[openstack-dev] [cinder] [nova] locking concern with os-brick
Joshua Harlow
harlowja at fastmail.com
Mon Aug 15 15:59:45 UTC 2016
Sean Dague wrote:
> On 08/14/2016 06:23 PM, Patrick East wrote:
> <snip>
>
> We were talking through some of the implications of this change in
> #openstack-nova, and the following further concerns came out.
>
> 1) Unix permissions for services in distros
>
> Both Ubuntu and RHEL have a dedicated service user per service. Nova
> services run under nova user, cinder services under cinder. For those
> services to share a lock path you need to do more than share the path.
>
> You must also put both services in a group. Make the lockpath group
> writable, and ensure all lockfiles get written with g+w permissions
> (potentially overriding default system umask to get there).
>
> 2) Services in containers
>
> For people pushing towards putting services in containers, you'd need to
> do all sorts of additional work to make this lock path actually a shared
> construct between 2 containers.
>
>
> These are both pretty problematic changes for the entire deploy space
> without good answers.
>
> -Sean
>
Very good points, both really push me toward a long-term solution that
involves an actual lock-management-service (that isn't a single
directory); but I know this is a larger change (thankfully all the
supporting primitives, services, and libraries should be existing/ready
for this kind of change). I'd even go as far to say that the 3 services
I would *currently* recommend (etcd, zookeeper, redis) are more than
mature enough for this usage by now.
-Josh
More information about the OpenStack-dev
mailing list