[all][tc][horizon] A web tool which helps administrators in managing openstack clusters
Adrian Turjak
adriant at catalyst.net.nz
Wed Aug 28 02:16:35 UTC 2019
Even if we agreeded that direct DB access was OK (it isn't), it is worth
adding that this tool will not be backwards compatible in any way. It
will always be linked to the current release DB schema. It wouldn't
handle mixed version clouds, or anything even a little out of sync
without a lot of extra complexity.
Horizon, as awful as it is at times, is great in that it is backwards
compatible VERY far, and in fact we have historically run Horizon close
to master, while lagging behind in other services at various versions.
On 27/08/19 9:04 PM, Thierry Carrez wrote:
> Douglas Zhang wrote:
>> [...]
>> As Adrian Turjak said:
>>
>> The first major issue is that you connect to the databases of the
>> services directly. That's a major issue, both for long term
>> compatibility, and security. The APIs should always be the main
>> point of contact and the ONLY contract that the services have to
>> maintain. By connecting to the database directly you are now relying
>> on a data structure that can, and likely will change, and any
>> security and sanity checking on filters and queries is now handled
>> on your layer rather than the application itself. Not only that, but
>> your dashboard also now needs passwords for all the databases, and
>> by the sounds of it all the message queues.
>>
>> And as Mohammed Naser said:
>>
>> While I agree with you that querying database is much faster, this
>> introduces two issues that I imagine for users: [...]
>>
>> * also, it will make maintaining the project quite hard because I
>> don't think any projects expose a /stable/ database API.
>>
>> Well, we’re not surprised that our querying approach would be
>> challenged since it does sound unsafe. However, we have made some
>> efforts to solve problems which have been posed: [...]
>>
>> I hope my explanation is clear enough, and we’re willing to solve
>> other possible issues existing.
>
> Thanks for the replies!
>
> As I highlighted above, you did not address the main issue raised by
> Adrian and Mohammed, which is that the database schema in OpenStack
> services is not stable. Our project teams only commit to one public
> API, and that is the REST one.
>
> Querying the database directly is definitely faster (both in original
> coding and query performance), but you incur enormous technical debt
> by taking this shortcut. *Someone* will have to care about keeping
> openstack-admin queries and projects database schema in sync forever
> after. That means projects either need to commit to a stable database
> API in addition to a stable REST API, *or* openstack-admin maintainers
> will have to keep up with any database schema change in any future
> version of any component they interact with.
>
> At this point in the history of OpenStack, IMHO we need to care more
> about long-term sustainability with a limited number of maintainers,
> than about speed. There are definitely optimizations that can be made
> to make the slowest queries faster, without incurring massive
> technical debt that will have to be repaid by maintainers forever after.
>
> It's definitely less funny and rewarding than writing a superfast new
> database-connected dashboard, but I'd argue that it is where
> development resources should be spent today...
>
More information about the openstack-discuss
mailing list