-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/10/2014 01:13 PM, Dan Smith wrote: >> As far as I understand it, though, that's a patch for a >> read-only mode. It seems bizzare, and possibly dangerous, to >> proxy read commands, but not write commands. It gives the >> impression that everything's fine until it's not fine (because >> someone tried to use an existing script to do a create command). >> IMHO, it would be better to just tell people up front "Update >> your scripts to use Ironic, because they won't work at all" >> instead of leading people (through empirical evidence) to believe >> that their scripts will work, and then having them discover later >> that something broke because they tried to create a node. > > How is it dangerous? Most code making "write commands" would need > to be pretty diligent about making sure that the thing being > requested actually succeeded. Having the proxy allows us to return > a reasonable code for those things (i.e. 403 Forbidden, perhaps) > instead of just "500 Huh? What?". > > I was pro-proxy from the beginning, not because I think proxies > are awesome, but because that's what we do when we move things out > of Nova's API to other services. Some feel this is a purely admin > API and that gives us license to break our own rules here, but I > don't really understand where, when and why we draw that line. The > code is written, it's minor, and it gives a much more graceful > response to the move. We know there are people running this, with > clusters in the thousands. We don't know who they all are, what > they're doing with it, and we don't know that all of them are happy > or expecting to immediately rewrite all of their tools. I don't > really see why this is a big deal.
I wasn't aware that this was already written when I replied originally, and that fact does reduce my opposition somewhat. I still have issues though: 1) Is this tested anywhere? There are no unit tests in the patch and it's not clear to me that there would be any Tempest coverage of this code path. Providing this and having it break a couple of months down the line seems worse than not providing it at all. This is obviously fixable though. 2) If we think maintaining compatibility for existing users is that important, why aren't we proxying everything? Is it too difficult/impossible due to the differences between Baremetal and Ironic? And if they're that different, does it still make sense to allow one to look like the other? As it stands, this isn't going to let deployers use their existing tools without modification anyway. - -Ben > > --Dan > > > > _______________________________________________ OpenStack-dev > mailing list OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUEKMKAAoJEDehGd0Fy7uqzNsH+gPv45+IKWJEVeQK4/bd5KAa SjUch6kmTaWkHxMCcIrm3E9bug0zU/64jhtlJuLWfDohqK4I3NRnaY7Ur5R6aEx7 QsXa74LS+cl2n8ydcVAGtmTYzRyLfF+Qvocu8pUZ3ZP+d4A73lkX09B3s07hwY02 e87blL9E6/T9/4ni+186RDrMEnD8TIY3oD4cnbAgib9tVNBMitqlGuFGqdp7gRDW q0GMzh2bmbQRTE2OpEtSbjsVm+qeVsbVACg+bsM/y62ZT3TTO5NyqbYZPJJfDDy4 ys4rbJT6fDZLz2L5G835jAHMwUc54vLdXAz/blo/TsI1LCiJTHvIaWLdgsMSqAY= =vcMK -----END PGP SIGNATURE----- _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev