<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
+1<br>
<br>
<blockquote>The agent is a tool Ironic is using to take the place of
a hypervisor to discover and prepare nodes to recieve workloads.
For hardware, this includes more work -- such as firmware
flashing, bios configuration, and disk imaging -- all of which
must be done in an OOB manner. (This is also why deploy drivers
that interact directly with the hardware when the supported - such
as Seamicro or the proposed HP iLo driver - are good alternative
approaches.)<br>
</blockquote>
<br>
-Jay Faulkner<br>
<br>
<div class="moz-cite-prefix">On 4/4/2014 7:10 AM, Ling Gao wrote:<br>
</div>
<blockquote
cite="mid:OF7AFFE8FD.90A8DEDF-ON87257CB0.004BDCCD-85257CB0.004DDAE6@us.ibm.com"
type="cite"><font face="sans-serif" size="2">Hello </font><font
size="3">Vladimir,</font>
<br>
<font size="3"> I would prefer an agent-less node,
meaning the agent is only used under the ramdisk OS to collect
hw info,
to do firmware updates and to install nodes etc. In this sense,
the agent
running as root is fine. Once the node is installed, the agent
should be
out of the picture. I have been working with HPC customers, in
that environment
they prefer as less memory prints as possible. Even as a
ordinary tenant,
I do not feel secure to have some agents running on my node. For
the firmware
update on the fly, I do not know how many customers will trust
us doing
it while their critical application is running. Even they do and
ready
to do it, Ironic can then send an agent to the node through
scp/wget as
admin/root and quickly do it and then kill the agent on the
node.
Just my 2 cents.</font>
<br>
<font face="sans-serif" size="2"><br>
Ling Gao<br>
</font>
<br>
<br>
<br>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">From:
</font><font face="sans-serif" size="1">Vladimir Kozhukalov
<a class="moz-txt-link-rfc2396E" href="mailto:vkozhukalov@mirantis.com"><vkozhukalov@mirantis.com></a></font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">To:
</font><font face="sans-serif" size="1">"OpenStack Development
Mailing List (not for usage questions)"
<a class="moz-txt-link-rfc2396E" href="mailto:openstack-dev@lists.openstack.org"><openstack-dev@lists.openstack.org></a>,
</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Date:
</font><font face="sans-serif" size="1">04/04/2014 08:24 AM</font>
<br>
<font color="#5f5f5f" face="sans-serif" size="1">Subject:
</font><font face="sans-serif" size="1">[openstack-dev]
[Ironic][Agent]</font>
<br>
<hr noshade="noshade">
<br>
<br>
<br>
<font size="3">Hello, everyone,</font>
<br>
<br>
<font size="3">I'd like to involve more people to express their
opinions
about the way how we are going to run Ironic-python-agent. I
mean should
we run it with root privileges or not.</font>
<br>
<br>
<font size="3">From the very beginning agent is supposed to run
under
ramdisk OS and it is intended to make disk partitioning, RAID
configuring,
firmware updates and other stuff according to installing OS.
Looks like
we always will run agent with root privileges. Right? There are
no reasons
to limit agent permissions.</font>
<br>
<br>
<font size="3">On the other hand, it is easy to imagine a
situation when
you want to run agent on every node of your cluster after
installing OS.
It could be useful to keep hardware info consistent (for
example, many
hardware configurations allow one to add hard drives in run
time). It also
could be useful for "on the fly" firmware updates. It could be
useful for "on the fly" manipulations with lvm groups/volumes
and so on. </font>
<br>
<br>
<font size="3">Frankly, I am not even sure that we need to run
agent
with root privileges even in ramdisk OS, because, for example,
there are
some system default limitations such as number of connections,
number of
open files, etc. which are different for root and ordinary user
and potentially
can influence agent behaviour. Besides, it is possible that some
vulnerabilities
will be found in the future and they potentially could be used
to compromise
agent and damage hardware configuration. </font>
<br>
<br>
<font size="3">Consequently, it is better to run agent under
ordinary
user even under ramdisk OS and use rootwrap if agent needs to
run commands
with root privileges. I know that rootwrap has some performance
issues
</font><a moz-do-not-send="true"
href="http://lists.openstack.org/pipermail/openstack-dev/2014-March/029017.html"><font
color="blue" size="3"><u>http://lists.openstack.org/pipermail/openstack-dev/2014-March/029017.html</u></font></a><font
size="3">
but it is still pretty suitable for ironic agent use case.</font>
<br>
<br>
<font size="3">It would be great to hear as many opinions as
possible
according to this case.</font>
<br>
<br>
<br>
<font size="3">Vladimir Kozhukalov</font><tt><font size="2">_______________________________________________<br>
OpenStack-dev mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
</font></tt><a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"><tt><font
size="2">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</font></tt></a><tt><font
size="2"><br>
</font></tt>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
OpenStack-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>