Hello all.
With release 0.3.0 about ready to ship it seems like a good time to start talking about features we'd like to see for 0.4.0. I'd like to continue the three-month release cycle we've been on, so that puts our next one around mid-October.
Below are some obvious buckets, please feel free to suggest additional features large or small.
Finally, note I'm not making any claim that the list below is achievable in the timeframe we're talking about (although I would hope it's not that far from what is achievable). I'm more thinking in terms of what would make our 0.4.0 release seem like a coherent whole, and make the largest number of upstream users interested and happy.
I'll start with Conductor features:
* Authorization. We have a fair amount of authorization checking in place, but no way to actually set who can do what. Given that a central Conductor feature is the ability to control access to cloud resources, this seems like an important feature. Things we'll need to put this in place:
* UX around setting permissions
* UX around displaying appropriate "You can't do that" messages where required, or showing/hiding controls as appropriate
* Good tests
* Not much model code -- I think it's all mostly in place. Correct me if I'm wrong.
* Identity and encryption. Authorization doesn't do a lot of good if anyone can bumble along and impersonate anyone else, so it would be pretty nice to have at least a workaday identity and encryption setup. Conversations with potential users have suggested the following minimum features, feel free to suggest your own:
* Conductor will authenticate against an LDAP server. Since most LDAP servers in the real world are Windows Active Directory, we should probably include AD in the set of servers we test against.
* Fall back to local user data store, maybe? You can imagine needing a local admin user that isn't in LDAP, for example
* Be able to proxy identity when talking to other things that need to know it. Checking identity when saving things to/retrieving things from Image Warehouse is the main requirement for this. I think it's getting a GSSAPI library soon which should help. We will also probably need this for Katello, when we get to talking to it. FWIW Katello is currently using two-legged OAuth for this, so I would think this would be the primary candidate for us too.
* A way to encrypt the traffic between Conductor, Deltacloud API, Warehouse, and Katello. The obvious solution for this is ssl certs that are created and signed by the installer, with some way to update/revoke them.
* Admin UX work
* We need to give the pool, pool family, and provider management screens the same loving treatment we have given the instance management screens.
* We need to make sure self-service really is sane. A big part of self service is image visibility -- i.e. who can launch what where (VMWare's "Catalog" concept answers this requirement for them). A good self-service solution is going to take thinking through some use cases and some serious UX work as well.
* I'd really like to see a front door to the Conductor app. I'm afraid to call it a "dashboard" because then it will never get built :). I'd love suggestions for what should appear on such a thing.
* Other UX work
* I think we should be able to launch single images from Conductor without requiring a deployable XML. To make that easier for users, it would be nice if there was some UI for displaying images that are available to launch.
* Status reporting
* We should reliably display the status of a running instance and its uptime
* We should start thinking about how we will handle the richer data about instance health that we will get once Matahari is in place
* Users should be able to view an audit trail of events for an instance or a set of instances
* Users should be able to export those events
* API
* We've been saying for a very long time that we need a real API for managing Conductor and for doing instance stuff in Conductor. If we admit that we have to manage instances that are not part of deployments, then we can also just say that the Deltacloud API we expose only works for instances. I think this is good enough for the next release.
Infrastructure-around-Conductor features:
* Identity and encryption. In addition to the bits that go in Conductor proper, there's going to be a lot of work in the installer and in other projects nearby.
* Better self-monitoring. I'd like to see a quick shell command that will give a meaningful report of the status of all the app components.
* Way better logging and error reporting.
* All components should be using syslog if at all possible
* Logs should be timestamped
* We should not be logging credentials or things that are potentially embarassing
* Components can be distributed across multiple machines
* RHEV-M 3.0 really works as a cloud provider.
"Orchestrator" features (even though these aren't yet separate components, I've bracketed off stuff that concerns post-boot and multi-instance operations as conceptually different topics to work on)
* Assemblies
* Users can define assemblies that cause the post-boot config apparatus to install software and set config parameters on instances when they check in after booting
* Deployables and deployments
* Users can define deployables that contain multiple assemblies.
* Users can specify parameters that should be collected from a user when the user launches the deployable.
* Users can direct that parameters collected from a user be interpolated in arbitrary spots in the deployable descriptor.
* There is a UI for collecting parameters from the launching user
* There is a mechanism for passing all the assembly and deployable config information through to the post-boot agent. (I think this could use user-data, *or* a config server.)
* Authorization
* Should there be some way of restricting the assemblies/deployables that a user can launch on particular hardware?