[openstack-dev] [nova] Initial oslo.privsep conversion?
Michael Still
mikal at stillhq.com
Wed Jun 8 22:51:09 UTC 2016
+Angus
On Thu, Jun 9, 2016 at 7:10 AM, Matt Riedemann <mriedem at linux.vnet.ibm.com>
wrote:
> While sitting in Angus' cross-project session on oslo.privsep at the
> Austin summit I believe I had a conversation with myself in my head that
> Nova should stop adding new rootwrap filters and anything new should use
> oslo.privsep.
>
> For example:
>
> https://review.openstack.org/#/c/182257/
>
> However, we don't have anything in Nova using oslo.privsep directly. We
> have os-brick and soon we'll have os-vif using oslo.privsep, but those are
> indirect.
>
> Looking at the change in Neutron for using privsep [1] it's pretty
> complicated. So I'm struggling with requiring new changes to Nova that
> require new rootwrap filters to use privsep when we don't have an example
> in tree of how to do this.
>
> Is anyone working on something like that yet that I haven't seen? If not,
> has anyone thought about doing something or is interested in doing it?
> Because I don't think it's really fair to prevent new things until that
> happens - although the flip side to that is there isn't an example until
> someone is forced to do it.
>
> Other thoughts? Is anyone willing to help here? I'm assuming there will
> need to be hand-holding from Angus at least initially.
>
> [1] https://review.openstack.org/#/c/155631/
This seems like the sort of thing we should document in the devref. I agree
we shouldn't be doing any more of the old thing and should provide a worked
example of the new thing.
Michael
--
Rackspace Australia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160609/088e9871/attachment.html>
More information about the OpenStack-dev
mailing list