kbrock
commented
7 years ago The preamble is currently cut and pasted into a customer's scripts. Alternatively, it could be implemented as a parent class.
What user would automate methods run as
We (always?) pass the requesting/effective user to automate. This is needed for tenancy.
One thing to keep in mind. When a user does not have privileges to perform an operation, the user makes a request from automate to perform the operation on their behalf. So it is essentially a mechanism to escalated privileges.
So ignoring the fact that we don't have the user's password, we also don't properly establish the escalated user's identity when running automate methods.
UPDATE: not positive this is the intent of automate.
Fryguy
miq-bot
mkanoor
Much of this was discussed at the ManageIQ design summit for Botvinnik. However, @mkanoor and I recently sat down and brainstormed our way through many of the larger problems, and we think we've come to a cleaner design.
There may be more things I'm not thinking of, but I just wanted to start getting this information out there. Let's keep this document updated as we find more issues and/or come up with more ways to solve them.
Automate currently runs methods by
This causes a number of problems and headaches, which may be able to be addressed by moving to a REST API based implementation. Some notable issues:
DRb is used to handle interactions with the automate workspace, which is in the server's memory, from the client. This can be handled by dumping the workspace into some format like JSON or YAML, and passing it on STDIN into the launched process.
The automate method preamble would take STDIN and hold it in memory, lazy loading it on first access. If the method needs to modify the workspace, then it can be modified.
$evmwould no longer be special and can just be a simple object defined in the preamble that has the knowledge of manipulating the workspace in this manner.$evm.logcould even just write directly to the log in question or could write to STDOUT.In the postamble we will dump the workspace to STDOUT. In order to prevent collision with user usage of STDOUT, we can prefix the dump with some sort of delimiter (e.g.
"=" * 80). STDERR can be used to transfer any exception, or perhaps that becomes part of the workspace that's dumped into STDOUT. Again, a delimiter might be necessary.The server, when it detects that the child process has completed, will read from the STDOUT of the child process, find the last delimiter, and process the workspace back into memory, if changed.
There may be optimizations here to prevent unnecessarily dumping and loading the workspace.
DRb is also used for database interaction. The database interaction that is currently done via service models, can be done completely through the REST API. A Ruby gem needs to be created from the cfme_client code, which additionally has more of an OO design. (I'll call it manageiq_client for reference). Once that's available, then the
$evm.vmdbcan just be a front for accessing those objects from the manageiq_client gem. We could even deprecate$evm.vmdbin favor of having the automate methods use the normal manageiq_client gem directly.For example, currently
$evm.vmdb["vm", 21]returns aMiqAeServiceVmVmwareinstance for VM 21. If the REST API gem had it's own OO based types, I could see$evm.vmdb["vm", 21]instead calling the manageiq_client gem, ultimately returning aManageiqClient::Vminstance for VM 21With this in place, I think the entirety of the service models just goes away
Other thoughts:
TODO
$evmobject that we haven't even looked at likeget/set_state_var,instance_*, etccc @gmcculloug @mkanoor @tinaafitz @chessbyte cc @abellotti (re: REST API stuff and cfme_client split out into manageiq_client gem) cc @kbrock (re: system-only access rules)
This issue was moved to this repository from https://github.com/ManageIQ/manageiq/issues/2215, originally opened by @Fryguy