[all][foundation][ecosystem] External projects under the foundation hat

Clark Boylan cboylan at sapwetik.org
Tue Jun 21 15:34:18 UTC 2022

On Tue, Jun 21, 2022, at 8:03 AM, Artem Goncharov wrote:
> Hi all,
> During the summit we had some nice conversations and I wanted to 
> actually use the chance and try to formalise the discussion to gather 
> broad opinions and ideally solutions.
> Sidenotes:>>>>>
> - I enjoy opendev
> - I really enjoy gerrit and find it an ultimate code review system
> - I can understand people not able to cope with additional complexity 
> and prefer pull request pattern to the change pattern

I think we should be careful with the assertion that Gerrit is more complex. It is different, but I'm not sure it is more complex. Pushing to Gerrit isn't any more complex than pushing to Github. Github even has the extra step of needing to open a pull request explicitly. But it is different and does require learning a different process.

> - I use PR change pattern for relatively simple projects (and lot of 
> other huge projects do it this way)
> - I am not blaming and not going to blame anybody here
> End sidenotes>>>>>>
> - Some month ago gophercloud folks came to us and wanted to give source 
> code under the foundation. Feedback from us was more or less: you 
> either host on opendev and use gerrit or not at all. Members of gopher 
> cloud rejected proceeding this way with detailed reasoning. I can fully 
> understand reasonings and I also observe similar issues with 
> auto-closed GitHub PRs (for SDK or OSC) and the fact that those changes 
> in most of the cases never really reach gerrit. Especially in the SDK 
> area it would have been very useful to get various SDKs under single 
> team to spread the know how and synchronise their feature sets. Maybe 
> even use shared credentials to public OpenStack clouds to verify and 
> publish their coverage.
> - Some software solutions (especially those based on Golang) were 
> designed with GitHub in mind and are actually not really working 
> outside. For example in order to publish provider for HashiCorp 
> Terraform into their registry your product must be hosted on GitHub 
> (particularly you must upload build artifacts as release on GH). There 
> is sadly no other possibility.

This isn't the only instance we've run into this. The CNCF's Cloud Native landscape (https://landscape.cncf.io/) requires open source projects be hosted on Github (not not proprietary systems....). From my perspective, I think this calls out why it is important for us to continue to push back against these rules. Software is built in a number of places and if we force people to use Github (and other proprietary tools) we move away from part of the mission here.

> - My company has created HashiCorp secretstore plugin for OpenStack and 
> we are willing to donate this under the foundation to have proper 
> ownership of the software (not to have our company name in the hosting 
> path since it is pretty confusing). From features point of view there 
> is still place to evolve and it would be cool to get other interested 
> parties to participate. We would be able to OpenDev without conceptual 
> issues and are going to request projects for that, but that still has 
> one issue: publishing of binary artifacts - not immediately available 
> in opendev (afaik). On GitHub we publish it as GH Release.

OpenDev supports publishing of binary artifacts through a number of mechanisms. OpenStack wheel packages are pushed to pypi, docker images are pushed to Docker Hub and Quay and so on, tarballs.opendev.org hosts other random artifacts as well. It sounds like you specifically need Github Releases though. Can you not trigger releases against mirrored content? I think that should work? You might need to be more specific about what the actual needs are here.

> As such the point I am trying to address is that we as a very big 
> project should be bit more open to the world of tools around OpenStack 
> (I mean explicitly **not** the OpenStack itself) and allow easy 
> integration for those who want to extend OpenStack ecosystem. Depending 
> on the particular application this may set certain limitations on the 
> solution (i.e. must be on GitHub, must use Jira, whatever) which might 
> be not compatible out of box with the OpenDev scheme. Do we as a open 
> community want to set strict boundaries or can we ease some of those 
> for the ecosystem around of OpenStack?
> - Would it be possible for the project hosted outside opendev be 
> governed by OIF and somehow visually belong to OpenStack? (As a user I 
> would definitely choose to use GitHub.com/openstack/project_x rather 
> then GitHub.com/some_crappy_nic/project_x)

OIF does have projects that are not hosted on OpenDev. Whether or not OpenStack wants to have projects hosted outside of OpenDev is probably the major item to sort out here.

> - Can such project enjoy Zuul integration not being part of opendev git 
> hosting? Technically it is surely possible (Ansible modules were tested 
> this way), but requires in my eyes precise definition.

The OpenDev team tried to provide CI integration with Github provided projects (some Kata repos) and found that we weren't able to do it at a level that was maintainable. Github itself poses a number of challenges, but we also found that projects there being even more disconnected were even less likely to be involved in helping themselves which is something that we currently rely on to make this collaboratory successful. All that to say we (the OpenDev team) cannot provide CI resources to Github repos.

We do provide third party CI for a small number of projects with the expectation that people on the OpenDev hosted project side are able to care and feed for that.

I think this calls out the fundamental disconnect here. We use open source tools because we believe that open source needs and should be built with open source tools. That does require a little bit of investment from the project side to ensure the tooling functions as needed and is maintained.

> P.S. For the case when zuul/github integration (management) is the only 
> limiting factor I will be gladly supporting the integration and 
> maintenance, since we have created an Ansible collection for managing 
> of GitHub organisations/projects/teams/members (in the project-config 
> spirit) which we use to manage our deployment (and I know others are 
> using it as well).
> Tell me what you think and let us, please, focus on how to cope with 
> different expectations rather which one is right and which is wrong.
> Thanks a lot,
> Artem

More information about the openstack-discuss mailing list