I'll try and sum up while rebutting as I get confused when mail threads become to long. Your points as I understand them: 1. Moving the configuration to the instance level instead of system level is harder to implement. [A] You are right when you talk about existing codebase, the question is will future configuration be written directly as instance configuration or will we continue abusing the system configuration until it's integrated in. 2. Using the config for system level defaults. [A] Defaults are values that we as developers recommend for options. Letting the user change the defaults is actually letting the user set the value. If you are talking about configuration having a configuration hierarchy. Engine is not a parent objects to pin the hierarchy to as it's not an actual actor in the BL. 3. No need to set until there is an instance level tweak is required. [A] If you set up the configuration hierarchy properly you could have the attribute getters recognize this hierarchy and only have a setter (and the proper db scheme) written when instance level tweaking is required. This way you remove the complexity but keep object relation correctness. My opinion is usually that doing things properly might look like a lot of work now but in the long run you save more time. Further more, you can hide the fact that you are doing things wrong when you lack the time to actually do things properly. VDSM for instance hides global configuration accesses in instance getters and constructors. So even though the configuration is in the wrong place it is modeled in correctly and as we slowly move things the rest of the code isn't (for the most part) doing things like accessing objects configuration directly and other such atrocities. In more practical terms, you could have settings per class\service instead of per instance and later you can actually use this as the basis for a configuration hierarchy. IMO This will be easier to model into the current authentication model, and integrate in. Always remember that one of the pillars of OOP is encapsulation, so even if you decide to keep all the values in one table, it will be smart to still define who owns what values in code instead of having a ConfigurationManager singleton and have everyone access it directly. But again, I'm not as versed in the Engine code as you all are and this might be more complicated than it looks to an outsider. In broader strokes, my personal preference is to have an idea of how you want the configuration to work *ideally* and then start to take concessions due to resource limitations. Instead of just deciding to hack something in and worry about things later. ----- Original Message -----
From: "Itamar Heim" <iheim@redhat.com> To: "Saggi Mizrahi" <smizrahi@redhat.com> Cc: "Doron Fediuck" <dfediuck@redhat.com>, engine-devel@ovirt.org Sent: Sunday, April 1, 2012 7:12:51 PM Subject: Re: [Engine-devel] Reloadable Configuration - Wiki Page
On 03/31/2012 12:50 AM, Saggi Mizrahi wrote:
I'm sorry if I'm moving the conversation sideways a bit but I was ill for a few days and missed out on all the fun :). The whole debate about permissions is a causing my spidy sense to tingle.
My main question is, What are the options you actually want to make as engine configuration? At least from my experience with VDSM 99% of the configuration options we have shouldn't be VDSM configuration but instance attributes.
I don't think we should start by making every config variable at instance level. the config table allows system level defaults, which are easy to handle/manage. where there is sufficient need to create an instance level tweak, it is usually done with due consideration to making it a feature, which is usually a lengthier process.
To illustrate, the interval where you check liveness of hosts is not actually an Engine setting but a cluster or a host attribute. It should be set using the UI and the permissions to set it should be related to general permission on the object. The interval in which to check for storage liveness is a data center setting, not an Engine setting as well.
true, but apparently so far there wasn't a need to tweak it at DC or cluster level, and engine level was good enough. best is sometimes enemy of good. and adding a lot of configurable options at entity level doesn't necessarily make things simpler for admins to understand.
so i agree some options should be at instance level, but only when there is a good enough reason to do so.
In general most options in a system are tied to object instances. The only things that I can think of that are actual Engine configurations are DB location, memory settings of the JVM and other technical details that should be accessible and set by the local root user only. This is also why I thought it shouldn't be in the DB, because if it's in the DB it's actually shared between installation and it's like sharing apache's "max thread num" setting between hosts with different capabilities.
Technical limitations like not being able to update quartz tasks once they've been initiated should be circumvented or abstracted but not designed around.
----- Original Message -----
From: "Doron Fediuck"<dfediuck@redhat.com> To: "Itamar Heim"<iheim@redhat.com> Cc: engine-devel@ovirt.org Sent: Thursday, March 29, 2012 8:42:05 AM Subject: Re: [Engine-devel] Reloadable Configuration - Wiki Page
On 29/03/12 12:13, Itamar Heim wrote:
On 03/29/2012 11:59 AM, Doron Fediuck wrote:
On 29/03/12 10:54, Itamar Heim wrote:
On 03/29/2012 10:05 AM, Muli Salem wrote: > Thanks for the comments, I updated the wiki page accordingly: > http://www.ovirt.org/wiki/Features/ReloadableConfiguration > > 1. Instead of the new DB column is_reloadable --> > Annotation > to ConfigValues. > 2. Found a way to update the Quartz jobs, at least basic > issues > such as interval size. > 3. The values will be reloaded upon admin's decision to do so > - > with a new command in the engine-config CLI, since that is > where admins make the changes.
just wondering - how will the CLI do this at the technical level (via REST API? signal to service, etc.)?
Basically we need a script using the REST sdk to trigger re-configuration This script will need the engine's IP so it'll know where to find it. The thing is, REST also needs the admin's user and password to run...
We can get it in 2 options:
1. Store Admin's user+pass in the engine's conf file. 2. Use engine-config to fetch the credentials.
Once we have credentials, we can use it with a new script to trigger configuration reload. We can also incorporate this script into engine-config so admin won't need to know another script, and simply use a 'reload' verb.
I'm not keen on storing the credentials in a conf' file, but (unfortunately) it wouldn't be a first time. Any better alternative is welcome (just as patches ;-).
true.
A simple alternative to the whole credentials and IP need, is a simple periodic reload, as suggested initially.
Any thoughts on this?
/d
isn't there some way to send a process signal or something like that (not allowing remote access, but i think it uses the db crednetials from a local file anyway, and i don't think running config remotely is a must)
Simply signaling a process such as "kill TRAP PID" is problematic since: - The engine core is a web-app on top of JBoss, how do we know which pid to trigger? - What happens if JBoss isn't running / using nohup / ... ?
other options: 1. require user to provide user/password (kind of funny for running manage-domains utility, but possible This will make service xxx reload pointless, unless we decide to drop it and reduce to a simple script (embedded or not in the config utility).
2. use a way on the host to send a signal (change a file, process signal, etc.) Great. This means we need to poll a folder or similar (DB)... sounds familiar? See above the periodic reload. We can do it better if we look for a key in the DB (enableReconfigure=true), to avoid reloading in the middle of an update process of several keys. We still need to be careful from concurrency, but I have solutions for this as well (do not allow updates to vdc_options until the key becomes false again, also set it to false on initial boot).
3. Write a simple public reload servlet (maybe limit to local host only?), which we can call using simple curl http://xxx/reload?
As I see it now, I'd go for one of the following (in this order)- 2: periodically poll DB, reload only when allowed. 3: local servlet.
Thoughts? Better solutions? _______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel