[openstack-dev] Hyperv test blobs?
Alessandro Pilotti
ap at pilotti.it
Wed Dec 5 14:26:21 UTC 2012
Hi guys,
As already discussed in the Nova meeting pointed out by Sean http://eavesdrop.openstack.org/meetings/nova/2012/nova.2012-11-29-21.01.html
we are already replacing the current Nova tests binary serialized stubs with text Json and as a next step to refactor the driver in order to add an abstraction layer on top of WMI that can be mocked in a consistent way with the rest of the Nova project. I'm not discussing here the reasons that brought us to implement the existing testing framework in the Folsom timeframe, as it has already discussed in the Nova meeting. I'd be glad to talk about it anytime for detailed explanations, so please reach out for me on IRC (alexpilotti).
> It looks like a 'future statement' said that json will go in @ (https://github.com/openstack/nova/blob/master/nova/tests/hyperv/README.rst), but shouldn't that have happened to begin with?
The reason why we opted for serialized and gzipped pickled files is speed and size, but I definitely agree that the benefits of Json serializiation in this context, related to project management more than technical reasons, makes it a more suitable choice.
Here's the blueprint, we'll implement it in time for G-2:
https://blueprints.launchpad.net/nova/+spec/hyper-v-testing-serialization-improvements
As for blocking any Hyper-V related commit until this feature is implemented, IMO this would not bring any benefit to the Nova project, since we are already committed at doing what is needed, while it would definitely hinder the Hyper-V and Windows related features in the Grizzly release.
Thanks,
Alessandro Pilotti
Cloudbase Solutions | CEO
-------------------------------------
MVP ASP.Net / IIS
Windows Azure Insider
Red Hat Certified Engineer
-------------------------------------
On Dec 5, 2012, at 07:14 , Sean Dague <sdague at linux.vnet.ibm.com> wrote:
> On 12/04/2012 05:25 PM, Joshua Harlow wrote:
>> Hi all,
>>
>> I was just looking into some of the tests and came across some hyperv
>> stuff that I don't understand.
>>
>> Possibly somehow can help me understand whats happening here.
>>
>> https://github.com/openstack/nova/tree/master/nova/tests/hyperv/stubs
>>
>> There seem to be a bunch of binary serialized objects here that contain
>> some secret hidden code used during testing (probably not harmful but
>> who am I to say when the contents aren't visible). From a little decode
>> script that I wrote to try to see whats going on here @
>> http://paste.ubuntu.com/1411286/ (that’s just a decode of one of those
>> files) is it possible that in the future we can not accept such binary
>> blobs (even for testing). Not to set off a /panic/, but if binary blobs
>> are allowed in, then who is really sure that said blob isn't executing
>> some code on my CI machine (or elsewhere) that could be doing malicious
>> activities. Without clear-text source files, its pretty hard to say that
>> they aren't (yes its just for testing, but that’s besides the point).
>>
>> Did anyone besides the committers peek into those files to determine
>> what is going on there (reviewers?)?
>>
>> It looks like a 'future statement' said that json will go in @
>> (https://github.com/openstack/nova/blob/master/nova/tests/hyperv/README.rst),
>> but shouldn't that have happened to begin with?
>>
>> Crappy decoder script @ http://paste.ubuntu.com/1411300/
>>
>> Thoughts welcome.
>
> I agree with you. The last nova meeting actually had the hyperv driver as a topic for 30 minutes because of this issue - http://eavesdrop.openstack.org/meetings/nova/2012/nova.2012-11-29-21.01.html
>
> I'd be fine saying that new hyper-v patches are blocked until this is fixed, but that didn't seem to be the general feeling on things.
>
> It's also incredibly helpful if others raise the issues in the review queue as well - https://review.openstack.org/#/c/16843/. You don't need -2 powers to raise concerns.
>
> -Sean
>
> --
> Sean Dague
> IBM Linux Technology Center
> email: sdague at linux.vnet.ibm.com
> alt-email: sldague at us.ibm.com
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121205/a1693a26/attachment.html>
More information about the OpenStack-dev
mailing list