[openstack-dev] [kolla] distributing work using work items - call for participation in distributed blueprint development

Steven Dake (stdake) stdake at cisco.com
Mon Nov 9 19:31:40 UTC 2015


Hey folks,

So far a whole slew of people have joined up to develop small bits of this blueprint!  Thanks for that commitment.  That said, there is still more work to be done - so please feel free to pick up 1 or 2 container sets.

The initial R&D for this blueprint has been completed after three separate implementation attempts.  A big thanks for Sam Yaple and Paul Bourke for putting up with me while I hammered out the right approach.  To see the base implementation, check out:

The base implementation is here:
https://review.openstack.org/#/c/242876/

To see how the base implementation was used with glance (the implementation to copy), check out:
https://review.openstack.org/#/c/242877/

The 242877 review should mostly be copied and pasted with a bit of brainpower to implement the securitization of the containers for other container sets.  The ones that may not follow the above pattern is nova, neutron, horizon, and keystone because nova/neutron need to sudo to root via root wrap (it may or may not work as is) and horizon/keystone need the UIDs they currently run under (i.e. root + horizon + apache) merged into one (just horizon).

Thanks in advance for your contribution!  Lets get er done by Friday!

Regards
-steve


From: Steven Dake <stdake at cisco.com<mailto:stdake at cisco.com>>
Reply-To: "openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Thursday, November 5, 2015 at 6:18 PM
To: "openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: [openstack-dev] [kolla] distributing work using work items - call for participation in distributed blueprint development

HI folks,

Sam Yaple had suggested we try using Work Items to track our work rather then Etherpad for complex distributed tasks.  I've picked a pretty easy blueprint which should be mostly one line patches where everyone can chip in.  The work should be pretty easy, even for new contributors to the project - so please feel free to sign up for contributing work even if you are new to the project.  If your unable to set your name in the work items field, ping sdake on irc to add you to the kolla-drivers group.

The blueprint is:
https://blueprints.launchpad.net/kolla/+spec/drop-root

The goal of the blueprint is to run the processes for each container as the correct UID instead of root (except for the case where the container requires root to do its job).  These are easy to pick out in the ansible files by the privileged: true flag.  The real goal of this blueprint is to test if this new work items workflow is faster and more effective then etherpad (while also delivering this essential security work for mitaka-1 (deadline December 4th).

Please take a moment to sign up for 1-4 container sets.  To do that, click the Yellow checkbox in the work items field in launchpad, and then replace the "unassigned" entry next to the work item with your irc nickname.  I'd like this work to finish as rapidly as possible, so please try to knock out the work by next Friday (November 13th).  Please try to complete the work if you assign yourself to the container set by November 13th.

Regards,
-steve

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20151109/ed73e47c/attachment.html>


More information about the OpenStack-dev mailing list