Open Stack

I'm writing this in regard to several reviews concering tagging 
functionality for EC2 API in nova.
The list of the reviews concerned is here:

https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:master+topic:bp/ec2-volume-and-snapshot-tags,n,z

I don't think it's a good idea to merge these reviews. The analysis is 
below:

*Tagging in AWS*

Main goal for the tagging functionality in AWS is to be able to 
efficiently distinguish various resources based on user-defined criteria:

"Tags enable you to categorize your AWS resources in different ways, for 
example, by purpose, owner, or environment.
...
You can search and filter the resources based on the tags you add."

(quoted from here: 
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html)

It means that one of the two main use-cases is to be able to use Tags as 
filter when you describe something. Another one is to be able to get 
information about particular tag with all of the resources tagged by it.
Also there is a constraint:

"You can tag public or shared resources, but the tags you assign are 
available only to your AWS account and not to the other accounts sharing 
the resource."

The important part here is "shared resources" which are visible to 
different users but tags are not shared - each user sees his own.
*
**Existing implementation in nova

*Existing implementation of tags in nova's EC2 API covers only 
instances. But it does so in both areas:
1. Tags management (create, delete, describe,...)
2. Instances filtering (describe_instances with filtering by tags).
The implementation is based on storing tags in each instance's metadata. 
And nova DB sqlalchemy level uses "tag:" in queries to allow instances 
describing with tag filters.

I see the following design flaws in existing implementation:

1. It uses instance's own metadata for storing information about 
assigned tags.
Problems:
- it doesn't scale when you want to start using tags for other 
resources. Following this design decision you'll have to store tags in 
other resources metadata, which mean different services APIs and other 
databases. So performance for searching for tags or tagged resources in 
main use cases should suffer. You'll have to search through several 
remote APIs, querying different metadatas to collect all info and then 
to compile the result.
- instances are not shared resources, but images are. It means that, 
when developed, metadata for images will have to store different tags 
for different users somehow.

2. EC2-specific code ("tag:" searching in novaDB sqlalchemy) leaked into 
lower layers of nova.
- layering is violated. There should be no EC2-specifics below EC2 API 
library in nova, ideally.
- each other service will have to implement the same solution in its own 
DB level to support tagging for EC2 API.

*Proposed review changes**
*
The review in question introduces tagging for volumes and snapshots. It 
follows design decisions of existing instance tagging implementation, 
but realizes only one of the two use cases. It provides "create", 
"delete", "describe" for tags. But it doesn't provide describe_volumes 
or describe_snapshots for filtering.

It suffers from the design flaws I listed above. It has to query remote 
API (cinder) for metadata. It didn't implement filtering by "tag:" in 
cinder DB level so we don't see implementation of describe_volumes with 
tags filtering.

*Current stackforge/ec2-api tagging implementation**

*In comparison, the implementation of tagging in stackforge/ec2-api, 
stores all of the tags and their links to resources and users in a 
separate place. So we can efficiently list tags and its resources or 
filter by tags during describing of some of the resources. Also 
user-specific tagging is supported.

*Conclusion

*Keeping in mind all of the above, and seeing your discussion about 
deprecation of EC2 API in nova, I don't feel it's a good time to add 
such a half-baked code with some potential problems into nova.*
*I think it's better to concentrate on cleaning up, fixing, reviving and 
making bullet-proof whatever functionality is currently present in nova 
for EC2 and used by clients.

Best regards,
   Alex Levine

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150203/8f98bf17/attachment.html>