[Engine-devel] Reloadable Configuration - Wiki Page
Saggi Mizrahi
smizrahi at redhat.com
Mon Apr 2 14:36:21 UTC 2012
I'll try and sum up while rebutting as I get confused when mail threads become to long.
Your points as I understand them:
1. Moving the configuration to the instance level instead of system level is harder to implement.
[A] You are right when you talk about existing codebase, the question is will future configuration be written directly as instance configuration or will we continue abusing the system configuration until it's integrated in.
2. Using the config for system level defaults.
[A] Defaults are values that we as developers recommend for options. Letting the user change the defaults is actually letting the user set the value. If you are talking about configuration having a configuration hierarchy. Engine is not a parent objects to pin the hierarchy to as it's not an actual actor in the BL.
3. No need to set until there is an instance level tweak is required.
[A] If you set up the configuration hierarchy properly you could have the attribute getters recognize this hierarchy and only have a setter (and the proper db scheme) written when instance level tweaking is required. This way you remove the complexity but keep object relation correctness.
My opinion is usually that doing things properly might look like a lot of work now but in the long run you save more time. Further more, you can hide the fact that you are doing things wrong when you lack the time to actually do things properly. VDSM for instance hides global configuration accesses in instance getters and constructors. So even though the configuration is in the wrong place it is modeled in correctly and as we slowly move things the rest of the code isn't (for the most part) doing things like accessing objects configuration directly and other such atrocities.
In more practical terms, you could have settings per class\service instead of per instance and later you can actually use this as the basis for a configuration hierarchy. IMO This will be easier to model into the current authentication model, and integrate in. Always remember that one of the pillars of OOP is encapsulation, so even if you decide to keep all the values in one table, it will be smart to still define who owns what values in code instead of having a ConfigurationManager singleton and have everyone access it directly. But again, I'm not as versed in the Engine code as you all are and this might be more complicated than it looks to an outsider.
In broader strokes, my personal preference is to have an idea of how you want the configuration to work *ideally* and then start to take concessions due to resource limitations. Instead of just deciding to hack something in and worry about things later.
----- Original Message -----
> From: "Itamar Heim" <iheim at redhat.com>
> To: "Saggi Mizrahi" <smizrahi at redhat.com>
> Cc: "Doron Fediuck" <dfediuck at redhat.com>, engine-devel at ovirt.org
> Sent: Sunday, April 1, 2012 7:12:51 PM
> Subject: Re: [Engine-devel] Reloadable Configuration - Wiki Page
>
> On 03/31/2012 12:50 AM, Saggi Mizrahi wrote:
> > I'm sorry if I'm moving the conversation sideways a bit but I was
> > ill for a few days and missed out on all the fun :).
> > The whole debate about permissions is a causing my spidy sense to
> > tingle.
> >
> > My main question is, What are the options you actually want to make
> > as engine configuration?
> > At least from my experience with VDSM 99% of the configuration
> > options we have shouldn't be VDSM configuration but instance
> > attributes.
>
> I don't think we should start by making every config variable at
> instance level.
> the config table allows system level defaults, which are easy to
> handle/manage.
> where there is sufficient need to create an instance level tweak, it
> is
> usually done with due consideration to making it a feature, which is
> usually a lengthier process.
>
> >
> > To illustrate, the interval where you check liveness of hosts is
> > not actually an Engine setting but a cluster or a host attribute.
> > It should be set using the UI and the permissions to set it should
> > be related to general permission on the object.
> > The interval in which to check for storage liveness is a data
> > center setting, not an Engine setting as well.
>
> true, but apparently so far there wasn't a need to tweak it at DC or
> cluster level, and engine level was good enough.
> best is sometimes enemy of good.
> and adding a lot of configurable options at entity level doesn't
> necessarily make things simpler for admins to understand.
>
> so i agree some options should be at instance level, but only when
> there
> is a good enough reason to do so.
>
> >
> > In general most options in a system are tied to object instances.
> > The only things that I can think of that are actual Engine
> > configurations are DB location, memory settings of the JVM and
> > other technical details that should be accessible and set by the
> > local root user only. This is also why I thought it shouldn't be
> > in the DB, because if it's in the DB it's actually shared between
> > installation and it's like sharing apache's "max thread num"
> > setting between hosts with different capabilities.
> >
> > Technical limitations like not being able to update quartz tasks
> > once they've been initiated should be circumvented or abstracted
> > but not designed around.
> >
> > ----- Original Message -----
> >> From: "Doron Fediuck"<dfediuck at redhat.com>
> >> To: "Itamar Heim"<iheim at redhat.com>
> >> Cc: engine-devel at ovirt.org
> >> Sent: Thursday, March 29, 2012 8:42:05 AM
> >> Subject: Re: [Engine-devel] Reloadable Configuration - Wiki Page
> >>
> >> On 29/03/12 12:13, Itamar Heim wrote:
> >>> On 03/29/2012 11:59 AM, Doron Fediuck wrote:
> >>>> On 29/03/12 10:54, Itamar Heim wrote:
> >>>>> On 03/29/2012 10:05 AM, Muli Salem wrote:
> >>>>>> Thanks for the comments, I updated the wiki page accordingly:
> >>>>>> http://www.ovirt.org/wiki/Features/ReloadableConfiguration
> >>>>>>
> >>>>>> 1. Instead of the new DB column is_reloadable -->
> >>>>>> Annotation
> >>>>>> to ConfigValues.
> >>>>>> 2. Found a way to update the Quartz jobs, at least basic
> >>>>>> issues
> >>>>>> such as interval size.
> >>>>>> 3. The values will be reloaded upon admin's decision to do so
> >>>>>> -
> >>>>>> with a new command in the engine-config CLI, since that is
> >>>>>> where admins make the changes.
> >>>>>
> >>>>> just wondering - how will the CLI do this at the technical
> >>>>> level
> >>>>> (via REST API? signal to service, etc.)?
> >>>>
> >>>> Basically we need a script using the REST sdk to trigger
> >>>> re-configuration
> >>>> This script will need the engine's IP so it'll know where to
> >>>> find
> >>>> it.
> >>>> The thing is, REST also needs the admin's user and password to
> >>>> run...
> >>>>
> >>>> We can get it in 2 options:
> >>>>
> >>>> 1. Store Admin's user+pass in the engine's conf file.
> >>>> 2. Use engine-config to fetch the credentials.
> >>>>
> >>>> Once we have credentials, we can use it with a new script to
> >>>> trigger configuration reload.
> >>>> We can also incorporate this script into engine-config so admin
> >>>> won't need to know another
> >>>> script, and simply use a 'reload' verb.
> >>>>
> >>>> I'm not keen on storing the credentials in a conf' file, but
> >>>> (unfortunately) it wouldn't
> >>>> be a first time. Any better alternative is welcome (just as
> >>>> patches ;-).
> >>>
> >>> true.
> >>>
> >>>>
> >>>> A simple alternative to the whole credentials and IP need,
> >>>> is a simple periodic reload, as suggested initially.
> >>>
> >>>
> >> Any thoughts on this?
> >>
> >>>
> >>>>
> >>>> /d
> >>>
> >>> isn't there some way to send a process signal or something like
> >>> that (not allowing remote access, but i think it uses the db
> >>> crednetials from a local file anyway, and i don't think running
> >>> config remotely is a must)
> >>>
> >> Simply signaling a process such as "kill TRAP PID" is problematic
> >> since:
> >> - The engine core is a web-app on top of JBoss, how do we know
> >> which
> >> pid to trigger?
> >> - What happens if JBoss isn't running / using nohup / ... ?
> >>
> >>> other options:
> >>> 1. require user to provide user/password (kind of funny for
> >>> running
> >>> manage-domains utility, but possible
> >> This will make service xxx reload pointless, unless we decide to
> >> drop
> >> it and reduce to a simple
> >> script (embedded or not in the config utility).
> >>
> >>> 2. use a way on the host to send a signal (change a file, process
> >>> signal, etc.)
> >> Great. This means we need to poll a folder or similar (DB)...
> >> sounds
> >> familiar?
> >> See above the periodic reload. We can do it better if we look for
> >> a
> >> key in the DB
> >> (enableReconfigure=true), to avoid reloading in the middle of an
> >> update process
> >> of several keys. We still need to be careful from concurrency, but
> >> I
> >> have solutions
> >> for this as well (do not allow updates to vdc_options until the
> >> key
> >> becomes false again,
> >> also set it to false on initial boot).
> >>
> >>>
> >> 3. Write a simple public reload servlet (maybe limit to local host
> >> only?), which
> >> we can call using simple curl http://xxx/reload?
> >>
> >> As I see it now,
> >> I'd go for one of the following (in this order)-
> >> 2: periodically poll DB, reload only when allowed.
> >> 3: local servlet.
> >>
> >> Thoughts?
> >> Better solutions?
> >> _______________________________________________
> >> Engine-devel mailing list
> >> Engine-devel at ovirt.org
> >> http://lists.ovirt.org/mailman/listinfo/engine-devel
> >>
>
>
More information about the Engine-devel
mailing list