Merge lp:~rconradharris/nova/lp794672 into lp:~hudson-openstack/nova/trunk

lgtm.

Hi Rick,

I think we need to add '/v1' into generated URL in the image_url function (line 158).

Also, How would an end user actually specify the new Glance API server list in the nova.conf file?

Thanks.

Dan

I'm not quite so sure this belongs in Nova. This is adding a very simple load-balancing implementation that, to be useful, needs to be very well thought out. For example, what happens when one of your glance servers is down? What if the glance servers are running different versions of the registry api? I think this is a good idea that should be left up to a deployer.

As a side note, I couldn't get the flag set up correctly. What should that look like?

Sorry. Couple more thoughts here.

Do we want to maintain backwards compatibility with the old glance_host/glance_port flags as well? I mean if a user specifies only the glance_host/glance_port options we could use that. Otherwise if the new glance_api_servers is specified we could use it instead of the legacy flags.

I feel like we're trying to program in a solution where a better solution already exists. What is the problem with making glance_host == a load balanced IP and using conventional load balancing to do the job here? Load balancing logic doesn't belong in Nova in my opinion. It's just going to complicate the code unnecessarily.

I'd agree with the rest of the comments about better solutions being available (using a LB in the deployment). This works, of course, but it's not ideal.

What's next? Weighted-least-connections algorithm support? Automatic health checks? Caching? Adding/removing nodes on the fly?

I'd really prefer to leave this out as the only time I'd want to use this is in development...where you don't need load balancing.

Brian Lamar--

> I feel like we're trying to program in a solution where a better solution already exists. What is
> the problem with making glance_host == a load balanced IP and using conventional load balancing to
> do the job here? Load balancing logic doesn't belong in Nova in my opinion. It's just going to
> complicate the code unnecessarily.

I really can't argue with this because, for the most part, this is exactly right. In fact, as mentioned above, that was the original idea behind having a single IP-- we just shove load-balancing off to something that can do it well.

But, leading into your next observation...

> I'd really prefer to leave this out as the only time I'd want to use this is in development...where you don't need load balancing.

There's the rub. According to Ant, they're running into issues testing where Glance is the bottleneck. Of course, we could always say, 'just toss a LB in there'.

The issue with that is, they're going to be spinning-up and tearing-down test envs left and right. It could be a burden to constantly have to configure an external component each time. In this case, dirt-simple `random.choice` is good 'nuff though.

> What's next? Weighted-least-connections algorithm support? Automatic health checks? Caching?
> Adding/removing nodes on the fly?

If each one of those had compelling arguments to why they should be included for testing and dev, then yeah, maybe should consider adding rudimentary versions of those. But, none of the above seem very compelling :).

I think the take-away is, from my perspective, we may need to add some less-than-ideal versions of components to facilitate testing. Sure, it will complicate the code somewhat. Hopefully reduced friction amortized over hundreds of test iterations make the trade-off worth it.

Brian Waldon--

> This is adding a very simple load-balancing implementation that, to be useful, needs to be very well thought out. For example, what happens when one of your glance servers is down

This is just to facilitate load-testing. The recommendation, as before, stands: use a real load-balancer in prod.

> As a side note, I couldn't get the flag set up correctly. What should that look like?

Hmm, I'll look into that.

Dan--

> Do we want to maintain backwards compatibility with the old glance_host/glance_port flags as well?

Good question.

My preference is to just rip the band-aid off, make the change to using a list, and have one correct way going forward. Post-diablo it will be much harder, I think, to deprecate glance_host and glance_port.

Hey Rick, while I was writing that response I had a feeling it was something Ant/Ozone was running in to and I really see the motivation behind this change here.

However, if we're running into load issues during testing I feel the next logical step is to increase the realism in the testing environment instead of molding the code to fit the needs of testing.

We're going to have to automate the deployment of load balancers eventually anyway, right? I know it's one more thing but I still feel this isn't the place to put this code. Maybe others disagree, and I'll step aside if so.

> However, if we're running into load issues during testing I feel the next logical step is to
> increase the realism in the testing environment instead of molding the code to fit the needs of
> testing.

I like this idea, but I think that's a medium-term goal; it's probably not going to solve the testing problem tomorrow.

I would consider this patch (an admittedly hacky) stop-gap to get us by until we get something more prod-like setup in our testing envs.

I'd second blamar's last statement, the testing deployment should include the load balancer setup and config, this isn't radically different from any other steps we take via the chef scripts we've used already.

124 + self.stubs = stubout.StubOutForTesting()
125 self.client = StubGlanceClient(None)
126 - self.service = glance.GlanceImageService(self.client)
127 + self.service = glance.GlanceImageService()
128 + self.stubs.Set(self.service, 'client', self.client)
129 self.context = context.RequestContext(None, None)

This change seems to hurt rather than help. For one, now I have to know about stubout in order to fully understand the tests. For another, now if I change how the glance image service calls its internal variables, I have broken a bunch of tests without doing anything wrong. Can we stick with the way we were doing it before, please?

