[keystone][zun] Choice between 'ca_file' and 'cafile'
Hi all, A short question. I saw a few projects are using the name 'ca_file' [1] as config option, while others are using 'cafile' [2]. I wonder what is the flavorite name convention? I asked this question because Kolla developer suggested Zun to rename from 'ca_file' to 'cafile' to avoid the confusion [3]. I want to confirm if this is a good idea from Keystone's perspective. Thanks. Best regards, Hongbin [1] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27ca_file%27&i=nope&files=&repos= [2] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27cafile%27&i=nope&files=&repos= [3] https://review.opendev.org/#/c/738329/
On 7/1/20 2:24 PM, Hongbin Lu wrote:
Hi all,
A short question. I saw a few projects are using the name 'ca_file' [1] as config option, while others are using 'cafile' [2]. I wonder what is the flavorite name convention?
I asked this question because Kolla developer suggested Zun to rename from 'ca_file' to 'cafile' to avoid the confusion [3]. I want to confirm if this is a good idea from Keystone's perspective. Thanks.
Best regards, Hongbin
[1] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27ca_file%27&i=nope&files=&repos= [2] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27cafile%27&i=nope&files=&repos= [3] https://review.opendev.org/#/c/738329/
Cinder and Glance both use ca_file (and ssl_ca_file and vmware_ca_file, and registry_client_ca_file). From keystone_auth, we do also have cafile. Personally, I find the separation of ca_file to be much easier to read. Sean
On Wed, Jul 1, 2020 at 10:31 PM Sean McGinnis <sean.mcginnis@gmx.com> wrote:
On 7/1/20 2:24 PM, Hongbin Lu wrote:
Hi all,
A short question. I saw a few projects are using the name 'ca_file' [1] as config option, while others are using 'cafile' [2]. I wonder what is the flavorite name convention?
I asked this question because Kolla developer suggested Zun to rename from 'ca_file' to 'cafile' to avoid the confusion [3]. I want to confirm if this is a good idea from Keystone's perspective. Thanks.
Best regards, Hongbin
[1] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27ca_file%27&i=nope&files=&repos= [2] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27cafile%27&i=nope&files=&repos= [3] https://review.opendev.org/#/c/738329/
Cinder and Glance both use ca_file (and ssl_ca_file and vmware_ca_file, and registry_client_ca_file). From keystone_auth, we do also have cafile.
Personally, I find the separation of ca_file to be much easier to read.
Sean
Yeah, it was me to suggest the aliasing. We found that the 'cafile' seems more prevalent. We missed that underscore for Zun and scratched our heads "what are we doing wrong there?". Nova has its most interesting because it uses cafile for clients but ca_file for hypervisors 🤷 -yoctozepto
On 7/2/20 2:23 AM, Radosław Piliszek wrote:
On Wed, Jul 1, 2020 at 10:31 PM Sean McGinnis <sean.mcginnis@gmx.com> wrote:
On 7/1/20 2:24 PM, Hongbin Lu wrote:
Hi all,
A short question. I saw a few projects are using the name 'ca_file' [1] as config option, while others are using 'cafile' [2]. I wonder what is the flavorite name convention?
I asked this question because Kolla developer suggested Zun to rename from 'ca_file' to 'cafile' to avoid the confusion [3]. I want to confirm if this is a good idea from Keystone's perspective. Thanks.
Best regards, Hongbin
[1] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27ca_file%27&i=nope&files=&repos= [2] http://codesearch.openstack.org/?q=cfg.StrOpt%5C(%27cafile%27&i=nope&files=&repos= [3] https://review.opendev.org/#/c/738329/
Cinder and Glance both use ca_file (and ssl_ca_file and vmware_ca_file, and registry_client_ca_file). From keystone_auth, we do also have cafile.
Personally, I find the separation of ca_file to be much easier to read.
Sean
Yeah, it was me to suggest the aliasing. We found that the 'cafile' seems more prevalent. We missed that underscore for Zun and scratched our heads "what are we doing wrong there?".
Sounds like a job for https://docs.openstack.org/oslo.config/latest/cli/validator.html ;-) I don't have a strong opinion on which we should choose, but I will note that whichever it is, we can leave deprecated names for the other so nobody gets broken by the change. Probably incomplete lists of references to both names: http://codesearch.openstack.org/?q=StrOpt%5C(%27ca_file%27&i=nope&files=&repos= http://codesearch.openstack.org/?q=StrOpt%5C(%27cafile%27&i=nope&files=&repos= Unfortunately keystone and oslo.service differ, so no matter which we choose a lot of projects are going to inherit a deprecated opt.
participants (4)
-
Ben Nemec
-
Hongbin Lu
-
Radosław Piliszek
-
Sean McGinnis