Open Stack

On Thu, Dec 01, 2016 at 09:03:30AM -0500, John Trowbridge wrote:
> 1. Doing tasks as root on the virthost makes clean up trickier. With the
> current model, deleting the non-root quickstart user cleans up almost
> everything. By keeping all of the root privilege tasks in the provision
> and environment roles, it is much easier to reason about the few things
> that do not get cleaned up when deleting the quickstart user. If we
> start allowing root privilege tasks in the libvirt role, this will be
> harder.
> 
> 2. Theoretically, (I have not actually heard anyone actually doing
>    this), someone could set up a virthost for use by quickstart, and
>    then...

The particular use case that inspired the current architecture was the
situation in which people did not want a random script from the
internet running with privileges on their system.

The existing model means that you can manually configure a host for
use by quickstart (installing libvirt, creating the necessary bridges
devices and permissions, etc), and then use quickstart exclusively as
a non-root user.

This is really nice for a number of reasons.  For example, I often
have multiple quickstart-provisioned environments on my virt host,
each associated with a particular user.  Being able to run everything
as a non-root user means that it's easy to keep these separate, and
that I won't accidentally break one environment because of a typo or
something (because my "master tripleo" user is not able to modify the
environment of my "rdo release" user).

-- 
Lars Kellogg-Stedman <lars at redhat.com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack          | http://blog.oddbit.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161201/87fd3b9d/attachment.pgp>