Mark McClain wrote:
I’d like propose that we grant an exception for new configuration options for these backports to stable/icehouse
https://review.openstack.org/#/c/88437/ https://review.openstack.org/#/c/90626/
Hi!
So far we excluded the addition of new configuration options in stable release patches, because a "release" is defined by a stable feature set, which is documented and communicated in various books and articles. As soon as we add new features, we introduce confusion regarding what "Icehouse" is, how it behaves and how it is configured. Some downstream distributions will adopt the new feature, some won't...
I'm therefore very opposed to the idea of backporting features. New configuration options are generally new features, so they generally fall in that category... But then we can grant exceptions, provided that all the stable branch stakeholders like the proposed patch.
Looking at the proposed exception, it adds a nova_api_insecure option (default to False) and a nova_ca_certificates_file option (default to None) that are then passed to the novaclient constructor. Default behavior is preserved. So it boils down to the bugs we are actually solving by adding those parameters:
https://bugs.launchpad.net/neutron/+bug/1306822 https://bugs.launchpad.net/neutron/+bug/1309694
Those bugs describe the missing options, but do not do a great job of describing the impact of not having them. My guess is that without those parameters, you have to rely on system certificates (as you can't provide your own and you can't disable the check). Is that a correct assumption ? Who is impacted by these bugs ?
If my interpretation is correct, then this falls a bit in a grey area: it is a "feature" to allow your own certificate to be provided, but it could be seen as a bug (feature gap) if Neutron was the only project in Icehouse not having that feature (and people would generally expect those parameters to be present). Is Neutron the only project that misses those parameters ?