[openstack-dev] [tripleo] When to use parameters vs parameter_defaults

Ben Nemec openstack at nemebean.com
Fri Dec 4 19:06:38 UTC 2015


On 11/20/2015 06:05 PM, Ben Nemec wrote:
> Thinking about this some more makes me wonder if we need a sample config
> generator like oslo.config.  It would work off something similar to the
> capabilities map, where you would say
> 
> SSL:
>   templates:
>     -puppet/extraconfig/tls/tls-cert-inject.yaml
>   output:
>     -environments/enable-ssl.yaml
> 
> And the tool would look at that, read all the params from
> tls-cert-inject.yaml and generate the sample env file.  We'd have to be
> able to do a few new things with the params in order for this to work:
> 
> -Need to specify whether a param is intended to be set as a top-level
> param, parameter_defaults (which we informally do today with the Can be
> overridden by parameter_defaults comment), or internal, to define params
> that shouldn't be exposed in the sample config and are only intended as
> an interface between templates.  There wouldn't be any enforcement of
> the internal type, but Python relies on convention for its private
> members so there's precedent. :-)
> -There would have to be some way to pick out only certain params from a
> template, since I think there are almost certainly features that are
> configured using a subset of say puppet/controller.yaml which obviously
> can't just take the params from an entire file.  Although maybe this is
> an indication that we could/should refactor the templates to move some
> of these optional params into their own separate files (at this point I
> think I should take a moment to mention that this is somewhat of a brain
> dump, so I haven't thought through all of the implications yet and I'm
> not sure it all makes sense).
> 
> The nice thing about generating these programmatically is we would
> formalize the interface of the templates somewhat, and it would be
> easier to keep sample envs in sync with the actual implementation.
> You'd never have to worry about someone adding a param to a file but
> forgetting to update the env (or at least it would be easy to catch and
> fix when they did, just run "tox -e genconfig").
> 
> I'm not saying this is a simple or short-term solution, but I'm curious
> what people think about setting this as a longer-term goal, because as I
> think our discussion in Tokyo exposed, we're probably going to have a
> bit of an explosion of sample envs soon and we're going to need some way
> to keep them sane.

So I went ahead and started on this:
https://review.openstack.org/#/c/253638/

It's still got some issues that I'm aware of, and surely some I'm not,
but I think I like where it's going.  Before I spend a ton of time
polishing it and writing up all the environments, I wanted to post
something to get feedback on how people feel about the way it works.

I know it needs to indicate which params don't have defaults and are
thus required (right now I think everything just gets a '' value), and
it would be nice if we could move the 'private' definitions into the
templates themselves somehow.  I left some other thoughts in the commit
message too.

Anyway, please take a look and let me know if this is something I should
pursue.

> 
> Some more comments inline.
> 
> On 11/19/2015 10:16 AM, Steven Hardy wrote:
>> On Mon, Nov 16, 2015 at 08:15:48PM +0100, Giulio Fidente wrote:
>>> On 11/16/2015 04:25 PM, Steven Hardy wrote:
>>>> Hi all,
>>>>
>>>> I wanted to start some discussion re $subject, because it's been apparrent
>>>> that we have a lack of clarity on this issue (and have done ever since we
>>>> started using parameter_defaults).
>>>
>>> [...]
>>>
>>>> How do people feel about this example, and others like it, where we're
>>>> enabling common, but not mandatory functionality?
>>>
>>> At first I was thinking about something as simple as: "don't use top-level
>>> params for resources which the registry doesn't enable by default".
>>>
>>> It seems to be somewhat what we tried to do with the existing pluggable
>>> resources.
>>>
>>> Also, not to hijack the thread but I wanted to add another question related
>>> to a similar issue:
>>>
>>>   Is there a reason to prefer use of parameters: instead of
>>> parameter_defaults: in the environment files?
>>>
>>> It looks to me that by defaulting to parameter_defaults: users won't need to
>>> update their environment files in case the parameter is moved from top-level
>>> into a specific nested stack so I'm inclined to prefer this. Are there
>>> reasons not to?
>>
>> The main reason is scope - if you use "parameters", you know the data flow
>> happens via the parent template (e.g overcloud-without-mergepy) and you
>> never have to worry about naming collisions outside of that template.
>>
>> But if you use parameter_defaults, all parameters values defined that way
>> are effectively global, and you then have to be much more careful that you
>> never shadow a parameter name and get an unexpected value passed in to it.
>>
>> Here's another example of why we need to decide this btw:
>>
>> https://review.openstack.org/#/c/229471/
>>
>> Here, we have some workers parameters, going only into controller.yaml -
>> this is fine, but the new options are completely invisible to users who
>> look at the overcloud_without_mergepy parameters schema as their interface
>> (in particular I'm thinking of any UI here).
>>
>> My personal preference is to say:
>>
>> 1. Any templates which are included in the default environment (e.g
>> overcloud-resource-registry-puppet.yaml), must expose their parameters
>> via overcloud-without-mergepy.yaml
>>
>> 2. Any templates which are included in the default environment, but via a
>> "noop" implementation *may* expose their parameters provided they are
>> common and not implementation/vendor specific.
> 
> This seems like a reasonable approach, although that "may" still leaves
> a lot of room for bikeshedding. ;-)
> 
> It might be good to say that in this case it is "preferred" to use a
> top-level param, but if there's a reason not to then it's acceptable to
> use parameter_defaults.  An example for the SSL case would be the
> certificate path - I specifically do not want that visibly exposed to
> the user at this point, so I wouldn't want it added to the top-level
> template.  I consider that an implementation detail where if you know
> what you're doing you can override it, but otherwise you shouldn't touch it.
> 
>>
>> 3. Any templates exposing vendor specific interfaces (e.g at least anything
>> related to the OS::TripleO::*ExtraConfig* interfaces) must not expose any
>> parameters via the top level template.
>>
>> How does this sound?
>>
>> This does mean we suffer some template bloat from (1) and (2), but it makes
>> the job of any UI or other tool requiring user input much easier, I think?
>>
>> Steve
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 




More information about the OpenStack-dev mailing list