[openstack-dev] [Neutron][LBaaS][VPNaaS][FWaaS] Dealing with logical logical configurations
Salvatore Orlando
sorlando at nicira.com
Tue Jul 30 21:53:00 UTC 2013
Hi Eugene,
I have some comments on your considerations. I do apologise but perhaps I
did not understand correctly the workflow for removal of a service provider.
Salvatore
On 30 July 2013 23:24, Eugene Nikanorov <enikanorov at mirantis.com> wrote:
> Salvatore, thanks for your feedback.
>
> Let me comment on some of your statements
> *> The possibility Eugene describes in his post - a service provider
> being deleted - is probably not a 'regular' use case, but more the
> consequence of a potentially error-prone operation.*
> Nachi initially raised a concern about the case when cloud operator
> decides to remove some provider.
> A few considerations for such operation:
> 1) IMO, removing the provider should not result in losing logical
> configuration for users
> 2) Resources allocated by the provider must be cleaned up - that is done
> before neutron server is restarted with new configuration.
> I think it's a valid workflow.
>
What kind of operations would the cleanup involve?
>
>
Also, I'd be against such a check which would prevent neutron-server from
> starting if some resources reference unknown providers.
> Providers may be removed for various reasons, but that would be too
> disruptive to bring down whole networking service because of that.
> Another option may be to take such decision on per-service basis. At least
> I don't think having orphaned loadbalancer pools should prevent neutron to
> start.
>
It might be ok to not prevent the service from starting.
Perhaps I am misunderstanding the workflow, which I barely know since the
original conversation happened outside of this thread.
>From the perspective of the API user, I perceive the effect would be that
of a service instance which exists as a logical entity, but actually has
been de-implemented as its provider has been removed.
This is probably not very different from the case in which the host where a
port is deployed goes down - the status for the port will be DOWN. I hope
that the status for the corresponding services will go DOWN as well -
otherwise this might result a bit confusing to API users.
>
> *> I am not convinced by the idea of having a 'No_op' service provider;
> I think if an API user wants to create a resource, but does not want it to
> be 'implemented', the way to go would be to put it administratevely down,
> regardless of the provider used.*
> The need for Noop driver is direct consequence of the case above.
> If we remove requirement (1) and just delete resources which reference
> removed provider, than we will not need Noop and unassociated resources.
>
While a 'noop' driver - assuming this would be the right term - can be used
to describe service instances without a provider, I wonder if the best way
of describing an instance without a provider is literally a service
instance without a provider. Also, correct me if I'm wrong here, if one
assumes that such 'orphaned' instances should be in status 'DOWN' or
'ERROR', then probably it does not matter which provider (if any) the
service instance is associated with.
>
> Thanks,
> Eugene.
>
>
> On Tue, Jul 30, 2013 at 12:06 PM, Salvatore Orlando <sorlando at nicira.com>wrote:
>
>> It is my personal opinion that there is no necessary condition between
>> 'having the possibility of leaving a resource without service provider' and
>> 'API users want to create resources without service providers'.
>> While being able to change the 'provider' associated with a resource is a
>> reasonable use case, albeit not one we might want to implement now,
>> unassociated resources as a valid use case need to be motivated better. The
>> possibility Eugene describes in his post - a service provider being deleted
>> - is probably not a 'regular' use case, but more the consequence of a
>> potentially error-prone operation.
>>
>> Sticking to the concept that Neutron should hide as much as possible
>> details regarding backing technologies - and from what I gather providers
>> map 1:1 with backend technologies - I would say that the default action of
>> associating resource with a 'default' service provider still makes sense; I
>> am not convinced by the idea of having a 'No_op' service provider; I think
>> if an API user wants to create a resource, but does not want it to be
>> 'implemented', the way to go would be to put it administratevely down,
>> regardless of the provider used.
>>
>> Going back to the original issue - removal of a provider, I think we
>> should consider whether such an action is legal or not.
>> If it's not legal, then we might think about adding a check at startup
>> time: if service instances mapped to unknow providers are found, Neutron
>> may fail to start up.
>> It is also nteresting the case when the provider name is not changed, but
>> the driver is changed. I have reason to believe this might lead to a bit of
>> mayhem; it *might* be manageable, but probably for Havana it might be just
>> worth documenting that this kind of operation should just not be performed.
>>
>> Salvatore
>>
>>
>> On 29 July 2013 16:34, Eugene Nikanorov <enikanorov at mirantis.com> wrote:
>>
>>> Hi folks,
>>>
>>> Recently we've been discussing with Nachi Ueno some specific use case of
>>> deployments with multiple providers for particular advanced service.
>>>
>>> What If admin wants to remove certain provider from configuration file?
>>> The following handling was proposed:
>>> 1) Before restarting neutron-server to apply new configuration, admin
>>> undeploys all resources that were deployed with provider being removed.
>>> That's needed to gracefully cleanup devices used by provider being removed.
>>>
>>> 2) Removal of a provider should not result in resource deletion.
>>> E.g. user's logical resources are preserved, and they can be associated
>>> with other service providers later on.
>>>
>>> 3) Having (1) and (2) it's obvious that after those steps are performed,
>>> users are left with pure logical resources which don't have physical
>>> representation.
>>> I think such resources are no worse then deployed ones, e.g. could be
>>> worked with just the same way as those which have a provider associated.
>>>
>>> The conclusion from (3) is that users themselves may want to create such
>>> resources.
>>> The workflow would be to create resource with no provider, configure it,
>>> and then deploy at once.
>>>
>>> And I have an API question regarding such use case.
>>> Currently user doesn't specify provider to create resource. For this to
>>> continue to work we introduced the notion of 'default provider'. So, If
>>> user doesn't specify provider - the default one is used.
>>> Then if we want users to be able to create unassociated resource, what
>>> kind of provider they need to pass to 'create' API call?
>>>
>>> One important consideration that appeared while I was implementing
>>> multiple providers for lbaas is that a resource always needs to be handled
>>> by some provider, even if not associated with any. That is needed to
>>> preserve consistency of DB operations, because in current model (for lbaas
>>> at least) plugin sets object (pool, vip, etc) status to PENDING_DELETE, and
>>> then driver deletes it.
>>> If resource is unassociated with the driver, then 'Noop' driver must be
>>> used for this logic to work properly.
>>>
>>> One of the solution to this would be to have special name for the
>>> provider to indicate 'Noop' provider. The reason for having special name is
>>> that it's better to not specify Noop in configuration as it is essential
>>> basic provider that should always be present.
>>>
>>> Please share your thoughts.
>>>
>>> Thanks,
>>> Eugene.
>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130730/70d99e04/attachment.html>
More information about the OpenStack-dev
mailing list