[openstack-dev] [os-brick][nova][cinder] os-brick/privsep change is done and awaiting your review
Matt Riedemann
mriedem at linux.vnet.ibm.com
Fri Mar 18 19:26:08 UTC 2016
On 2/25/2016 5:35 PM, Angus Lees wrote:
> On Fri, 26 Feb 2016 at 01:28 John Garbutt <john at johngarbutt.com
> <mailto:john at johngarbutt.com>> wrote:
>
> Agreed with the concerns here, but I thought these are the same we
> raised at the midcycle.
>
>
> Yes, afaik everything is exactly as we discussed and following the
> direction we agreed at Nova+CInder mid-cycles.
>
> In hindsight, we probably should also have nominated 2x cores from each
> of cinder/nova who were willing to be aware of the situation and review
> the resulting change - before actually embarking on the work. As it is,
> the clock is striking noon and the street suddenly contains nothing but
> tumbleweeds :-P
>
> - Gus
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
I stared pretty hard at the nova rootwrap filter change today [1] and
tried to keep that in my head along with the devstack change and the
changes to os-brick (which depend on the devstack/cinder/nova changes).
And with reading the privsep-helper command code in privsep itself.
I realize this is a bridge to fix the tightly couple lockstep upgrade
issue between cinder and nova, but it would be super helpful, at least
for me, to chart out how that nova rootwrap filter change fits into the
bigger picture, like what calls what and how, where are things used, etc.
I see devstack passing on the os-brick change so I'm inclined to almost
blindly approve to just keep moving, but I'd feel bad about that. Would
it be possible to flow chart this out somewhere?
I also have a concern in there about how the privsep-helper rootwrap
command in nova is only using the os-brick context. What happens if
os-vif and nova need to share common rootwrap commands? At the midcycle
Jay and Daniel said there weren't any coming up soon, but if that
happens, how do we handle it?
[1]
https://review.openstack.org/#/c/277670/5/etc/nova/rootwrap.d/compute.filters
--
Thanks,
Matt Riedemann
More information about the OpenStack-dev
mailing list