Open Stack

Hi all,

On Wed, Mar 04, 2015 at 10:52:10AM -0330, Brent Eagles wrote:
> Hi all,

<snip/>
 
> > Thanks Maxime. I've made some updates to the etherpad.
> > (https://etherpad.openstack.org/p/nova_vif_plug_script_spec)
> > I'm going to start some proof of concept work these evening. If I get
> > anything worth reading, I'll put it up as a WIP/Draft review. Whatever
> > state it is in I will be pushing up bits and pieces to github.
> > 
> > https://github.com/beagles/neutron_hacking vif-plug-script
> > https://github.com/beagles/nova vif-plug-script
> > 
> > Cheers,
> > 
> > Brent

<snip/>

The proof-of-concept hacking progressed to the point where I was able to
use the "hacked up" version of the ML2 OVS driver to trigger a test
plug/unplug script, achieving connectiving with a test VM. With the
exception of some boneheaded assumptions, things went reasonably well. I
will squash the commits and post WIP patches on gerrit tomorrow.

In my opinion, the big question now is what to do about rootwrap. The
current proof-of-concept does *not* use it because of the
sudo-stripping-environment variable issue. Environment variables can be
passed in on the command line and the 'Env' rootwrap filter employed,
but I don't know what is more workable from a deployment/3rd party
integration point of view: use rootwrap and require rootwrap filters be
added at deploy time; or don't use rootwrap from within nova and leave
it up to the plug script/executable. If rootwrap isn't used when
executing the plug script, the plug script itself could still use
rootwrap. Thoughts?

Cheers,

Brent
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150305/ebc12fd0/attachment.pgp>