From: Brian Rosmaita [mailto:brian.rosma...@rackspace.com]
>Or you can just use it as the basis of a Cinder property protection config 
>file,
>because I wonder whether in the general case, you'll always want volume
>properties protected exactly the same as image properties.  If not, the new
>API call strategy will force you to deal with differences in the code, whereas
>the config file strategy would move dealing with differences to setting up the 
>config file.

Once an instance is launched, the "image" properties are treated the same and 
lose distinction of whether they came from an image or a bootable volume in 
Nova. I agree with Facundo that maintaining a consistency between configuration 
files sounds like a configuration drift risk to me opening the opportunity to 
bypass protected properties. Also, commands in Cinder like upload-to-image may 
fail because a bootable volume is created with image properties that Glance 
doesn't actually allow.

Why not have a single source of truth for protected properties coming from 
Glance? A small possible downside I see is that the Glance API will get hit 
more often, but maybe we can optimize that?

This does sound like a good topic for the Glance meeting, but since it is a 
Cinder topic as well, it would be good to get Cinder team feedback.

-Travis

From: Maldonado, Facundo N [mailto:facundo.n.maldon...@intel.com]
Sent: Wednesday, June 25, 2014 7:34 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [cinder][glance] Update volume-image-metadata 
proposal

Thanks for the response, I'll be there this Thursday.

Having the file in more than one place could me a nightmare if we have to 
maintain consistency between them.
It could be good if we want to protect different properties than Glance.

Thanks,
Facundo

From: Brian Rosmaita [mailto:brian.rosma...@rackspace.com]
Sent: Tuesday, June 24, 2014 7:10 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [cinder][glance] Update volume-image-metadata 
proposal

Hi Facundo,

Can you attend the Glance meeting this week at 20:00 UTC on Thursday in 
#openstack-meeting-alt ?

I may be misunderstanding what's at stake, but it looks like:
- Glance holds the image metadata (some user-modifiable, some not)
- Cinder copies the image metadata to use as volume metadata (none is 
user-modifiable)
- You want to implement user-modifiable metadata in Cinder, but you don't know 
which items should be mutable and which not.
- You propose to add glance API calls to allow you to figure out property 
protections on a per-property basis.

It looks like the only roles for Glance here are (1) as the original source of 
the image metadata, and then (2) as the source of truth for what image 
properties can be modified on the volume metadata.  For (1), you've already got 
an API call.  For (2), why not use the glance property protection configuration 
file directly?  It's going to be deployed somehow to your glance nodes, you can 
deploy it to your cinder nodes at the same time.  Or you can just use it as the 
basis of a Cinder property protection config file, because I wonder whether in 
the general case, you'll always want volume properties protected exactly the 
same as image properties.  If not, the new API call strategy will force you to 
deal with differences in the code, whereas the config file strategy would move 
dealing with differences to setting up the config file.  So I'm not convinced 
that a new API call is the way to go here.

But there may be some nuances I'm missing, so it might be easier to discuss at 
the Glance meeting.  The agenda looks pretty light for Thursday if you want to 
add this topic:
https://etherpad.openstack.org/p/glance-team-meeting-agenda

cheers,
brian
________________________________
From: Maldonado, Facundo N [facundo.n.maldon...@intel.com]
Sent: Tuesday, June 24, 2014 2:34 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] [cinder][glance] Update volume-image-metadata proposal
Hi folks,

                I started working on this blueprint [1] but the work to be done 
is not limited to cinder python client.
                Volume-image-metadata is immutable in Cinder and Glance has 
RBAC image properties and it doesn't provide any way to find out which are 
those protected properties in advance [2].

                I want to share this proposal and get feedback from you.
                
https://docs.google.com/document/d/1XYEqGOa30viOyZf8AiwkrCiMWGTfBKjgmeYBptaCHlM/


Thanks,
Facundo

[1] 
https://blueprints.launchpad.net/python-cinderclient/+spec/support-volume-image-metadata
[2] 
http://openstack.10931.n7.nabble.com/Cinder-Confusion-about-the-respective-use-cases-for-volume-s-admin-metadata-metadata-and-glance-imaga-td39849.html

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to