> Can we stick with the way we were doing it before, please?

Sure.

Though, `stubout` and `mox` are used across a bunch our tests already. My completely non-scientific opinion is that dependency-injection is used much less frequently. So, there is a risk that we're making things worse by having two separate ways of achieving the exact same thing.

Personally, I'd prefer we settle on using stubs, but that might be a question better suited for the ML.

Mainly this came out of my discussion with Rick about getting around the bottlenecks of hitting the single glance server when doing 500 builds at once. The Glance server was getting slammed hard from the sheer number of simultaneous builds.

I agree that full production environment would utilize load balancers to properly set load up across multiple glance-api. For a user with a smaller environment, or for stress testing, the patch might be useful to some.

Re-proposing this with fixes to address the comments above. Notes in-line.

> As a side note, I couldn't get the flag set up correctly. What should that look like?

Good catch. Looks like DEFINE_list doesn't work with arbitrarily nested structures, just lists of strings. To handle this, reworked code to use host:port format. So, config would look like:

  --glance_api_servers=127.0.0.1:9292,92.0.0.2:9292

> I think we need to add '/v1' into generated URL in the image_url function (line 158).

Looks like this was moot. The function `image_urls` was only called within an objectstore specific method in xenapi.vm_utils, so the Glance part of the switch could just go away.

Also, since it's not re-used anywhere else (nor would it be at this point), I just moved to the code over to where it's used.

> Can we stick with the way we were doing it before, please?

Done

I'm leaning toward the above comments about using a load balancer. It is it too complex to write a testing script that throws up 4 glance servers and HAProxy? We do the above for nova-api in all of our production deploys and it isn't too difficult.

> Dan--
>
> > Do we want to maintain backwards compatibility with the old
> glance_host/glance_port flags as well?
>
> Good question.
>
> My preference is to just rip the band-aid off, make the change to using a
> list, and have one correct way going forward. Post-diablo it will be much
> harder, I think, to deprecate glance_host and glance_port.

Thanks Rick. I agree.

After a bit of pondering I think I actually like the single --glance_api_servers flag better anyway.

Regarding some of the other comments I would say that nothing you've done here prevents anyone from using a load balancer. Using a load balancer is certainly a good option. However the Glance image service is unique in that it is bandwidth intensive and providing a simple random choice option within nova seems reasonable to me. Sounds like a practical approach to me.

Good work!

BTW. If it gives anyone any confidence Smoke tests for EC2 and the OSAPI pass for this branch after I make the change to nova.conf to use --glance_api_servers.

Cheers.

I'm personally not interested in this feature, so I'll let everybody else decide if it goes in. This will definitely achieve the goal of randomizing requests across multiple glance nodes, but it will also randomly expose inconsistencies between them. If we really want a robust "load-balancing" feature we should implement it generically after a blueprint design discussion.

Sorry, Rick, I should have asked about this earlier:

93 + self._client = client
94 +
95 + def _get_client(self):
96 + # NOTE(sirp): we want to load balance each request across glance
97 + # servers. Since GlanceImageService is a long-lived object, `client`
98 + # is made to choose a new server each time via this property.
99 + if self._client is not None:
100 + return self._client
101 + glance_host, glance_port = pick_glance_api_server()
102 + return GlanceClient(glance_host, glance_port)
103 +
104 + def _set_client(self, client):
105 + self._client = client
106 +
107 + client = property(_get_client, _set_client)

I am concerned about consistency problems. If there is a problem with one glance server, is it going to make it too hard to debug? For example, if I connect to one server to list images, and then another server to get images, it might not be clear where the problem is. It also might create some odd situations with pagination. (A lot of these problems would exist with insufficiently sticky load balancers as well.)

If my concern points to an actual problem, perhaps the solution is to look at making the glance image service a short-lived object.

After some more thought, I'm not sure if there's any good way to handle an inconsistency among glance servers that are supposed to be identical (short of statically configuring each compute node in a round-robin fashion). So I'll pull my 'needs information' but I'd still love to hear any thoughts you have about this.

Brian:

> If we really want a robust "load-balancing" feature we should implement it generically after a blueprint design discussion.

From the sound of it, I don't think anybody wants to include real load-balancing logic into Nova.

Mark:
> I am concerned about consistency problems. If there is a problem with one glance server, is it going to make it too hard to debug?

Sporadic failures (timeouts, hung nodes, etc) are a fact of life in any load-balanced setup.

Any step we take to mitigate that will lead us down the rabbit-hole of re-inventing a real-world load-balancer; definitely not a problem we should be solving.

I think this gives us the best trade-off of simplicity vs. does-the-job.

> It also might create some odd situations with pagination

AFAIK we're passing in the pagination state with the request. Since there's no shared state, this shouldn't be a problem.

Things could get trickier when we start managing sessions as part of authn & authz. Though, as long as we keep that state outside of the glance-api server (using memcached or something), we shouldn't have a problem.

Given that it's at +2 with 3 +0's, I'm going to go ahead and merge this in.