[openstack-dev] [Kuryr] Starting Kuryr service requires root privilege

Antoni Segura Puimedon toni+openstackml at midokura.com
Tue Jan 26 08:29:01 UTC 2016


On Tue, Jan 26, 2016 at 8:13 AM, Baohua Yang <yangbaohua at gmail.com> wrote:
> Hi hua
> Thanks for the suggestion!
> Yes, root wrap is also a good candidate.
> We will compare to choose the proper solution.
> Thanks!
>
> On Tue, Jan 26, 2016 at 1:59 PM, 王华 <wanghua.humble at gmail.com> wrote:
>>
>> Hi Baohua,
>>
>> I think https://wiki.openstack.org/wiki/Rootwrap can solve this problem.
>> It is used in other OpenStack projects like Nova, Neutron.
>>
>> Regards,
>> Wanghua
>>
>> On Tue, Jan 26, 2016 at 1:07 PM, Baohua Yang <yangbaohua at gmail.com> wrote:
>>>
>>> Hi toni
>>>
>>> Recently we found some issue when starting kuryr service without root
>>> privilege [1].
>>>
>>> Tfukushima mentioned that you have some suggestion on using capacity to
>>> solve this?

I do. I have a C launcher that allows Kuryr to run with CAP_NET_ADMIN so that
any user can run it. My idea was to put it in contrib and then let the
distros decide
if they want to run kuryr as root or use the launcher in their packaging systemd
service files.

>>>
>>> We currently make a temp workaround by suggesting using sudo to start the
>>> service [2].
>>>
>>> Any advice?
>>>
>>> Thanks!
>>>
>>> [1] https://bugs.launchpad.net/kuryr/+bug/1516539.
>>> [2] https://review.openstack.org/#/c/272370
>>>
>>> --
>>> Best wishes!
>>> Baohua
>>>
>>>
>>> __________________________________________________________________________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
>
> --
> Best wishes!
> Baohua
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



More information about the OpenStack-dev mailing list