[openstack-dev] [hyper-v] oslo.privsep vs Windows

Sean Dague sean at dague.net
Mon Nov 30 12:06:32 UTC 2015


On 11/24/2015 06:01 AM, Claudiu Belu wrote:
> Hello,
> 
> Thanks Dims for raising the concern and Angus for reaching out. :)
> 
> Most of the time, python development on Windows is not too far off from
> Linux. But the two systems are quite different, which imply different
> modules (fcntl, pwd, grp modules do not exist in Windows) or different
> implementations of some modules (multiprocessing uses Popen instead of
> os.fork, os module is quite different) or some socket options and
> signals are different in Windows.
> 
> 1.a. As I've said earlier, some modules do not exist in Windows. All, or
> at least most standard modules document the fact that they are strictly
> for Linux. [1][2][3]
> b. At the very least, running the unit tests in a Windows environment
> can at least detect simple problems (e.g. imports). Secondly, there is a
> Hyper-V / Windows CI running on some of the OpenStack projects (nova,
> neutron, networking_hyperv, cinder) that can be checked before merging.
> 
> 2. This is a bit more complicated question. Well, for functions, you
> could have separate modules for Linux specific functions and Windows
> specific functions. This has been done before: [4] As for
> object-oriented implementations, I'd suggest having the system-specific
> calls be done in private methods, which will be overriden by Windows /
> Linux subclasses with their specific implementations. We've done
> something like this before, but solutions were pretty much
> straight-forward; it might not be as simple for oslo_privsep, since it
> is very Linux-specific.
> 
> 3. Typically, the OpenStack services on Hyper-V / Windows are run with
> users that have enough privileges to do their job. For example, the
> nova-compute service is run with a user that has Hyper-V Admin
> privileges and is not necessarily in the "Administrator" user group. We
> haven't used rootwrap in our usecases, it is disabled by default, plus,
> oslo.rootwrap imports pwd, which doesn't exist in Windows.

Right, so to me this seems that privsep just needs a NULL mode, and
we're done. If oslo.rootrwap was never supported on windows, I don't
think privsep really needs to be in a real way.

	-Sean

-- 
Sean Dague
http://dague.net



More information about the OpenStack-dev mailing list