Open Stack

Denied.

Most of this feature has landed before FF as expected, the rest can wait
until Newton. At least, operators who want to disable root access to
target nodes are now able to do so, with some exceptions and some
additional manual tweaking that we should clean up in the next release.

-- 
Dmitry Borodaenko


On Wed, Mar 02, 2016 at 12:28:31AM +0300, Dmitry Nikishov wrote:
> Hello,
> 
> I'd like to request a FF exception for "Run Fuel slave nodes as non-root"
> feature[1].
> 
> Current status:
> larger part of the feature is already merged[2] and some more
> patches[3][4][5][6] are expected to land before the FF.
> 
> When these patches are in the master, Fuel 9.0 will be able to create
> non-root accounts on target nodes, however, root SSH will still be enabled.
> To change that we'll need actually to
> - Fix fuel-qa to be able to use non-root accounts [7].
> - Fix ceph deployment by either merging [8] or waiting for community ceph
> module support.
> - Disable root SSH [9].
> 
> For that, we need 2.5 weeks after the FF to finish the feature. Risk of not
> delivering the feature after 2.5 weeks is low.
> 
> Thanks.
> 
> [1] https://blueprints.launchpad.net/fuel/+spec/fuel-nonroot-openstack-nodes
> [2]
> https://review.openstack.org/#/q/status:merged+topic:bp-fuel-nonsuperuser
> [3] https://review.openstack.org/258200
> [4] https://review.openstack.org/284682
> [5] https://review.openstack.org/285299
> [6] https://review.openstack.org/258671
> [7] https://review.openstack.org/281776
> [8] https://review.openstack.org/278953
> [9] https://review.openstack.org/278954
> -- 
> Dmitry Nikishov,
> Deployment Engineer,
> Mirantis, Inc.

> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev