[openstack-dev] [glance] proposed priorities for Mitaka
Flavio Percoco
flavio at redhat.com
Tue Sep 15 08:54:04 UTC 2015
On 14/09/15 15:51 -0400, Doug Hellmann wrote:
>Excerpts from Flavio Percoco's message of 2015-09-14 14:41:00 +0200:
>> On 14/09/15 08:10 -0400, Doug Hellmann wrote:
[snip]
>> The task upload process you're referring to is the one that uses the
>> `import` task, which allows you to download an image from an external
>> source, asynchronously, and import it in Glance. This is the old
>> `copy-from` behavior that was moved into a task.
>>
>> The "fun" thing about this - and I'm sure other folks in the Glance
>> community will disagree - is that I don't consider tasks to be a
>> public API. That is to say, I would expect tasks to be an internal API
>> used by cloud admins to perform some actions (bsaed on its current
>> implementation). Eventually, some of these tasks could be triggered
>> from the external API but as background operations that are triggered
>> by the well-known public ones and not through the task API.
>
>Does that mean it's more of an "admin" API?
As it is right now, yes. I don't think it's suitable for public use
and the current supported features are more useful for admins than
end-users.
Could it be improved to be a public API? Sure.
[snip]
>> This is definitely unfortunate. I believe a good step forward for this
>> discussion would be to create a list of issues related to uploading
>> images and see how those issues can be addressed. The result from that
>> work might be that it's not recommended to make that endpoint public
>> but again, without going through the issues, it'll be hard to
>> understand how we can improve this situation. I expect most of this
>> issues to have a security impact.
>
>A report like that would be good to have. Can someone on the Glance team
>volunteer to put it together?
Here's an attempt from someone that uses clouds but doesn't run any:
- Image authenticity (we recently landed code that allows for having
signed images)
- Quota management: Glance's quota management is very basic and it
allows for setting quota in a per-user level[1]
- Bandwidth requirements to upload images
- (add more here)
[0] http://specs.openstack.org/openstack/glance-specs/specs/liberty/image-signing-and-verification-support.html
[1] http://docs.openstack.org/developer/glance/configuring.html#configuring-glance-user-storage-quota
[snip]
>> This is, indeed, an interesting interpretation of what tasks are for.
>> I'd probably just blame us (Glance team) for not communicating
>> properly what tasks are meant to be. I don't believe tasks are a way
>> to extend the *public* API and I'd be curious to know if others see it
>> that way. I fully agree that just breaks interoperability and as I've
>> mentioned a couple of times in this reply already, I don't even think
>> tasks should be part of the public API.
>
>Whether they are intended to be an extension mechanism, they
>effectively are right now, as far as I can tell.
Sorry, I probably didn't express myself correctly. What I meant to say
is that I don't see them as a way to extend the *public* API but
rather as a way to add functionality to glance that is useful for
admins.
>> The mistake here could be that the library should've been refactored
>> *before* adopting it in Glance.
>
>The fact that there is disagreement over the intent of the library makes
>me think the plan for creating it wasn't sufficiently circulated or
>detailed.
There wasn't much disagreement when it was created. Some folks think
the use-cases for the library don't exist anymore and some folks that
participated in this effort are not part of OpenStack anymore.
[snip]
Flavio
--
@flaper87
Flavio Percoco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150915/fe33a8fb/attachment.pgp>
More information about the OpenStack-dev
mailing list