RFE: Expose templates for all steps, with project-awareness
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
In Progress
|
Wishlist
|
Jay Faulkner |
Bug Description
With the addition of service steps, combined with owner/lessee, we now have an opportunity to allow project members to self-serve many maintenance items by permitting them access to curated templates.
Here's what I propose, at a high level:
- Change the API to enable a policy where someone can be allowed to run deployments, manual cleaning, or service only via templates assigned to their project; or public templates only; or both.
- Change existing deploy_templates table -> templates (or step_templates) and add two fields:
-- public (bool)
-- project
- All the client changes needed to plumb these changes through.
- We could even consider adding a way to indicate that automated_cleaning on a node can be defined by a template (this is likely a next-step item)
- Ensure that with this we make it possible for a project to create/delete their own templates, and also possible to block creation/deletion in policy as well as blocking the ability to set public=True
Use cases for this would include:
- An operator with a downtime-sensitive cluster can coordinate upgrades of firmware on a running cluster, integrating calls to Ironic to upgrade the firmware with calls to their cluster to "up" and "down" nodes appropriately.
- A lower-privileged operations team can be given templates-
Note from julia: JayF: put a note at the top, the request context won't be in the task past the initial request, so we'll need to save it as a dict
Changed in ironic: | |
importance: | Undecided → Wishlist |
assignee: | nobody → Jay Faulkner (jason-oldos) |
Changed in ironic: | |
status: | New → In Progress |