<div dir="ltr">That does work for me, except it means I'll still need to port it to privsep to hit my goal of no rootwrap in Queens. I can live with that.<div><br></div><div>Michael</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 8, 2017 at 4:54 PM, Matt Riedemann <span dir="ltr"><<a href="mailto:mriedemos@gmail.com" target="_blank">mriedemos@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 11/8/2017 12:24 PM, Michael Still wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Hi,<br>
<br>
a really really long time ago (think 2011), we added support in Nova for configuring the mkfs commands that are run for new ephemeral disks using the virt_mkfs command. The current implementation is in nova/virt/disk/api.py for your reading pleasure.<br>
<br>
I'm battling a little with how to move this code to privsep, because I have resisted providing any method which just takes a command line and runs it with escalated permissions, as I feel this defeats the purpose of privsep.<br>
<br>
I could just pickup all the command line parsing code and move it into privsep, but I am left wondering if anyone actually uses this functionality, or if we should just deprecate it all?<br>
<br>
I'd appreciate your thoughts.<br>
<br>
Michael<br>
<br>
<br></div></div>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
<br>
</blockquote>
<br>
Let's deprecate it, put a warning in the logs if it's used in Queens, deprecation release note and then remove it in Rocky.<br>
<br>
Does that work for you?<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
<br>
Thanks,<br>
<br>
Matt<br>
<br>
______________________________<wbr>______________________________<wbr>______________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.op<wbr>enstack.org?subject:unsubscrib<wbr>e</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi<wbr>-bin/mailman/listinfo/openstac<wbr>k-dev</a><br>
</font></span></blockquote></div><br></div>