Dev Meeting Summary - 2011/7/28

Fri Jul 29 17:03:39 UTC 2011

Meeting Notes - 7/28/2011

Discussion Points.

- bug 814987: config-changed hook is retried on 'resolved' even when --retry is not passed

  Background: config-changed is always run before a service is started, a bug in the config-changed hook can create a wedged state which the resolved subcommand can't fix, as the config-change hook is always run.

  Long discussion about the overall goals represented by this bug. Main points, ensemble should allow upgrades from failed states by trying to transition it automatically started post upgrade, formula upgrade hooks still run first, and config-changed should be run after upgrade. 

  Short term fix for the bug, config-changed shouldn't be executed when doing resolved without --retry.

- review queue

  We need to do a better job. For now we'll see if we can do better as is. Some dicussion about alternate approaches to keep the review queue turnaround small.

Roundtable

 - gustavo - clearing out the review queue, and interviews. next up: formula repository.

 - william - continued work on orchestra integration, with orchestra as a machine provider using the cobbler xmlrpc interface. 

 - kapil - finished up most of the security implementation components (groups, ACLs, OTP, etc.). next up/in-progress: switching to integration work, such that all clients have identities and all clients use ACLs on nodes they create.

additional docs here, somewhat dated (s/security agent/one time password and its a better). 
http://bazaar.launchpad.net/~hazmat/ensemble/security-specification/view/head:/docs/source/drafts/security.rst

 - jim - finishing up public access control on services, most of the infrastructure is landed, work on the enforcement implementation piece ec2-provider is in review. Additional work for the closing ports implemetation will come next.

   Note: The landing of the ec2 ports provider is a minorly backwards incompatible change. In the future all services will be private by default to the environment, instead of public.  Formulas will need to use the open-port/close-port hook cli api to register ports that should be publicly available. The formulas still work the same as before the only change for older formulas is that the ec2 security group associated on a per machine basis which can be adjusted via the ec2-cli or the ec2 webui till a formula takes advantage of the open-port/close-port api. For formulas that do, the admin will control on a per service basis whether or not to open the service to external traffic via the new ensemble subcommands expose and unexpose.

additional docs here: 
https://ensemble.ubuntu.com/docs/drafts/expose-services.html

 - ben - just landed the final pieces of service config! Ensemble can configure services at deploy time or runtime. Formulas can define configuration schemas, and be notified when via a config-changed hook when that configuration changes. 

One thing that came up several times in the discussion, is that we expect config-changed hooks to be idempotent, ie. if we run them several times against the same input, the system should have the same output.

additional docs here:
https://ensemble.ubuntu.com/docs/drafts/service-config.html

next up for ben specs on co-location for deploying service units of different services in the same container/machine.