On Fri, May 29, 2015 at 9:55 AM, Fox, Kevin M <[email protected]> wrote: > As an Op, I really > really want to replace one image with a new one atomically with security > updates preapplied. Think shellshock, ghost, etc. It will be basically be > the same exact image as before, but patched.
On Fri, May 29, 2015 at 11:16 AM, Georgy Okrokvertskhov <[email protected]> wrote: > I believe that current app store approach uses only image name rather then > ID. So you can replace image with a new one without affecting application > definitions. In my opinion this is a pretty serious shortcoming with the app catalog as it stands right now. There's no concept of versions for catalog assets, only whatever is put in with the asset name. It's not obvious when the binary component of an asset has been replaced for instance. Maybe the latest one has the security updates applied, maybe it doesn't? If you are watching the repo you might catch it, but that's not very use friendly. We are also unable to account for duplicate names currently (i.e. no protection against having two identically named glance images). I think the easiest way to handle at least the versions is by including additional information in the metadata. If we eventually switch to using the artifacts implementation in glance, I think some of this is resolved, but a switch like that is a long way off. Any thoughts on what we could do in the near term? -Christopher __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
