-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create standard for mandatory and supported IaaS services #587
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some suggestions for minor rephrasing of some things inline.
Also one thing I only addressed in the review in a shallow manner so far: I believe we discussed in the community calls previously that we need to make a clearer distinction between OpenStack APIs and the services and be careful about the wording in standards. The OpenStack services are essentially reference implementations of the APIs. Wherever possible, the SCS should mandate the APIs and their functionalities, not the (backend) services. CSPs should be free to use whatever implementation they like as long as it provides the same API and behavior1. Especially when mandating components, this can be a make or break deal for CSPs. Footnotes
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two cosmetic issues and one question, which requires clarification.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the service lists themselves mostly LGTM, but I think some other parts could need some clarification, see the comments.
Thanks for working on this.
I think we should discuss the supported services list in the IaaS call, as this topic is very important and should not be merged without having overall agreement also for the supported service list. |
We discussed this PR today in the IaaS Call. Especially what "supported service" means.
In conclusion the PR should focus mor on APIs than OpenStack services. Which has the downside, that we would also need to clarify for each API endpoint, whether this is mandatory, recommended or optional / not needed. This is a direction which is worth going for, but this will add a load of complexity and might need specific documents for each service API. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I found mostly some typos and some missing replacements of /services/APIs/.
Signed-off-by: josephineSei <[email protected]>
Co-authored-by: Markus Hentsch <[email protected]> Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Co-authored-by: anjastrunk <[email protected]> Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Co-authored-by: Sven <[email protected]> Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
An other question came to my mind: How does a user know, which API version a certain SCS cloud supports? There is a document on certificates listing all effective standards for a certain scope and version. Standard on mandatory services will be part of a scopes/version, soon. How does the user/reader figure out, which API of which OpenStack service belongs to a given certificate scope and version. |
As discussed in the IaaS meeting, we want to standardize, that the s3 should be mandatory and swift only supported. The one open question to me (which needs to be tested) is how do we get an endpoint for s3 when we do not have swift? or do we require that swift should be always there - even just as a stump to provide that endpoint in the service catalog? |
I was able to test my script and Kurts script against a deployment from Cloud&Heat, which provides a Swift endpoint and also offers S3 behind this endpoint.
But it also came up, that there was another description for "block-storage" that was just volume. I need to adjust the test, to allow both options - or do we want to only allow one specific endpoint name:
I would like to answer the first question with yes, because in this way we will always have access to the object storage endpoint, regardless, what service is used. The second question is more difficult: we may need to adjust the tests to allow more than one name per service - each time a new name comes up. On the other hand: that will have a huge impact on CSPs, so I don't think, we should strictly only allow one name. |
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
I am installing a minIO server on the same machine my devstack runs on to create a setup, which has an OpenStack and an s3 on the same level but next to it and no Swift enabled. I am looking into minIO to create a user and credentials, which i can use for the test. |
I installed minio in a test environment and started it temporarily:
In another console tab I installed the minio client, logged in as admin, created a new user and gave that users rights to read and write:
After this I was able to test the script and made adjustments to it until I reached the point, where it succeeded:
When not giving the parameters it will fail:
|
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
Signed-off-by: josephineSei <[email protected]>
@gtema could you review this standard again? Do you have time to do this? If not can you just give a small notice? |
Signed-off-by: josephineSei <[email protected]>
…23-v1-mandatory-and-supported-IaaS-services.md Signed-off-by: josephineSei <[email protected]>
closes SovereignCloudStack/issues#528