Open Stack

On Fri, May 29, 2015 at 7:55 PM, Fox, Kevin M <Kevin.Fox at pnnl.gov> wrote:

>  As an Op, I really really want to replace one image with a new one
> atomically with security updates preapplied. Think shellshock, ghost, etc.
> It will be basically be the same exact image as before, but patched.
> Referencing local ID's explicitly makes it harder to ensure things are
> patched, since new vm's will tend to pop up after things are patched with
> new vulnerabilities.
>

​That's the exact use case for the versioning concept we have in Artifacts:
each artifact is identified by name and version, so there is always "latest
version of X" ​and an API call which returns it. However, that's the
question of different API calls and their proper usage: get-by-id returns
the very same object which was uploaded, and get by name - the latest
object matching the required version. First is good for bit-to-bit
immutability guarantees, cache checks etc, second - for the use cases like
yours.
Same is true for the cross-artifact dependency relations: they may be
static (i.e. reference by ID) or dynamic (i.e. reference by name and
version).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150601/0d34de50/attachment.html>