[Ansible-service-broker] openstack-service-broker
Artem Goncharov
artem.goncharov at gmail.com
Mon Jul 2 08:20:54 UTC 2018
Hi everybody,
we have started a small POC in openstack to cover openstack services as
APB, since it looks very promising. Doing some further analysis of APB I
came up to a set of questions, which should be answered before we can
really start effective development.
A current very high level idea is to provide multiple APBs for each
individual resource type (i.e. compute, keypair, database, heat stack,
etc.). Provisioning might in this case do "nothing", or simply prepare
secrets for connecting to openstack. And then `bind` will take care of real
assignation/allocation.
- It would have been nice to offer a single `OpenStack APB` with multiple
actions, but it seems not to be possible. Right? Advantage here would have
been, that once the connection is configured, the user might simply select
which type of resource he wants to allocate, instead of each time
provisioning new resource, repeating connection information.
- Is it possible to consume deployed Secrets or ConfigMaps in the APB
parameters? One approach is to create separate APB to store connection
configuration (let's say openstack-configuration-apb) and then to give user
possibility to select connection for provisioning/binding individual
resource. So probably this item consists of 2 questions:
- Is it possible to do a "query" to populate APB parameter values (i.e.
check if some service is provisioned)?
- Is there a security concern (assume there is) of consuming secrets from
other APBs? As I mentioned one APB might install openstack connection
configuration and store it as a secret, and other APBs are consuming it
- What is the state of binding parameters support? Those are not clearly
present in the official documentation, but present in some blog
posts, hello-world-db-apb and mentioned as experimental feature (
https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/getting_started_async_bind.md#bind)?
Is it already supported, that I might bind multiple resource instances
(i.e. different databases or keypairs) and have possibility to unbind them
individually? How should I process `asb_encode_binding` to store bindings
individually?
- What is the expected timeline for async binding? I guess with lots of
openstack resources we will definitely rely on this (creating KeyPair takes
seconds, while creating/allocating DB or host might take minutes).
- There are 2 approaches found for creating APB:
- single APB with multiple roles per action type (documentation and some
example APBs)
- single APB with single role (some example APBs, i.e.
https://github.com/ansibleplaybookbundle/postgresql-apb)
I personally find second approach better, since it allows to reuse vars,
defaults, publish role, use k8_raw, openshift_raw with "reusable" templates
of the direct API instead of wrappers (with unfortunate parameters
renaming). This method is however not documented and not used by `apb
init`. So what is the "best practice" method?
- Also I have found with try-error method, that i.e. StatefulSet apiVersion
should be `v1` for use with k8s_raw and not `apps/v1` or `apps/v1beta1` or
`apps/v1beta2`, as with ansible-kubernetes-modules. Might be wrong to ask
it here, but anyway - any docs available?
- postgresql-apb, hello-world-apb and lots of other example APBs are
defining special variables (i.e. app_name, pod_lookup, deployment_query).
Those are not documented anywhere, but seems to be magically expected by
openshift to detect status of the "service" in the openshift. At least
using documentation approach of writing APB (without defining those) I was
not able to see my "app" provisioned under "provisioned services". Writing
sample APB (defining those variables following samples), which simply
creates config map and secrets during "provision" phase shows my app in a
status "failed", but `apb run` was completed successfully. What is the
requirement here? How do I define those, if my "service" provides
combination of multiple deployments and StatefulSets?
- What is really the recommended purpose of `apb test`?
https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/getting_started_async_bind.md#test
- mentioned it is for the basic sanity checks, but
https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/proposals/testing_implementation.md
does the real verification of a `apb run` with some test values.
- What is the recommendation of testing APBs in CI? How can we implement
tests of APBs in Openstack Zuul? Do we need a "full blown" openshift/k8, or
is there some stubbing/lite version available and recommended?
- How do I define default service broker repositiory to be used for
bootstrapping APB in openshift? If I install minishift with service catalog
it is being pre-populated with docker and local registries. While I can
consume APBs (provision APB) I am not able to do a `apb push`, which fails
with '504', unless I remove docker registry from configuration.
Unfortunately I was not able to find an answer in docs
- How does openshift categorize APBs. I see in minishift, that all APBs are
landing in the "other" category. Any requirements or future ideas here?
I would really appreciate answers to any of those questions.
Thanks a lot in advance,
Artem
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/ansible-service-broker/attachments/20180702/aa2dd0a9/attachment.htm>
More information about the Ansible-service-broker
mailing list