So as part of the pumphouse integration, I've started poking around the Plugin Arch implementation as an attempt to plug it into the fuel master.
This would require that the plugin install a container, and some scripts into the master node. First look: I've looked over the fuel plugins spec [1] and see that the install script was removed from rev 15 ->16 (line 134) This creates problems do to the need of installing the container, and scripts so I've created a bug [2] for this so that we can allow for an install script to be executed prior to HCF for 6.0. Looking into the implementation of the install routine [3] to implement [2], I see that the fuelclient is extracting the tar blindly (more on that at #3) on the executor system that fuelclient is being executed from. Problems with this include 1) the fuelclient may not root be privileged (like in Mirantis OpenStack Express) 2) the fuelclient may not be running on the same system as nailgun 3) we are just calling .extractall on the tarball, this means that we haven't done any validation on the files coming out of the tarball. We need to validate that 3.a) the tarball was actually encoded with the right base path 3.b) that the tasks.yaml file is validated and all the noted scripts are found. Really, the install of the plugin should be handled by the nailgun side to help with 1,2. Whats next? There are many parts of PA that need to be extended, I think that these are the ones that we must tackle next to cover the most cases a) plugin packaging: it appears that non of the "core plugins" (those in fuel-plugins) are bundled into the iso. b) plugin signing: we cant have "core plugins" with out some method of testing, certifying, and signing them so that we can know that they are trusted. with the help of granular roles: c) the ability to replace or add new granular roles d) the ability to add or modify real roles with the help of advanced networks: e) add new network roles At some point soon, we also need to discuss making it easier to find a catalog of modules and pull them from it, but this is less important than the above [1] https://review.openstack.org/#/c/125608/15..16/specs/6.0/cinder-neutron-plugins-in-fuel.rst [2] https://bugs.launchpad.net/fuel/+bug/1395228 [3] https://github.com/stackforge/fuel-web/blob/master/fuelclient/fuelclient/objects/plugins.py#L49 -- Andrew Mirantis Ceph community _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
