> As far as I understand it, though, that's a patch for a read-only
> mode.  It seems bizzare, and possibly dangerous, to proxy read
> commands, but not write commands.  It gives the impression that
> everything's fine until it's not fine (because someone tried to use
> an existing script to do a create command).  IMHO, it would be better
> to just tell people up front "Update your scripts to use Ironic,
> because they won't work at all" instead of leading people (through
> empirical evidence) to believe that their scripts will work, and then
> having them discover later that something broke because they tried to
> create a node.

How is it dangerous? Most code making "write commands" would need to be
pretty diligent about making sure that the thing being requested
actually succeeded. Having the proxy allows us to return a reasonable
code for those things (i.e. 403 Forbidden, perhaps) instead of just "500
Huh? What?".

I was pro-proxy from the beginning, not because I think proxies are
awesome, but because that's what we do when we move things out of Nova's
API to other services. Some feel this is a purely admin API and that
gives us license to break our own rules here, but I don't really
understand where, when and why we draw that line. The code is written,
it's minor, and it gives a much more graceful response to the move. We
know there are people running this, with clusters in the thousands. We
don't know who they all are, what they're doing with it, and we don't
know that all of them are happy or expecting to immediately rewrite all
of their tools. I don't really see why this is a big deal.


Attachment: signature.asc
Description: OpenPGP digital signature

OpenStack-dev mailing list

Reply via email to