry