[openstack-dev] [TripleO] Time to break backwards compatibility for *cloud-password file location?

James Polley jp at jamezpolley.com
Wed Jul 2 23:10:55 UTC 2014


On Thu, Jul 3, 2014 at 5:33 AM, Sullivan, Jon Paul <JonPaul.Sullivan at hp.com>
wrote:

> > -----Original Message-----
> > From: Giulio Fidente [mailto:gfidente at redhat.com]
> > Sent: 01 July 2014 13:08
> > Subject: Re: [openstack-dev] [TripleO] Time to break backwards
> > compatibility for *cloud-password file location?
> >
> > On 06/25/2014 11:25 AM, marios at redhat.com wrote:
> > > On 25/06/14 10:52, James Polley wrote:
> > >> Until https://review.openstack.org/#/c/83250/, the setup-*-password
> > >> scripts used to drop password files into $CWD, which meant that if
> > >> you ran the script from a different location next time, your old
> > >> passwords wouldn't be found.
> > >>
> > >> https://review.openstack.org/#/c/83250/ changed this so that the
> > >> default behaviour is to put the password files in $TRIPLEO_ROOT; but
> > >> for backwards compatibility we left the script checking to see if
> > >> there's a file in the current directory, and using that file in
> > >> preference to $TRIPLEO_ROOT if it exists.
> > >>
> > >> However, this behaviour is still confusing to people. I'm not
> > >> entirely clear on why it's confusing (it makes perfect sense to
> > >> me...) but I imagine it's because we still have the problem that the
> > >> code works fine if run from one directory, but run from a different
> > directory it can't find passwords.
> > >>
> > >> There are two open patches which would break backwards compatibility
> > >> and only ever use the files in $TRIPLEO_ROOT:
> > >>
> > >> https://review.openstack.org/#/c/93981/
> > >> https://review.openstack.org/#/c/97657/
> > >>
> > >> The latter review is under more active development, and has
> > >> suggestions that the directory containing the password files should
> > >> be parameterised, defaulting to $TRIPLEO_ROOT. This would still break
> > >> for anyone who relies on the password files being in the directory
> > >> they run the script from, but at least there would be a fairly easy
> > fix for them.
> > >>
> > >
> > > How about we:
> > >
> > > * parameterize as suggested by Fabio in the review @
> > > https://review.openstack.org/#/c/97657/
>
> +1
>
> > >
> > > * move setting of this param to more visible location (setup, like
> > > devtest_variables or testenv). We can then give this better visibility
> > > in the dev/test autodocs with a warning about the 'old' behaviour
>
> +1
>
> > >
> > > * add a deprecation warning to the code that reads from
> > > $CWD/tripleo-overcloud-passwords to say that this will now need to be
> > > set as a parameter in ... wherever. How long is a good period for
> > this?
> >
> > +1
>
> +1
>
> Would it make sense to copy the passwords across such that the users
> behaviour is not changed were they to delete their old passwords file.  The
> deprecation warning would read that they can set <VAR> to point to the
> passwords file they are currently using, or delete <passwords file> to pick
> up the new default location of <VAR> (which has defaulted to TRIPLEO_ROOT)
>

This sounds like something I was trying in the first 10 revisions of
https://review.openstack.org/#/c/83250. I ended up ditching it because it
seemed like the logic was getting too complex.

Eg, if someone has multiple sets of password files, this is fine when we
see the first set  - we just copy it to $TRIPLEO_ROOT and print the
deprecation warning.

But later on if we see a second file - do we clobber the one in
$TRIPLEO_ROOT? Do we skip the copy and just print the deprecation warning,
maybe with an addendum to point out that we've seen two different files? Do
we diff the one in $CWD and the one in $TRIPLEO_ROOT to check if they're
the same?

At the time I was working on 83250 I decided it was simplest to not make
any attempt to clean up, but maybe it's time to revisit that decision.

>
> actually, I have probably being the first suggesting that we should
> parametrize the path to the password files so I want to add my
> motivations here
>
> the big win that I see here is that people may want to customize only
> some of the passwords, for example, the undercloud admin
>
> the script creating the password files is *already* capable of pushing
> in the file only new passwords, without regenerating passwords which
> could have been manually set in there already
>
> this basically implements the 'feature' I mentioned except people just
> doesn't know it!
>
> so I'd like we to expose this as a feature, from the early stages as
> Marios suggests too, maybe from devtest_variables
> --
> Giulio Fidente
> GPG KEY: 08D733BA
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Thanks,
> Jon-Paul Sullivan ☺ Cloud Services - @hpcloud
>
> Postal Address: Hewlett-Packard Galway Limited, Ballybrit Business Park,
> Galway.
> Registered Office: Hewlett-Packard Galway Limited, 63-74 Sir John
> Rogerson's Quay, Dublin 2.
> Registered Number: 361933
>
> The contents of this message and any attachments to it are confidential
> and may be legally privileged. If you have received this message in error
> you should delete it from your system immediately and advise the sender.
>
> To any recipient of this message within HP, unless otherwise stated, you
> should consider this message and attachments as "HP CONFIDENTIAL".
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140703/536586f1/attachment.html>


More information about the OpenStack-dev mailing list